ksmbd: remove unneeded check_context_err
[linux-2.6-microblaze.git] / fs / xfs / xfs_qm.c
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (c) 2000-2005 Silicon Graphics, Inc.
4  * All Rights Reserved.
5  */
6 #include "xfs.h"
7 #include "xfs_fs.h"
8 #include "xfs_shared.h"
9 #include "xfs_format.h"
10 #include "xfs_log_format.h"
11 #include "xfs_trans_resv.h"
12 #include "xfs_bit.h"
13 #include "xfs_sb.h"
14 #include "xfs_mount.h"
15 #include "xfs_inode.h"
16 #include "xfs_iwalk.h"
17 #include "xfs_quota.h"
18 #include "xfs_bmap.h"
19 #include "xfs_bmap_util.h"
20 #include "xfs_trans.h"
21 #include "xfs_trans_space.h"
22 #include "xfs_qm.h"
23 #include "xfs_trace.h"
24 #include "xfs_icache.h"
25 #include "xfs_error.h"
26
27 /*
28  * The global quota manager. There is only one of these for the entire
29  * system, _not_ one per file system. XQM keeps track of the overall
30  * quota functionality, including maintaining the freelist and hash
31  * tables of dquots.
32  */
33 STATIC int      xfs_qm_init_quotainos(struct xfs_mount *mp);
34 STATIC int      xfs_qm_init_quotainfo(struct xfs_mount *mp);
35
36 STATIC void     xfs_qm_destroy_quotainos(struct xfs_quotainfo *qi);
37 STATIC void     xfs_qm_dqfree_one(struct xfs_dquot *dqp);
38 /*
39  * We use the batch lookup interface to iterate over the dquots as it
40  * currently is the only interface into the radix tree code that allows
41  * fuzzy lookups instead of exact matches.  Holding the lock over multiple
42  * operations is fine as all callers are used either during mount/umount
43  * or quotaoff.
44  */
45 #define XFS_DQ_LOOKUP_BATCH     32
46
47 STATIC int
48 xfs_qm_dquot_walk(
49         struct xfs_mount        *mp,
50         xfs_dqtype_t            type,
51         int                     (*execute)(struct xfs_dquot *dqp, void *data),
52         void                    *data)
53 {
54         struct xfs_quotainfo    *qi = mp->m_quotainfo;
55         struct radix_tree_root  *tree = xfs_dquot_tree(qi, type);
56         uint32_t                next_index;
57         int                     last_error = 0;
58         int                     skipped;
59         int                     nr_found;
60
61 restart:
62         skipped = 0;
63         next_index = 0;
64         nr_found = 0;
65
66         while (1) {
67                 struct xfs_dquot *batch[XFS_DQ_LOOKUP_BATCH];
68                 int             error = 0;
69                 int             i;
70
71                 mutex_lock(&qi->qi_tree_lock);
72                 nr_found = radix_tree_gang_lookup(tree, (void **)batch,
73                                         next_index, XFS_DQ_LOOKUP_BATCH);
74                 if (!nr_found) {
75                         mutex_unlock(&qi->qi_tree_lock);
76                         break;
77                 }
78
79                 for (i = 0; i < nr_found; i++) {
80                         struct xfs_dquot *dqp = batch[i];
81
82                         next_index = dqp->q_id + 1;
83
84                         error = execute(batch[i], data);
85                         if (error == -EAGAIN) {
86                                 skipped++;
87                                 continue;
88                         }
89                         if (error && last_error != -EFSCORRUPTED)
90                                 last_error = error;
91                 }
92
93                 mutex_unlock(&qi->qi_tree_lock);
94
95                 /* bail out if the filesystem is corrupted.  */
96                 if (last_error == -EFSCORRUPTED) {
97                         skipped = 0;
98                         break;
99                 }
100                 /* we're done if id overflows back to zero */
101                 if (!next_index)
102                         break;
103         }
104
105         if (skipped) {
106                 delay(1);
107                 goto restart;
108         }
109
110         return last_error;
111 }
112
113
114 /*
115  * Purge a dquot from all tracking data structures and free it.
116  */
117 STATIC int
118 xfs_qm_dqpurge(
119         struct xfs_dquot        *dqp,
120         void                    *data)
121 {
122         struct xfs_mount        *mp = dqp->q_mount;
123         struct xfs_quotainfo    *qi = mp->m_quotainfo;
124         int                     error = -EAGAIN;
125
126         xfs_dqlock(dqp);
127         if ((dqp->q_flags & XFS_DQFLAG_FREEING) || dqp->q_nrefs != 0)
128                 goto out_unlock;
129
130         dqp->q_flags |= XFS_DQFLAG_FREEING;
131
132         xfs_dqflock(dqp);
133
134         /*
135          * If we are turning this type of quotas off, we don't care
136          * about the dirty metadata sitting in this dquot. OTOH, if
137          * we're unmounting, we do care, so we flush it and wait.
138          */
139         if (XFS_DQ_IS_DIRTY(dqp)) {
140                 struct xfs_buf  *bp = NULL;
141
142                 /*
143                  * We don't care about getting disk errors here. We need
144                  * to purge this dquot anyway, so we go ahead regardless.
145                  */
146                 error = xfs_qm_dqflush(dqp, &bp);
147                 if (!error) {
148                         error = xfs_bwrite(bp);
149                         xfs_buf_relse(bp);
150                 } else if (error == -EAGAIN) {
151                         dqp->q_flags &= ~XFS_DQFLAG_FREEING;
152                         goto out_unlock;
153                 }
154                 xfs_dqflock(dqp);
155         }
156
157         ASSERT(atomic_read(&dqp->q_pincount) == 0);
158         ASSERT(XFS_FORCED_SHUTDOWN(mp) ||
159                 !test_bit(XFS_LI_IN_AIL, &dqp->q_logitem.qli_item.li_flags));
160
161         xfs_dqfunlock(dqp);
162         xfs_dqunlock(dqp);
163
164         radix_tree_delete(xfs_dquot_tree(qi, xfs_dquot_type(dqp)), dqp->q_id);
165         qi->qi_dquots--;
166
167         /*
168          * We move dquots to the freelist as soon as their reference count
169          * hits zero, so it really should be on the freelist here.
170          */
171         ASSERT(!list_empty(&dqp->q_lru));
172         list_lru_del(&qi->qi_lru, &dqp->q_lru);
173         XFS_STATS_DEC(mp, xs_qm_dquot_unused);
174
175         xfs_qm_dqdestroy(dqp);
176         return 0;
177
178 out_unlock:
179         xfs_dqunlock(dqp);
180         return error;
181 }
182
183 /*
184  * Purge the dquot cache.
185  */
186 void
187 xfs_qm_dqpurge_all(
188         struct xfs_mount        *mp,
189         uint                    flags)
190 {
191         if (flags & XFS_QMOPT_UQUOTA)
192                 xfs_qm_dquot_walk(mp, XFS_DQTYPE_USER, xfs_qm_dqpurge, NULL);
193         if (flags & XFS_QMOPT_GQUOTA)
194                 xfs_qm_dquot_walk(mp, XFS_DQTYPE_GROUP, xfs_qm_dqpurge, NULL);
195         if (flags & XFS_QMOPT_PQUOTA)
196                 xfs_qm_dquot_walk(mp, XFS_DQTYPE_PROJ, xfs_qm_dqpurge, NULL);
197 }
198
199 /*
200  * Just destroy the quotainfo structure.
201  */
202 void
203 xfs_qm_unmount(
204         struct xfs_mount        *mp)
205 {
206         if (mp->m_quotainfo) {
207                 xfs_qm_dqpurge_all(mp, XFS_QMOPT_QUOTALL);
208                 xfs_qm_destroy_quotainfo(mp);
209         }
210 }
211
212 /*
213  * Called from the vfsops layer.
214  */
215 void
216 xfs_qm_unmount_quotas(
217         xfs_mount_t     *mp)
218 {
219         /*
220          * Release the dquots that root inode, et al might be holding,
221          * before we flush quotas and blow away the quotainfo structure.
222          */
223         ASSERT(mp->m_rootip);
224         xfs_qm_dqdetach(mp->m_rootip);
225         if (mp->m_rbmip)
226                 xfs_qm_dqdetach(mp->m_rbmip);
227         if (mp->m_rsumip)
228                 xfs_qm_dqdetach(mp->m_rsumip);
229
230         /*
231          * Release the quota inodes.
232          */
233         if (mp->m_quotainfo) {
234                 if (mp->m_quotainfo->qi_uquotaip) {
235                         xfs_irele(mp->m_quotainfo->qi_uquotaip);
236                         mp->m_quotainfo->qi_uquotaip = NULL;
237                 }
238                 if (mp->m_quotainfo->qi_gquotaip) {
239                         xfs_irele(mp->m_quotainfo->qi_gquotaip);
240                         mp->m_quotainfo->qi_gquotaip = NULL;
241                 }
242                 if (mp->m_quotainfo->qi_pquotaip) {
243                         xfs_irele(mp->m_quotainfo->qi_pquotaip);
244                         mp->m_quotainfo->qi_pquotaip = NULL;
245                 }
246         }
247 }
248
249 STATIC int
250 xfs_qm_dqattach_one(
251         struct xfs_inode        *ip,
252         xfs_dqtype_t            type,
253         bool                    doalloc,
254         struct xfs_dquot        **IO_idqpp)
255 {
256         struct xfs_dquot        *dqp;
257         int                     error;
258
259         ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
260         error = 0;
261
262         /*
263          * See if we already have it in the inode itself. IO_idqpp is &i_udquot
264          * or &i_gdquot. This made the code look weird, but made the logic a lot
265          * simpler.
266          */
267         dqp = *IO_idqpp;
268         if (dqp) {
269                 trace_xfs_dqattach_found(dqp);
270                 return 0;
271         }
272
273         /*
274          * Find the dquot from somewhere. This bumps the reference count of
275          * dquot and returns it locked.  This can return ENOENT if dquot didn't
276          * exist on disk and we didn't ask it to allocate; ESRCH if quotas got
277          * turned off suddenly.
278          */
279         error = xfs_qm_dqget_inode(ip, type, doalloc, &dqp);
280         if (error)
281                 return error;
282
283         trace_xfs_dqattach_get(dqp);
284
285         /*
286          * dqget may have dropped and re-acquired the ilock, but it guarantees
287          * that the dquot returned is the one that should go in the inode.
288          */
289         *IO_idqpp = dqp;
290         xfs_dqunlock(dqp);
291         return 0;
292 }
293
294 static bool
295 xfs_qm_need_dqattach(
296         struct xfs_inode        *ip)
297 {
298         struct xfs_mount        *mp = ip->i_mount;
299
300         if (!XFS_IS_QUOTA_RUNNING(mp))
301                 return false;
302         if (!XFS_IS_QUOTA_ON(mp))
303                 return false;
304         if (!XFS_NOT_DQATTACHED(mp, ip))
305                 return false;
306         if (xfs_is_quota_inode(&mp->m_sb, ip->i_ino))
307                 return false;
308         return true;
309 }
310
311 /*
312  * Given a locked inode, attach dquot(s) to it, taking U/G/P-QUOTAON
313  * into account.
314  * If @doalloc is true, the dquot(s) will be allocated if needed.
315  * Inode may get unlocked and relocked in here, and the caller must deal with
316  * the consequences.
317  */
318 int
319 xfs_qm_dqattach_locked(
320         xfs_inode_t     *ip,
321         bool            doalloc)
322 {
323         xfs_mount_t     *mp = ip->i_mount;
324         int             error = 0;
325
326         if (!xfs_qm_need_dqattach(ip))
327                 return 0;
328
329         ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
330
331         if (XFS_IS_UQUOTA_ON(mp) && !ip->i_udquot) {
332                 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_USER,
333                                 doalloc, &ip->i_udquot);
334                 if (error)
335                         goto done;
336                 ASSERT(ip->i_udquot);
337         }
338
339         if (XFS_IS_GQUOTA_ON(mp) && !ip->i_gdquot) {
340                 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_GROUP,
341                                 doalloc, &ip->i_gdquot);
342                 if (error)
343                         goto done;
344                 ASSERT(ip->i_gdquot);
345         }
346
347         if (XFS_IS_PQUOTA_ON(mp) && !ip->i_pdquot) {
348                 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_PROJ,
349                                 doalloc, &ip->i_pdquot);
350                 if (error)
351                         goto done;
352                 ASSERT(ip->i_pdquot);
353         }
354
355 done:
356         /*
357          * Don't worry about the dquots that we may have attached before any
358          * error - they'll get detached later if it has not already been done.
359          */
360         ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
361         return error;
362 }
363
364 int
365 xfs_qm_dqattach(
366         struct xfs_inode        *ip)
367 {
368         int                     error;
369
370         if (!xfs_qm_need_dqattach(ip))
371                 return 0;
372
373         xfs_ilock(ip, XFS_ILOCK_EXCL);
374         error = xfs_qm_dqattach_locked(ip, false);
375         xfs_iunlock(ip, XFS_ILOCK_EXCL);
376
377         return error;
378 }
379
380 /*
381  * Release dquots (and their references) if any.
382  * The inode should be locked EXCL except when this's called by
383  * xfs_ireclaim.
384  */
385 void
386 xfs_qm_dqdetach(
387         xfs_inode_t     *ip)
388 {
389         if (!(ip->i_udquot || ip->i_gdquot || ip->i_pdquot))
390                 return;
391
392         trace_xfs_dquot_dqdetach(ip);
393
394         ASSERT(!xfs_is_quota_inode(&ip->i_mount->m_sb, ip->i_ino));
395         if (ip->i_udquot) {
396                 xfs_qm_dqrele(ip->i_udquot);
397                 ip->i_udquot = NULL;
398         }
399         if (ip->i_gdquot) {
400                 xfs_qm_dqrele(ip->i_gdquot);
401                 ip->i_gdquot = NULL;
402         }
403         if (ip->i_pdquot) {
404                 xfs_qm_dqrele(ip->i_pdquot);
405                 ip->i_pdquot = NULL;
406         }
407 }
408
409 struct xfs_qm_isolate {
410         struct list_head        buffers;
411         struct list_head        dispose;
412 };
413
414 static enum lru_status
415 xfs_qm_dquot_isolate(
416         struct list_head        *item,
417         struct list_lru_one     *lru,
418         spinlock_t              *lru_lock,
419         void                    *arg)
420                 __releases(lru_lock) __acquires(lru_lock)
421 {
422         struct xfs_dquot        *dqp = container_of(item,
423                                                 struct xfs_dquot, q_lru);
424         struct xfs_qm_isolate   *isol = arg;
425
426         if (!xfs_dqlock_nowait(dqp))
427                 goto out_miss_busy;
428
429         /*
430          * This dquot has acquired a reference in the meantime remove it from
431          * the freelist and try again.
432          */
433         if (dqp->q_nrefs) {
434                 xfs_dqunlock(dqp);
435                 XFS_STATS_INC(dqp->q_mount, xs_qm_dqwants);
436
437                 trace_xfs_dqreclaim_want(dqp);
438                 list_lru_isolate(lru, &dqp->q_lru);
439                 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused);
440                 return LRU_REMOVED;
441         }
442
443         /*
444          * If the dquot is dirty, flush it. If it's already being flushed, just
445          * skip it so there is time for the IO to complete before we try to
446          * reclaim it again on the next LRU pass.
447          */
448         if (!xfs_dqflock_nowait(dqp)) {
449                 xfs_dqunlock(dqp);
450                 goto out_miss_busy;
451         }
452
453         if (XFS_DQ_IS_DIRTY(dqp)) {
454                 struct xfs_buf  *bp = NULL;
455                 int             error;
456
457                 trace_xfs_dqreclaim_dirty(dqp);
458
459                 /* we have to drop the LRU lock to flush the dquot */
460                 spin_unlock(lru_lock);
461
462                 error = xfs_qm_dqflush(dqp, &bp);
463                 if (error)
464                         goto out_unlock_dirty;
465
466                 xfs_buf_delwri_queue(bp, &isol->buffers);
467                 xfs_buf_relse(bp);
468                 goto out_unlock_dirty;
469         }
470         xfs_dqfunlock(dqp);
471
472         /*
473          * Prevent lookups now that we are past the point of no return.
474          */
475         dqp->q_flags |= XFS_DQFLAG_FREEING;
476         xfs_dqunlock(dqp);
477
478         ASSERT(dqp->q_nrefs == 0);
479         list_lru_isolate_move(lru, &dqp->q_lru, &isol->dispose);
480         XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused);
481         trace_xfs_dqreclaim_done(dqp);
482         XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaims);
483         return LRU_REMOVED;
484
485 out_miss_busy:
486         trace_xfs_dqreclaim_busy(dqp);
487         XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaim_misses);
488         return LRU_SKIP;
489
490 out_unlock_dirty:
491         trace_xfs_dqreclaim_busy(dqp);
492         XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaim_misses);
493         xfs_dqunlock(dqp);
494         spin_lock(lru_lock);
495         return LRU_RETRY;
496 }
497
498 static unsigned long
499 xfs_qm_shrink_scan(
500         struct shrinker         *shrink,
501         struct shrink_control   *sc)
502 {
503         struct xfs_quotainfo    *qi = container_of(shrink,
504                                         struct xfs_quotainfo, qi_shrinker);
505         struct xfs_qm_isolate   isol;
506         unsigned long           freed;
507         int                     error;
508
509         if ((sc->gfp_mask & (__GFP_FS|__GFP_DIRECT_RECLAIM)) != (__GFP_FS|__GFP_DIRECT_RECLAIM))
510                 return 0;
511
512         INIT_LIST_HEAD(&isol.buffers);
513         INIT_LIST_HEAD(&isol.dispose);
514
515         freed = list_lru_shrink_walk(&qi->qi_lru, sc,
516                                      xfs_qm_dquot_isolate, &isol);
517
518         error = xfs_buf_delwri_submit(&isol.buffers);
519         if (error)
520                 xfs_warn(NULL, "%s: dquot reclaim failed", __func__);
521
522         while (!list_empty(&isol.dispose)) {
523                 struct xfs_dquot        *dqp;
524
525                 dqp = list_first_entry(&isol.dispose, struct xfs_dquot, q_lru);
526                 list_del_init(&dqp->q_lru);
527                 xfs_qm_dqfree_one(dqp);
528         }
529
530         return freed;
531 }
532
533 static unsigned long
534 xfs_qm_shrink_count(
535         struct shrinker         *shrink,
536         struct shrink_control   *sc)
537 {
538         struct xfs_quotainfo    *qi = container_of(shrink,
539                                         struct xfs_quotainfo, qi_shrinker);
540
541         return list_lru_shrink_count(&qi->qi_lru, sc);
542 }
543
544 STATIC void
545 xfs_qm_set_defquota(
546         struct xfs_mount        *mp,
547         xfs_dqtype_t            type,
548         struct xfs_quotainfo    *qinf)
549 {
550         struct xfs_dquot        *dqp;
551         struct xfs_def_quota    *defq;
552         int                     error;
553
554         error = xfs_qm_dqget_uncached(mp, 0, type, &dqp);
555         if (error)
556                 return;
557
558         defq = xfs_get_defquota(qinf, xfs_dquot_type(dqp));
559
560         /*
561          * Timers and warnings have been already set, let's just set the
562          * default limits for this quota type
563          */
564         defq->blk.hard = dqp->q_blk.hardlimit;
565         defq->blk.soft = dqp->q_blk.softlimit;
566         defq->ino.hard = dqp->q_ino.hardlimit;
567         defq->ino.soft = dqp->q_ino.softlimit;
568         defq->rtb.hard = dqp->q_rtb.hardlimit;
569         defq->rtb.soft = dqp->q_rtb.softlimit;
570         xfs_qm_dqdestroy(dqp);
571 }
572
573 /* Initialize quota time limits from the root dquot. */
574 static void
575 xfs_qm_init_timelimits(
576         struct xfs_mount        *mp,
577         xfs_dqtype_t            type)
578 {
579         struct xfs_quotainfo    *qinf = mp->m_quotainfo;
580         struct xfs_def_quota    *defq;
581         struct xfs_dquot        *dqp;
582         int                     error;
583
584         defq = xfs_get_defquota(qinf, type);
585
586         defq->blk.time = XFS_QM_BTIMELIMIT;
587         defq->ino.time = XFS_QM_ITIMELIMIT;
588         defq->rtb.time = XFS_QM_RTBTIMELIMIT;
589         defq->blk.warn = XFS_QM_BWARNLIMIT;
590         defq->ino.warn = XFS_QM_IWARNLIMIT;
591         defq->rtb.warn = XFS_QM_RTBWARNLIMIT;
592
593         /*
594          * We try to get the limits from the superuser's limits fields.
595          * This is quite hacky, but it is standard quota practice.
596          *
597          * Since we may not have done a quotacheck by this point, just read
598          * the dquot without attaching it to any hashtables or lists.
599          */
600         error = xfs_qm_dqget_uncached(mp, 0, type, &dqp);
601         if (error)
602                 return;
603
604         /*
605          * The warnings and timers set the grace period given to
606          * a user or group before he or she can not perform any
607          * more writing. If it is zero, a default is used.
608          */
609         if (dqp->q_blk.timer)
610                 defq->blk.time = dqp->q_blk.timer;
611         if (dqp->q_ino.timer)
612                 defq->ino.time = dqp->q_ino.timer;
613         if (dqp->q_rtb.timer)
614                 defq->rtb.time = dqp->q_rtb.timer;
615         if (dqp->q_blk.warnings)
616                 defq->blk.warn = dqp->q_blk.warnings;
617         if (dqp->q_ino.warnings)
618                 defq->ino.warn = dqp->q_ino.warnings;
619         if (dqp->q_rtb.warnings)
620                 defq->rtb.warn = dqp->q_rtb.warnings;
621
622         xfs_qm_dqdestroy(dqp);
623 }
624
625 /*
626  * This initializes all the quota information that's kept in the
627  * mount structure
628  */
629 STATIC int
630 xfs_qm_init_quotainfo(
631         struct xfs_mount        *mp)
632 {
633         struct xfs_quotainfo    *qinf;
634         int                     error;
635
636         ASSERT(XFS_IS_QUOTA_RUNNING(mp));
637
638         qinf = mp->m_quotainfo = kmem_zalloc(sizeof(struct xfs_quotainfo), 0);
639
640         error = list_lru_init(&qinf->qi_lru);
641         if (error)
642                 goto out_free_qinf;
643
644         /*
645          * See if quotainodes are setup, and if not, allocate them,
646          * and change the superblock accordingly.
647          */
648         error = xfs_qm_init_quotainos(mp);
649         if (error)
650                 goto out_free_lru;
651
652         INIT_RADIX_TREE(&qinf->qi_uquota_tree, GFP_NOFS);
653         INIT_RADIX_TREE(&qinf->qi_gquota_tree, GFP_NOFS);
654         INIT_RADIX_TREE(&qinf->qi_pquota_tree, GFP_NOFS);
655         mutex_init(&qinf->qi_tree_lock);
656
657         /* mutex used to serialize quotaoffs */
658         mutex_init(&qinf->qi_quotaofflock);
659
660         /* Precalc some constants */
661         qinf->qi_dqchunklen = XFS_FSB_TO_BB(mp, XFS_DQUOT_CLUSTER_SIZE_FSB);
662         qinf->qi_dqperchunk = xfs_calc_dquots_per_chunk(qinf->qi_dqchunklen);
663         if (xfs_sb_version_hasbigtime(&mp->m_sb)) {
664                 qinf->qi_expiry_min =
665                         xfs_dq_bigtime_to_unix(XFS_DQ_BIGTIME_EXPIRY_MIN);
666                 qinf->qi_expiry_max =
667                         xfs_dq_bigtime_to_unix(XFS_DQ_BIGTIME_EXPIRY_MAX);
668         } else {
669                 qinf->qi_expiry_min = XFS_DQ_LEGACY_EXPIRY_MIN;
670                 qinf->qi_expiry_max = XFS_DQ_LEGACY_EXPIRY_MAX;
671         }
672         trace_xfs_quota_expiry_range(mp, qinf->qi_expiry_min,
673                         qinf->qi_expiry_max);
674
675         mp->m_qflags |= (mp->m_sb.sb_qflags & XFS_ALL_QUOTA_CHKD);
676
677         xfs_qm_init_timelimits(mp, XFS_DQTYPE_USER);
678         xfs_qm_init_timelimits(mp, XFS_DQTYPE_GROUP);
679         xfs_qm_init_timelimits(mp, XFS_DQTYPE_PROJ);
680
681         if (XFS_IS_UQUOTA_RUNNING(mp))
682                 xfs_qm_set_defquota(mp, XFS_DQTYPE_USER, qinf);
683         if (XFS_IS_GQUOTA_RUNNING(mp))
684                 xfs_qm_set_defquota(mp, XFS_DQTYPE_GROUP, qinf);
685         if (XFS_IS_PQUOTA_RUNNING(mp))
686                 xfs_qm_set_defquota(mp, XFS_DQTYPE_PROJ, qinf);
687
688         qinf->qi_shrinker.count_objects = xfs_qm_shrink_count;
689         qinf->qi_shrinker.scan_objects = xfs_qm_shrink_scan;
690         qinf->qi_shrinker.seeks = DEFAULT_SEEKS;
691         qinf->qi_shrinker.flags = SHRINKER_NUMA_AWARE;
692
693         error = register_shrinker(&qinf->qi_shrinker);
694         if (error)
695                 goto out_free_inos;
696
697         return 0;
698
699 out_free_inos:
700         mutex_destroy(&qinf->qi_quotaofflock);
701         mutex_destroy(&qinf->qi_tree_lock);
702         xfs_qm_destroy_quotainos(qinf);
703 out_free_lru:
704         list_lru_destroy(&qinf->qi_lru);
705 out_free_qinf:
706         kmem_free(qinf);
707         mp->m_quotainfo = NULL;
708         return error;
709 }
710
711 /*
712  * Gets called when unmounting a filesystem or when all quotas get
713  * turned off.
714  * This purges the quota inodes, destroys locks and frees itself.
715  */
716 void
717 xfs_qm_destroy_quotainfo(
718         struct xfs_mount        *mp)
719 {
720         struct xfs_quotainfo    *qi;
721
722         qi = mp->m_quotainfo;
723         ASSERT(qi != NULL);
724
725         unregister_shrinker(&qi->qi_shrinker);
726         list_lru_destroy(&qi->qi_lru);
727         xfs_qm_destroy_quotainos(qi);
728         mutex_destroy(&qi->qi_tree_lock);
729         mutex_destroy(&qi->qi_quotaofflock);
730         kmem_free(qi);
731         mp->m_quotainfo = NULL;
732 }
733
734 /*
735  * Create an inode and return with a reference already taken, but unlocked
736  * This is how we create quota inodes
737  */
738 STATIC int
739 xfs_qm_qino_alloc(
740         struct xfs_mount        *mp,
741         struct xfs_inode        **ipp,
742         unsigned int            flags)
743 {
744         struct xfs_trans        *tp;
745         int                     error;
746         bool                    need_alloc = true;
747
748         *ipp = NULL;
749         /*
750          * With superblock that doesn't have separate pquotino, we
751          * share an inode between gquota and pquota. If the on-disk
752          * superblock has GQUOTA and the filesystem is now mounted
753          * with PQUOTA, just use sb_gquotino for sb_pquotino and
754          * vice-versa.
755          */
756         if (!xfs_sb_version_has_pquotino(&mp->m_sb) &&
757                         (flags & (XFS_QMOPT_PQUOTA|XFS_QMOPT_GQUOTA))) {
758                 xfs_ino_t ino = NULLFSINO;
759
760                 if ((flags & XFS_QMOPT_PQUOTA) &&
761                              (mp->m_sb.sb_gquotino != NULLFSINO)) {
762                         ino = mp->m_sb.sb_gquotino;
763                         if (XFS_IS_CORRUPT(mp,
764                                            mp->m_sb.sb_pquotino != NULLFSINO))
765                                 return -EFSCORRUPTED;
766                 } else if ((flags & XFS_QMOPT_GQUOTA) &&
767                              (mp->m_sb.sb_pquotino != NULLFSINO)) {
768                         ino = mp->m_sb.sb_pquotino;
769                         if (XFS_IS_CORRUPT(mp,
770                                            mp->m_sb.sb_gquotino != NULLFSINO))
771                                 return -EFSCORRUPTED;
772                 }
773                 if (ino != NULLFSINO) {
774                         error = xfs_iget(mp, NULL, ino, 0, 0, ipp);
775                         if (error)
776                                 return error;
777                         mp->m_sb.sb_gquotino = NULLFSINO;
778                         mp->m_sb.sb_pquotino = NULLFSINO;
779                         need_alloc = false;
780                 }
781         }
782
783         error = xfs_trans_alloc(mp, &M_RES(mp)->tr_create,
784                         need_alloc ? XFS_QM_QINOCREATE_SPACE_RES(mp) : 0,
785                         0, 0, &tp);
786         if (error)
787                 return error;
788
789         if (need_alloc) {
790                 error = xfs_dir_ialloc(&init_user_ns, &tp, NULL, S_IFREG, 1, 0,
791                                        0, false, ipp);
792                 if (error) {
793                         xfs_trans_cancel(tp);
794                         return error;
795                 }
796         }
797
798         /*
799          * Make the changes in the superblock, and log those too.
800          * sbfields arg may contain fields other than *QUOTINO;
801          * VERSIONNUM for example.
802          */
803         spin_lock(&mp->m_sb_lock);
804         if (flags & XFS_QMOPT_SBVERSION) {
805                 ASSERT(!xfs_sb_version_hasquota(&mp->m_sb));
806
807                 xfs_sb_version_addquota(&mp->m_sb);
808                 mp->m_sb.sb_uquotino = NULLFSINO;
809                 mp->m_sb.sb_gquotino = NULLFSINO;
810                 mp->m_sb.sb_pquotino = NULLFSINO;
811
812                 /* qflags will get updated fully _after_ quotacheck */
813                 mp->m_sb.sb_qflags = mp->m_qflags & XFS_ALL_QUOTA_ACCT;
814         }
815         if (flags & XFS_QMOPT_UQUOTA)
816                 mp->m_sb.sb_uquotino = (*ipp)->i_ino;
817         else if (flags & XFS_QMOPT_GQUOTA)
818                 mp->m_sb.sb_gquotino = (*ipp)->i_ino;
819         else
820                 mp->m_sb.sb_pquotino = (*ipp)->i_ino;
821         spin_unlock(&mp->m_sb_lock);
822         xfs_log_sb(tp);
823
824         error = xfs_trans_commit(tp);
825         if (error) {
826                 ASSERT(XFS_FORCED_SHUTDOWN(mp));
827                 xfs_alert(mp, "%s failed (error %d)!", __func__, error);
828         }
829         if (need_alloc)
830                 xfs_finish_inode_setup(*ipp);
831         return error;
832 }
833
834
835 STATIC void
836 xfs_qm_reset_dqcounts(
837         struct xfs_mount        *mp,
838         struct xfs_buf          *bp,
839         xfs_dqid_t              id,
840         xfs_dqtype_t            type)
841 {
842         struct xfs_dqblk        *dqb;
843         int                     j;
844
845         trace_xfs_reset_dqcounts(bp, _RET_IP_);
846
847         /*
848          * Reset all counters and timers. They'll be
849          * started afresh by xfs_qm_quotacheck.
850          */
851 #ifdef DEBUG
852         j = (int)XFS_FSB_TO_B(mp, XFS_DQUOT_CLUSTER_SIZE_FSB) /
853                 sizeof(xfs_dqblk_t);
854         ASSERT(mp->m_quotainfo->qi_dqperchunk == j);
855 #endif
856         dqb = bp->b_addr;
857         for (j = 0; j < mp->m_quotainfo->qi_dqperchunk; j++) {
858                 struct xfs_disk_dquot   *ddq;
859
860                 ddq = (struct xfs_disk_dquot *)&dqb[j];
861
862                 /*
863                  * Do a sanity check, and if needed, repair the dqblk. Don't
864                  * output any warnings because it's perfectly possible to
865                  * find uninitialised dquot blks. See comment in
866                  * xfs_dquot_verify.
867                  */
868                 if (xfs_dqblk_verify(mp, &dqb[j], id + j) ||
869                     (dqb[j].dd_diskdq.d_type & XFS_DQTYPE_REC_MASK) != type)
870                         xfs_dqblk_repair(mp, &dqb[j], id + j, type);
871
872                 /*
873                  * Reset type in case we are reusing group quota file for
874                  * project quotas or vice versa
875                  */
876                 ddq->d_type = type;
877                 ddq->d_bcount = 0;
878                 ddq->d_icount = 0;
879                 ddq->d_rtbcount = 0;
880
881                 /*
882                  * dquot id 0 stores the default grace period and the maximum
883                  * warning limit that were set by the administrator, so we
884                  * should not reset them.
885                  */
886                 if (ddq->d_id != 0) {
887                         ddq->d_btimer = 0;
888                         ddq->d_itimer = 0;
889                         ddq->d_rtbtimer = 0;
890                         ddq->d_bwarns = 0;
891                         ddq->d_iwarns = 0;
892                         ddq->d_rtbwarns = 0;
893                         if (xfs_sb_version_hasbigtime(&mp->m_sb))
894                                 ddq->d_type |= XFS_DQTYPE_BIGTIME;
895                 }
896
897                 if (xfs_sb_version_hascrc(&mp->m_sb)) {
898                         xfs_update_cksum((char *)&dqb[j],
899                                          sizeof(struct xfs_dqblk),
900                                          XFS_DQUOT_CRC_OFF);
901                 }
902         }
903 }
904
905 STATIC int
906 xfs_qm_reset_dqcounts_all(
907         struct xfs_mount        *mp,
908         xfs_dqid_t              firstid,
909         xfs_fsblock_t           bno,
910         xfs_filblks_t           blkcnt,
911         xfs_dqtype_t            type,
912         struct list_head        *buffer_list)
913 {
914         struct xfs_buf          *bp;
915         int                     error = 0;
916
917         ASSERT(blkcnt > 0);
918
919         /*
920          * Blkcnt arg can be a very big number, and might even be
921          * larger than the log itself. So, we have to break it up into
922          * manageable-sized transactions.
923          * Note that we don't start a permanent transaction here; we might
924          * not be able to get a log reservation for the whole thing up front,
925          * and we don't really care to either, because we just discard
926          * everything if we were to crash in the middle of this loop.
927          */
928         while (blkcnt--) {
929                 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp,
930                               XFS_FSB_TO_DADDR(mp, bno),
931                               mp->m_quotainfo->qi_dqchunklen, 0, &bp,
932                               &xfs_dquot_buf_ops);
933
934                 /*
935                  * CRC and validation errors will return a EFSCORRUPTED here. If
936                  * this occurs, re-read without CRC validation so that we can
937                  * repair the damage via xfs_qm_reset_dqcounts(). This process
938                  * will leave a trace in the log indicating corruption has
939                  * been detected.
940                  */
941                 if (error == -EFSCORRUPTED) {
942                         error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp,
943                                       XFS_FSB_TO_DADDR(mp, bno),
944                                       mp->m_quotainfo->qi_dqchunklen, 0, &bp,
945                                       NULL);
946                 }
947
948                 if (error)
949                         break;
950
951                 /*
952                  * A corrupt buffer might not have a verifier attached, so
953                  * make sure we have the correct one attached before writeback
954                  * occurs.
955                  */
956                 bp->b_ops = &xfs_dquot_buf_ops;
957                 xfs_qm_reset_dqcounts(mp, bp, firstid, type);
958                 xfs_buf_delwri_queue(bp, buffer_list);
959                 xfs_buf_relse(bp);
960
961                 /* goto the next block. */
962                 bno++;
963                 firstid += mp->m_quotainfo->qi_dqperchunk;
964         }
965
966         return error;
967 }
968
969 /*
970  * Iterate over all allocated dquot blocks in this quota inode, zeroing all
971  * counters for every chunk of dquots that we find.
972  */
973 STATIC int
974 xfs_qm_reset_dqcounts_buf(
975         struct xfs_mount        *mp,
976         struct xfs_inode        *qip,
977         xfs_dqtype_t            type,
978         struct list_head        *buffer_list)
979 {
980         struct xfs_bmbt_irec    *map;
981         int                     i, nmaps;       /* number of map entries */
982         int                     error;          /* return value */
983         xfs_fileoff_t           lblkno;
984         xfs_filblks_t           maxlblkcnt;
985         xfs_dqid_t              firstid;
986         xfs_fsblock_t           rablkno;
987         xfs_filblks_t           rablkcnt;
988
989         error = 0;
990         /*
991          * This looks racy, but we can't keep an inode lock across a
992          * trans_reserve. But, this gets called during quotacheck, and that
993          * happens only at mount time which is single threaded.
994          */
995         if (qip->i_nblocks == 0)
996                 return 0;
997
998         map = kmem_alloc(XFS_DQITER_MAP_SIZE * sizeof(*map), 0);
999
1000         lblkno = 0;
1001         maxlblkcnt = XFS_B_TO_FSB(mp, mp->m_super->s_maxbytes);
1002         do {
1003                 uint            lock_mode;
1004
1005                 nmaps = XFS_DQITER_MAP_SIZE;
1006                 /*
1007                  * We aren't changing the inode itself. Just changing
1008                  * some of its data. No new blocks are added here, and
1009                  * the inode is never added to the transaction.
1010                  */
1011                 lock_mode = xfs_ilock_data_map_shared(qip);
1012                 error = xfs_bmapi_read(qip, lblkno, maxlblkcnt - lblkno,
1013                                        map, &nmaps, 0);
1014                 xfs_iunlock(qip, lock_mode);
1015                 if (error)
1016                         break;
1017
1018                 ASSERT(nmaps <= XFS_DQITER_MAP_SIZE);
1019                 for (i = 0; i < nmaps; i++) {
1020                         ASSERT(map[i].br_startblock != DELAYSTARTBLOCK);
1021                         ASSERT(map[i].br_blockcount);
1022
1023
1024                         lblkno += map[i].br_blockcount;
1025
1026                         if (map[i].br_startblock == HOLESTARTBLOCK)
1027                                 continue;
1028
1029                         firstid = (xfs_dqid_t) map[i].br_startoff *
1030                                 mp->m_quotainfo->qi_dqperchunk;
1031                         /*
1032                          * Do a read-ahead on the next extent.
1033                          */
1034                         if ((i+1 < nmaps) &&
1035                             (map[i+1].br_startblock != HOLESTARTBLOCK)) {
1036                                 rablkcnt =  map[i+1].br_blockcount;
1037                                 rablkno = map[i+1].br_startblock;
1038                                 while (rablkcnt--) {
1039                                         xfs_buf_readahead(mp->m_ddev_targp,
1040                                                XFS_FSB_TO_DADDR(mp, rablkno),
1041                                                mp->m_quotainfo->qi_dqchunklen,
1042                                                &xfs_dquot_buf_ops);
1043                                         rablkno++;
1044                                 }
1045                         }
1046                         /*
1047                          * Iterate thru all the blks in the extent and
1048                          * reset the counters of all the dquots inside them.
1049                          */
1050                         error = xfs_qm_reset_dqcounts_all(mp, firstid,
1051                                                    map[i].br_startblock,
1052                                                    map[i].br_blockcount,
1053                                                    type, buffer_list);
1054                         if (error)
1055                                 goto out;
1056                 }
1057         } while (nmaps > 0);
1058
1059 out:
1060         kmem_free(map);
1061         return error;
1062 }
1063
1064 /*
1065  * Called by dqusage_adjust in doing a quotacheck.
1066  *
1067  * Given the inode, and a dquot id this updates both the incore dqout as well
1068  * as the buffer copy. This is so that once the quotacheck is done, we can
1069  * just log all the buffers, as opposed to logging numerous updates to
1070  * individual dquots.
1071  */
1072 STATIC int
1073 xfs_qm_quotacheck_dqadjust(
1074         struct xfs_inode        *ip,
1075         xfs_dqtype_t            type,
1076         xfs_qcnt_t              nblks,
1077         xfs_qcnt_t              rtblks)
1078 {
1079         struct xfs_mount        *mp = ip->i_mount;
1080         struct xfs_dquot        *dqp;
1081         xfs_dqid_t              id;
1082         int                     error;
1083
1084         id = xfs_qm_id_for_quotatype(ip, type);
1085         error = xfs_qm_dqget(mp, id, type, true, &dqp);
1086         if (error) {
1087                 /*
1088                  * Shouldn't be able to turn off quotas here.
1089                  */
1090                 ASSERT(error != -ESRCH);
1091                 ASSERT(error != -ENOENT);
1092                 return error;
1093         }
1094
1095         trace_xfs_dqadjust(dqp);
1096
1097         /*
1098          * Adjust the inode count and the block count to reflect this inode's
1099          * resource usage.
1100          */
1101         dqp->q_ino.count++;
1102         dqp->q_ino.reserved++;
1103         if (nblks) {
1104                 dqp->q_blk.count += nblks;
1105                 dqp->q_blk.reserved += nblks;
1106         }
1107         if (rtblks) {
1108                 dqp->q_rtb.count += rtblks;
1109                 dqp->q_rtb.reserved += rtblks;
1110         }
1111
1112         /*
1113          * Set default limits, adjust timers (since we changed usages)
1114          *
1115          * There are no timers for the default values set in the root dquot.
1116          */
1117         if (dqp->q_id) {
1118                 xfs_qm_adjust_dqlimits(dqp);
1119                 xfs_qm_adjust_dqtimers(dqp);
1120         }
1121
1122         dqp->q_flags |= XFS_DQFLAG_DIRTY;
1123         xfs_qm_dqput(dqp);
1124         return 0;
1125 }
1126
1127 /*
1128  * callback routine supplied to bulkstat(). Given an inumber, find its
1129  * dquots and update them to account for resources taken by that inode.
1130  */
1131 /* ARGSUSED */
1132 STATIC int
1133 xfs_qm_dqusage_adjust(
1134         struct xfs_mount        *mp,
1135         struct xfs_trans        *tp,
1136         xfs_ino_t               ino,
1137         void                    *data)
1138 {
1139         struct xfs_inode        *ip;
1140         xfs_qcnt_t              nblks;
1141         xfs_filblks_t           rtblks = 0;     /* total rt blks */
1142         int                     error;
1143
1144         ASSERT(XFS_IS_QUOTA_RUNNING(mp));
1145
1146         /*
1147          * rootino must have its resources accounted for, not so with the quota
1148          * inodes.
1149          */
1150         if (xfs_is_quota_inode(&mp->m_sb, ino))
1151                 return 0;
1152
1153         /*
1154          * We don't _need_ to take the ilock EXCL here because quotacheck runs
1155          * at mount time and therefore nobody will be racing chown/chproj.
1156          */
1157         error = xfs_iget(mp, tp, ino, XFS_IGET_DONTCACHE, 0, &ip);
1158         if (error == -EINVAL || error == -ENOENT)
1159                 return 0;
1160         if (error)
1161                 return error;
1162
1163         ASSERT(ip->i_delayed_blks == 0);
1164
1165         if (XFS_IS_REALTIME_INODE(ip)) {
1166                 struct xfs_ifork        *ifp = XFS_IFORK_PTR(ip, XFS_DATA_FORK);
1167
1168                 error = xfs_iread_extents(tp, ip, XFS_DATA_FORK);
1169                 if (error)
1170                         goto error0;
1171
1172                 xfs_bmap_count_leaves(ifp, &rtblks);
1173         }
1174
1175         nblks = (xfs_qcnt_t)ip->i_nblocks - rtblks;
1176
1177         /*
1178          * Add the (disk blocks and inode) resources occupied by this
1179          * inode to its dquots. We do this adjustment in the incore dquot,
1180          * and also copy the changes to its buffer.
1181          * We don't care about putting these changes in a transaction
1182          * envelope because if we crash in the middle of a 'quotacheck'
1183          * we have to start from the beginning anyway.
1184          * Once we're done, we'll log all the dquot bufs.
1185          *
1186          * The *QUOTA_ON checks below may look pretty racy, but quotachecks
1187          * and quotaoffs don't race. (Quotachecks happen at mount time only).
1188          */
1189         if (XFS_IS_UQUOTA_ON(mp)) {
1190                 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_USER, nblks,
1191                                 rtblks);
1192                 if (error)
1193                         goto error0;
1194         }
1195
1196         if (XFS_IS_GQUOTA_ON(mp)) {
1197                 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_GROUP, nblks,
1198                                 rtblks);
1199                 if (error)
1200                         goto error0;
1201         }
1202
1203         if (XFS_IS_PQUOTA_ON(mp)) {
1204                 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_PROJ, nblks,
1205                                 rtblks);
1206                 if (error)
1207                         goto error0;
1208         }
1209
1210 error0:
1211         xfs_irele(ip);
1212         return error;
1213 }
1214
1215 STATIC int
1216 xfs_qm_flush_one(
1217         struct xfs_dquot        *dqp,
1218         void                    *data)
1219 {
1220         struct xfs_mount        *mp = dqp->q_mount;
1221         struct list_head        *buffer_list = data;
1222         struct xfs_buf          *bp = NULL;
1223         int                     error = 0;
1224
1225         xfs_dqlock(dqp);
1226         if (dqp->q_flags & XFS_DQFLAG_FREEING)
1227                 goto out_unlock;
1228         if (!XFS_DQ_IS_DIRTY(dqp))
1229                 goto out_unlock;
1230
1231         /*
1232          * The only way the dquot is already flush locked by the time quotacheck
1233          * gets here is if reclaim flushed it before the dqadjust walk dirtied
1234          * it for the final time. Quotacheck collects all dquot bufs in the
1235          * local delwri queue before dquots are dirtied, so reclaim can't have
1236          * possibly queued it for I/O. The only way out is to push the buffer to
1237          * cycle the flush lock.
1238          */
1239         if (!xfs_dqflock_nowait(dqp)) {
1240                 /* buf is pinned in-core by delwri list */
1241                 bp = xfs_buf_incore(mp->m_ddev_targp, dqp->q_blkno,
1242                                 mp->m_quotainfo->qi_dqchunklen, 0);
1243                 if (!bp) {
1244                         error = -EINVAL;
1245                         goto out_unlock;
1246                 }
1247                 xfs_buf_unlock(bp);
1248
1249                 xfs_buf_delwri_pushbuf(bp, buffer_list);
1250                 xfs_buf_rele(bp);
1251
1252                 error = -EAGAIN;
1253                 goto out_unlock;
1254         }
1255
1256         error = xfs_qm_dqflush(dqp, &bp);
1257         if (error)
1258                 goto out_unlock;
1259
1260         xfs_buf_delwri_queue(bp, buffer_list);
1261         xfs_buf_relse(bp);
1262 out_unlock:
1263         xfs_dqunlock(dqp);
1264         return error;
1265 }
1266
1267 /*
1268  * Walk thru all the filesystem inodes and construct a consistent view
1269  * of the disk quota world. If the quotacheck fails, disable quotas.
1270  */
1271 STATIC int
1272 xfs_qm_quotacheck(
1273         xfs_mount_t     *mp)
1274 {
1275         int                     error, error2;
1276         uint                    flags;
1277         LIST_HEAD               (buffer_list);
1278         struct xfs_inode        *uip = mp->m_quotainfo->qi_uquotaip;
1279         struct xfs_inode        *gip = mp->m_quotainfo->qi_gquotaip;
1280         struct xfs_inode        *pip = mp->m_quotainfo->qi_pquotaip;
1281
1282         flags = 0;
1283
1284         ASSERT(uip || gip || pip);
1285         ASSERT(XFS_IS_QUOTA_RUNNING(mp));
1286
1287         xfs_notice(mp, "Quotacheck needed: Please wait.");
1288
1289         /*
1290          * First we go thru all the dquots on disk, USR and GRP/PRJ, and reset
1291          * their counters to zero. We need a clean slate.
1292          * We don't log our changes till later.
1293          */
1294         if (uip) {
1295                 error = xfs_qm_reset_dqcounts_buf(mp, uip, XFS_DQTYPE_USER,
1296                                          &buffer_list);
1297                 if (error)
1298                         goto error_return;
1299                 flags |= XFS_UQUOTA_CHKD;
1300         }
1301
1302         if (gip) {
1303                 error = xfs_qm_reset_dqcounts_buf(mp, gip, XFS_DQTYPE_GROUP,
1304                                          &buffer_list);
1305                 if (error)
1306                         goto error_return;
1307                 flags |= XFS_GQUOTA_CHKD;
1308         }
1309
1310         if (pip) {
1311                 error = xfs_qm_reset_dqcounts_buf(mp, pip, XFS_DQTYPE_PROJ,
1312                                          &buffer_list);
1313                 if (error)
1314                         goto error_return;
1315                 flags |= XFS_PQUOTA_CHKD;
1316         }
1317
1318         error = xfs_iwalk_threaded(mp, 0, 0, xfs_qm_dqusage_adjust, 0, true,
1319                         NULL);
1320         if (error)
1321                 goto error_return;
1322
1323         /*
1324          * We've made all the changes that we need to make incore.  Flush them
1325          * down to disk buffers if everything was updated successfully.
1326          */
1327         if (XFS_IS_UQUOTA_ON(mp)) {
1328                 error = xfs_qm_dquot_walk(mp, XFS_DQTYPE_USER, xfs_qm_flush_one,
1329                                           &buffer_list);
1330         }
1331         if (XFS_IS_GQUOTA_ON(mp)) {
1332                 error2 = xfs_qm_dquot_walk(mp, XFS_DQTYPE_GROUP, xfs_qm_flush_one,
1333                                            &buffer_list);
1334                 if (!error)
1335                         error = error2;
1336         }
1337         if (XFS_IS_PQUOTA_ON(mp)) {
1338                 error2 = xfs_qm_dquot_walk(mp, XFS_DQTYPE_PROJ, xfs_qm_flush_one,
1339                                            &buffer_list);
1340                 if (!error)
1341                         error = error2;
1342         }
1343
1344         error2 = xfs_buf_delwri_submit(&buffer_list);
1345         if (!error)
1346                 error = error2;
1347
1348         /*
1349          * We can get this error if we couldn't do a dquot allocation inside
1350          * xfs_qm_dqusage_adjust (via bulkstat). We don't care about the
1351          * dirty dquots that might be cached, we just want to get rid of them
1352          * and turn quotaoff. The dquots won't be attached to any of the inodes
1353          * at this point (because we intentionally didn't in dqget_noattach).
1354          */
1355         if (error) {
1356                 xfs_qm_dqpurge_all(mp, XFS_QMOPT_QUOTALL);
1357                 goto error_return;
1358         }
1359
1360         /*
1361          * If one type of quotas is off, then it will lose its
1362          * quotachecked status, since we won't be doing accounting for
1363          * that type anymore.
1364          */
1365         mp->m_qflags &= ~XFS_ALL_QUOTA_CHKD;
1366         mp->m_qflags |= flags;
1367
1368  error_return:
1369         xfs_buf_delwri_cancel(&buffer_list);
1370
1371         if (error) {
1372                 xfs_warn(mp,
1373         "Quotacheck: Unsuccessful (Error %d): Disabling quotas.",
1374                         error);
1375                 /*
1376                  * We must turn off quotas.
1377                  */
1378                 ASSERT(mp->m_quotainfo != NULL);
1379                 xfs_qm_destroy_quotainfo(mp);
1380                 if (xfs_mount_reset_sbqflags(mp)) {
1381                         xfs_warn(mp,
1382                                 "Quotacheck: Failed to reset quota flags.");
1383                 }
1384         } else
1385                 xfs_notice(mp, "Quotacheck: Done.");
1386         return error;
1387 }
1388
1389 /*
1390  * This is called from xfs_mountfs to start quotas and initialize all
1391  * necessary data structures like quotainfo.  This is also responsible for
1392  * running a quotacheck as necessary.  We are guaranteed that the superblock
1393  * is consistently read in at this point.
1394  *
1395  * If we fail here, the mount will continue with quota turned off. We don't
1396  * need to inidicate success or failure at all.
1397  */
1398 void
1399 xfs_qm_mount_quotas(
1400         struct xfs_mount        *mp)
1401 {
1402         int                     error = 0;
1403         uint                    sbf;
1404
1405         /*
1406          * If quotas on realtime volumes is not supported, we disable
1407          * quotas immediately.
1408          */
1409         if (mp->m_sb.sb_rextents) {
1410                 xfs_notice(mp, "Cannot turn on quotas for realtime filesystem");
1411                 mp->m_qflags = 0;
1412                 goto write_changes;
1413         }
1414
1415         ASSERT(XFS_IS_QUOTA_RUNNING(mp));
1416
1417         /*
1418          * Allocate the quotainfo structure inside the mount struct, and
1419          * create quotainode(s), and change/rev superblock if necessary.
1420          */
1421         error = xfs_qm_init_quotainfo(mp);
1422         if (error) {
1423                 /*
1424                  * We must turn off quotas.
1425                  */
1426                 ASSERT(mp->m_quotainfo == NULL);
1427                 mp->m_qflags = 0;
1428                 goto write_changes;
1429         }
1430         /*
1431          * If any of the quotas are not consistent, do a quotacheck.
1432          */
1433         if (XFS_QM_NEED_QUOTACHECK(mp)) {
1434                 error = xfs_qm_quotacheck(mp);
1435                 if (error) {
1436                         /* Quotacheck failed and disabled quotas. */
1437                         return;
1438                 }
1439         }
1440         /*
1441          * If one type of quotas is off, then it will lose its
1442          * quotachecked status, since we won't be doing accounting for
1443          * that type anymore.
1444          */
1445         if (!XFS_IS_UQUOTA_ON(mp))
1446                 mp->m_qflags &= ~XFS_UQUOTA_CHKD;
1447         if (!XFS_IS_GQUOTA_ON(mp))
1448                 mp->m_qflags &= ~XFS_GQUOTA_CHKD;
1449         if (!XFS_IS_PQUOTA_ON(mp))
1450                 mp->m_qflags &= ~XFS_PQUOTA_CHKD;
1451
1452  write_changes:
1453         /*
1454          * We actually don't have to acquire the m_sb_lock at all.
1455          * This can only be called from mount, and that's single threaded. XXX
1456          */
1457         spin_lock(&mp->m_sb_lock);
1458         sbf = mp->m_sb.sb_qflags;
1459         mp->m_sb.sb_qflags = mp->m_qflags & XFS_MOUNT_QUOTA_ALL;
1460         spin_unlock(&mp->m_sb_lock);
1461
1462         if (sbf != (mp->m_qflags & XFS_MOUNT_QUOTA_ALL)) {
1463                 if (xfs_sync_sb(mp, false)) {
1464                         /*
1465                          * We could only have been turning quotas off.
1466                          * We aren't in very good shape actually because
1467                          * the incore structures are convinced that quotas are
1468                          * off, but the on disk superblock doesn't know that !
1469                          */
1470                         ASSERT(!(XFS_IS_QUOTA_RUNNING(mp)));
1471                         xfs_alert(mp, "%s: Superblock update failed!",
1472                                 __func__);
1473                 }
1474         }
1475
1476         if (error) {
1477                 xfs_warn(mp, "Failed to initialize disk quotas.");
1478                 return;
1479         }
1480 }
1481
1482 /*
1483  * This is called after the superblock has been read in and we're ready to
1484  * iget the quota inodes.
1485  */
1486 STATIC int
1487 xfs_qm_init_quotainos(
1488         xfs_mount_t     *mp)
1489 {
1490         struct xfs_inode        *uip = NULL;
1491         struct xfs_inode        *gip = NULL;
1492         struct xfs_inode        *pip = NULL;
1493         int                     error;
1494         uint                    flags = 0;
1495
1496         ASSERT(mp->m_quotainfo);
1497
1498         /*
1499          * Get the uquota and gquota inodes
1500          */
1501         if (xfs_sb_version_hasquota(&mp->m_sb)) {
1502                 if (XFS_IS_UQUOTA_ON(mp) &&
1503                     mp->m_sb.sb_uquotino != NULLFSINO) {
1504                         ASSERT(mp->m_sb.sb_uquotino > 0);
1505                         error = xfs_iget(mp, NULL, mp->m_sb.sb_uquotino,
1506                                              0, 0, &uip);
1507                         if (error)
1508                                 return error;
1509                 }
1510                 if (XFS_IS_GQUOTA_ON(mp) &&
1511                     mp->m_sb.sb_gquotino != NULLFSINO) {
1512                         ASSERT(mp->m_sb.sb_gquotino > 0);
1513                         error = xfs_iget(mp, NULL, mp->m_sb.sb_gquotino,
1514                                              0, 0, &gip);
1515                         if (error)
1516                                 goto error_rele;
1517                 }
1518                 if (XFS_IS_PQUOTA_ON(mp) &&
1519                     mp->m_sb.sb_pquotino != NULLFSINO) {
1520                         ASSERT(mp->m_sb.sb_pquotino > 0);
1521                         error = xfs_iget(mp, NULL, mp->m_sb.sb_pquotino,
1522                                              0, 0, &pip);
1523                         if (error)
1524                                 goto error_rele;
1525                 }
1526         } else {
1527                 flags |= XFS_QMOPT_SBVERSION;
1528         }
1529
1530         /*
1531          * Create the three inodes, if they don't exist already. The changes
1532          * made above will get added to a transaction and logged in one of
1533          * the qino_alloc calls below.  If the device is readonly,
1534          * temporarily switch to read-write to do this.
1535          */
1536         if (XFS_IS_UQUOTA_ON(mp) && uip == NULL) {
1537                 error = xfs_qm_qino_alloc(mp, &uip,
1538                                               flags | XFS_QMOPT_UQUOTA);
1539                 if (error)
1540                         goto error_rele;
1541
1542                 flags &= ~XFS_QMOPT_SBVERSION;
1543         }
1544         if (XFS_IS_GQUOTA_ON(mp) && gip == NULL) {
1545                 error = xfs_qm_qino_alloc(mp, &gip,
1546                                           flags | XFS_QMOPT_GQUOTA);
1547                 if (error)
1548                         goto error_rele;
1549
1550                 flags &= ~XFS_QMOPT_SBVERSION;
1551         }
1552         if (XFS_IS_PQUOTA_ON(mp) && pip == NULL) {
1553                 error = xfs_qm_qino_alloc(mp, &pip,
1554                                           flags | XFS_QMOPT_PQUOTA);
1555                 if (error)
1556                         goto error_rele;
1557         }
1558
1559         mp->m_quotainfo->qi_uquotaip = uip;
1560         mp->m_quotainfo->qi_gquotaip = gip;
1561         mp->m_quotainfo->qi_pquotaip = pip;
1562
1563         return 0;
1564
1565 error_rele:
1566         if (uip)
1567                 xfs_irele(uip);
1568         if (gip)
1569                 xfs_irele(gip);
1570         if (pip)
1571                 xfs_irele(pip);
1572         return error;
1573 }
1574
1575 STATIC void
1576 xfs_qm_destroy_quotainos(
1577         struct xfs_quotainfo    *qi)
1578 {
1579         if (qi->qi_uquotaip) {
1580                 xfs_irele(qi->qi_uquotaip);
1581                 qi->qi_uquotaip = NULL; /* paranoia */
1582         }
1583         if (qi->qi_gquotaip) {
1584                 xfs_irele(qi->qi_gquotaip);
1585                 qi->qi_gquotaip = NULL;
1586         }
1587         if (qi->qi_pquotaip) {
1588                 xfs_irele(qi->qi_pquotaip);
1589                 qi->qi_pquotaip = NULL;
1590         }
1591 }
1592
1593 STATIC void
1594 xfs_qm_dqfree_one(
1595         struct xfs_dquot        *dqp)
1596 {
1597         struct xfs_mount        *mp = dqp->q_mount;
1598         struct xfs_quotainfo    *qi = mp->m_quotainfo;
1599
1600         mutex_lock(&qi->qi_tree_lock);
1601         radix_tree_delete(xfs_dquot_tree(qi, xfs_dquot_type(dqp)), dqp->q_id);
1602
1603         qi->qi_dquots--;
1604         mutex_unlock(&qi->qi_tree_lock);
1605
1606         xfs_qm_dqdestroy(dqp);
1607 }
1608
1609 /* --------------- utility functions for vnodeops ---------------- */
1610
1611
1612 /*
1613  * Given an inode, a uid, gid and prid make sure that we have
1614  * allocated relevant dquot(s) on disk, and that we won't exceed inode
1615  * quotas by creating this file.
1616  * This also attaches dquot(s) to the given inode after locking it,
1617  * and returns the dquots corresponding to the uid and/or gid.
1618  *
1619  * in   : inode (unlocked)
1620  * out  : udquot, gdquot with references taken and unlocked
1621  */
1622 int
1623 xfs_qm_vop_dqalloc(
1624         struct xfs_inode        *ip,
1625         kuid_t                  uid,
1626         kgid_t                  gid,
1627         prid_t                  prid,
1628         uint                    flags,
1629         struct xfs_dquot        **O_udqpp,
1630         struct xfs_dquot        **O_gdqpp,
1631         struct xfs_dquot        **O_pdqpp)
1632 {
1633         struct xfs_mount        *mp = ip->i_mount;
1634         struct inode            *inode = VFS_I(ip);
1635         struct user_namespace   *user_ns = inode->i_sb->s_user_ns;
1636         struct xfs_dquot        *uq = NULL;
1637         struct xfs_dquot        *gq = NULL;
1638         struct xfs_dquot        *pq = NULL;
1639         int                     error;
1640         uint                    lockflags;
1641
1642         if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp))
1643                 return 0;
1644
1645         lockflags = XFS_ILOCK_EXCL;
1646         xfs_ilock(ip, lockflags);
1647
1648         if ((flags & XFS_QMOPT_INHERIT) && XFS_INHERIT_GID(ip))
1649                 gid = inode->i_gid;
1650
1651         /*
1652          * Attach the dquot(s) to this inode, doing a dquot allocation
1653          * if necessary. The dquot(s) will not be locked.
1654          */
1655         if (XFS_NOT_DQATTACHED(mp, ip)) {
1656                 error = xfs_qm_dqattach_locked(ip, true);
1657                 if (error) {
1658                         xfs_iunlock(ip, lockflags);
1659                         return error;
1660                 }
1661         }
1662
1663         if ((flags & XFS_QMOPT_UQUOTA) && XFS_IS_UQUOTA_ON(mp)) {
1664                 ASSERT(O_udqpp);
1665                 if (!uid_eq(inode->i_uid, uid)) {
1666                         /*
1667                          * What we need is the dquot that has this uid, and
1668                          * if we send the inode to dqget, the uid of the inode
1669                          * takes priority over what's sent in the uid argument.
1670                          * We must unlock inode here before calling dqget if
1671                          * we're not sending the inode, because otherwise
1672                          * we'll deadlock by doing trans_reserve while
1673                          * holding ilock.
1674                          */
1675                         xfs_iunlock(ip, lockflags);
1676                         error = xfs_qm_dqget(mp, from_kuid(user_ns, uid),
1677                                         XFS_DQTYPE_USER, true, &uq);
1678                         if (error) {
1679                                 ASSERT(error != -ENOENT);
1680                                 return error;
1681                         }
1682                         /*
1683                          * Get the ilock in the right order.
1684                          */
1685                         xfs_dqunlock(uq);
1686                         lockflags = XFS_ILOCK_SHARED;
1687                         xfs_ilock(ip, lockflags);
1688                 } else {
1689                         /*
1690                          * Take an extra reference, because we'll return
1691                          * this to caller
1692                          */
1693                         ASSERT(ip->i_udquot);
1694                         uq = xfs_qm_dqhold(ip->i_udquot);
1695                 }
1696         }
1697         if ((flags & XFS_QMOPT_GQUOTA) && XFS_IS_GQUOTA_ON(mp)) {
1698                 ASSERT(O_gdqpp);
1699                 if (!gid_eq(inode->i_gid, gid)) {
1700                         xfs_iunlock(ip, lockflags);
1701                         error = xfs_qm_dqget(mp, from_kgid(user_ns, gid),
1702                                         XFS_DQTYPE_GROUP, true, &gq);
1703                         if (error) {
1704                                 ASSERT(error != -ENOENT);
1705                                 goto error_rele;
1706                         }
1707                         xfs_dqunlock(gq);
1708                         lockflags = XFS_ILOCK_SHARED;
1709                         xfs_ilock(ip, lockflags);
1710                 } else {
1711                         ASSERT(ip->i_gdquot);
1712                         gq = xfs_qm_dqhold(ip->i_gdquot);
1713                 }
1714         }
1715         if ((flags & XFS_QMOPT_PQUOTA) && XFS_IS_PQUOTA_ON(mp)) {
1716                 ASSERT(O_pdqpp);
1717                 if (ip->i_projid != prid) {
1718                         xfs_iunlock(ip, lockflags);
1719                         error = xfs_qm_dqget(mp, prid,
1720                                         XFS_DQTYPE_PROJ, true, &pq);
1721                         if (error) {
1722                                 ASSERT(error != -ENOENT);
1723                                 goto error_rele;
1724                         }
1725                         xfs_dqunlock(pq);
1726                         lockflags = XFS_ILOCK_SHARED;
1727                         xfs_ilock(ip, lockflags);
1728                 } else {
1729                         ASSERT(ip->i_pdquot);
1730                         pq = xfs_qm_dqhold(ip->i_pdquot);
1731                 }
1732         }
1733         trace_xfs_dquot_dqalloc(ip);
1734
1735         xfs_iunlock(ip, lockflags);
1736         if (O_udqpp)
1737                 *O_udqpp = uq;
1738         else
1739                 xfs_qm_dqrele(uq);
1740         if (O_gdqpp)
1741                 *O_gdqpp = gq;
1742         else
1743                 xfs_qm_dqrele(gq);
1744         if (O_pdqpp)
1745                 *O_pdqpp = pq;
1746         else
1747                 xfs_qm_dqrele(pq);
1748         return 0;
1749
1750 error_rele:
1751         xfs_qm_dqrele(gq);
1752         xfs_qm_dqrele(uq);
1753         return error;
1754 }
1755
1756 /*
1757  * Actually transfer ownership, and do dquot modifications.
1758  * These were already reserved.
1759  */
1760 struct xfs_dquot *
1761 xfs_qm_vop_chown(
1762         struct xfs_trans        *tp,
1763         struct xfs_inode        *ip,
1764         struct xfs_dquot        **IO_olddq,
1765         struct xfs_dquot        *newdq)
1766 {
1767         struct xfs_dquot        *prevdq;
1768         uint            bfield = XFS_IS_REALTIME_INODE(ip) ?
1769                                  XFS_TRANS_DQ_RTBCOUNT : XFS_TRANS_DQ_BCOUNT;
1770
1771
1772         ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
1773         ASSERT(XFS_IS_QUOTA_RUNNING(ip->i_mount));
1774
1775         /* old dquot */
1776         prevdq = *IO_olddq;
1777         ASSERT(prevdq);
1778         ASSERT(prevdq != newdq);
1779
1780         xfs_trans_mod_dquot(tp, prevdq, bfield, -(ip->i_nblocks));
1781         xfs_trans_mod_dquot(tp, prevdq, XFS_TRANS_DQ_ICOUNT, -1);
1782
1783         /* the sparkling new dquot */
1784         xfs_trans_mod_dquot(tp, newdq, bfield, ip->i_nblocks);
1785         xfs_trans_mod_dquot(tp, newdq, XFS_TRANS_DQ_ICOUNT, 1);
1786
1787         /*
1788          * Back when we made quota reservations for the chown, we reserved the
1789          * ondisk blocks + delalloc blocks with the new dquot.  Now that we've
1790          * switched the dquots, decrease the new dquot's block reservation
1791          * (having already bumped up the real counter) so that we don't have
1792          * any reservation to give back when we commit.
1793          */
1794         xfs_trans_mod_dquot(tp, newdq, XFS_TRANS_DQ_RES_BLKS,
1795                         -ip->i_delayed_blks);
1796
1797         /*
1798          * Give the incore reservation for delalloc blocks back to the old
1799          * dquot.  We don't normally handle delalloc quota reservations
1800          * transactionally, so just lock the dquot and subtract from the
1801          * reservation.  Dirty the transaction because it's too late to turn
1802          * back now.
1803          */
1804         tp->t_flags |= XFS_TRANS_DIRTY;
1805         xfs_dqlock(prevdq);
1806         ASSERT(prevdq->q_blk.reserved >= ip->i_delayed_blks);
1807         prevdq->q_blk.reserved -= ip->i_delayed_blks;
1808         xfs_dqunlock(prevdq);
1809
1810         /*
1811          * Take an extra reference, because the inode is going to keep
1812          * this dquot pointer even after the trans_commit.
1813          */
1814         *IO_olddq = xfs_qm_dqhold(newdq);
1815
1816         return prevdq;
1817 }
1818
1819 int
1820 xfs_qm_vop_rename_dqattach(
1821         struct xfs_inode        **i_tab)
1822 {
1823         struct xfs_mount        *mp = i_tab[0]->i_mount;
1824         int                     i;
1825
1826         if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp))
1827                 return 0;
1828
1829         for (i = 0; (i < 4 && i_tab[i]); i++) {
1830                 struct xfs_inode        *ip = i_tab[i];
1831                 int                     error;
1832
1833                 /*
1834                  * Watch out for duplicate entries in the table.
1835                  */
1836                 if (i == 0 || ip != i_tab[i-1]) {
1837                         if (XFS_NOT_DQATTACHED(mp, ip)) {
1838                                 error = xfs_qm_dqattach(ip);
1839                                 if (error)
1840                                         return error;
1841                         }
1842                 }
1843         }
1844         return 0;
1845 }
1846
1847 void
1848 xfs_qm_vop_create_dqattach(
1849         struct xfs_trans        *tp,
1850         struct xfs_inode        *ip,
1851         struct xfs_dquot        *udqp,
1852         struct xfs_dquot        *gdqp,
1853         struct xfs_dquot        *pdqp)
1854 {
1855         struct xfs_mount        *mp = tp->t_mountp;
1856
1857         if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp))
1858                 return;
1859
1860         ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
1861
1862         if (udqp && XFS_IS_UQUOTA_ON(mp)) {
1863                 ASSERT(ip->i_udquot == NULL);
1864                 ASSERT(i_uid_read(VFS_I(ip)) == udqp->q_id);
1865
1866                 ip->i_udquot = xfs_qm_dqhold(udqp);
1867                 xfs_trans_mod_dquot(tp, udqp, XFS_TRANS_DQ_ICOUNT, 1);
1868         }
1869         if (gdqp && XFS_IS_GQUOTA_ON(mp)) {
1870                 ASSERT(ip->i_gdquot == NULL);
1871                 ASSERT(i_gid_read(VFS_I(ip)) == gdqp->q_id);
1872
1873                 ip->i_gdquot = xfs_qm_dqhold(gdqp);
1874                 xfs_trans_mod_dquot(tp, gdqp, XFS_TRANS_DQ_ICOUNT, 1);
1875         }
1876         if (pdqp && XFS_IS_PQUOTA_ON(mp)) {
1877                 ASSERT(ip->i_pdquot == NULL);
1878                 ASSERT(ip->i_projid == pdqp->q_id);
1879
1880                 ip->i_pdquot = xfs_qm_dqhold(pdqp);
1881                 xfs_trans_mod_dquot(tp, pdqp, XFS_TRANS_DQ_ICOUNT, 1);
1882         }
1883 }
1884