fix buffer overflow in the moxa driver (CVE-2005-0504)
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / fs / dquot.c
blob1966c890b48d1df00e04bc09e612ade805ad77f6
1 /*
2 * Implementation of the diskquota system for the LINUX operating system. QUOTA
3 * is implemented using the BSD system call interface as the means of
4 * communication with the user level. This file contains the generic routines
5 * called by the different filesystems on allocation of an inode or block.
6 * These routines take care of the administration needed to have a consistent
7 * diskquota tracking system. The ideas of both user and group quotas are based
8 * on the Melbourne quota system as used on BSD derived systems. The internal
9 * implementation is based on one of the several variants of the LINUX
10 * inode-subsystem with added complexity of the diskquota system.
12 * Version: $Id: dquot.c,v 6.3 1996/11/17 18:35:34 mvw Exp mvw $
14 * Author: Marco van Wieringen <mvw@planets.elm.net>
16 * Fixes: Dmitry Gorodchanin <pgmdsg@ibi.com>, 11 Feb 96
18 * Revised list management to avoid races
19 * -- Bill Hawes, <whawes@star.net>, 9/98
21 * Fixed races in dquot_transfer(), dqget() and dquot_alloc_...().
22 * As the consequence the locking was moved from dquot_decr_...(),
23 * dquot_incr_...() to calling functions.
24 * invalidate_dquots() now writes modified dquots.
25 * Serialized quota_off() and quota_on() for mount point.
26 * Fixed a few bugs in grow_dquots().
27 * Fixed deadlock in write_dquot() - we no longer account quotas on
28 * quota files
29 * remove_dquot_ref() moved to inode.c - it now traverses through inodes
30 * add_dquot_ref() restarts after blocking
31 * Added check for bogus uid and fixed check for group in quotactl.
32 * Jan Kara, <jack@suse.cz>, sponsored by SuSE CR, 10-11/99
34 * Used struct list_head instead of own list struct
35 * Invalidation of referenced dquots is no longer possible
36 * Improved free_dquots list management
37 * Quota and i_blocks are now updated in one place to avoid races
38 * Warnings are now delayed so we won't block in critical section
39 * Write updated not to require dquot lock
40 * Jan Kara, <jack@suse.cz>, 9/2000
42 * Added dynamic quota structure allocation
43 * Jan Kara <jack@suse.cz> 12/2000
45 * Rewritten quota interface. Implemented new quota format and
46 * formats registering.
47 * Jan Kara, <jack@suse.cz>, 2001,2002
49 * New SMP locking.
50 * Jan Kara, <jack@suse.cz>, 10/2002
52 * Added journalled quota support, fix lock inversion problems
53 * Jan Kara, <jack@suse.cz>, 2003,2004
55 * (C) Copyright 1994 - 1997 Marco van Wieringen
58 #include <linux/errno.h>
59 #include <linux/kernel.h>
60 #include <linux/fs.h>
61 #include <linux/mount.h>
62 #include <linux/mm.h>
63 #include <linux/time.h>
64 #include <linux/types.h>
65 #include <linux/string.h>
66 #include <linux/fcntl.h>
67 #include <linux/stat.h>
68 #include <linux/tty.h>
69 #include <linux/file.h>
70 #include <linux/slab.h>
71 #include <linux/sysctl.h>
72 #include <linux/smp_lock.h>
73 #include <linux/init.h>
74 #include <linux/module.h>
75 #include <linux/proc_fs.h>
76 #include <linux/security.h>
77 #include <linux/kmod.h>
78 #include <linux/namei.h>
79 #include <linux/buffer_head.h>
80 #include <linux/capability.h>
81 #include <linux/quotaops.h>
83 #include <asm/uaccess.h>
85 #define __DQUOT_PARANOIA
88 * There are two quota SMP locks. dq_list_lock protects all lists with quotas
89 * and quota formats and also dqstats structure containing statistics about the
90 * lists. dq_data_lock protects data from dq_dqb and also mem_dqinfo structures
91 * and also guards consistency of dquot->dq_dqb with inode->i_blocks, i_bytes.
92 * i_blocks and i_bytes updates itself are guarded by i_lock acquired directly
93 * in inode_add_bytes() and inode_sub_bytes().
95 * The spinlock ordering is hence: dq_data_lock > dq_list_lock > i_lock
97 * Note that some things (eg. sb pointer, type, id) doesn't change during
98 * the life of the dquot structure and so needn't to be protected by a lock
100 * Any operation working on dquots via inode pointers must hold dqptr_sem. If
101 * operation is just reading pointers from inode (or not using them at all) the
102 * read lock is enough. If pointers are altered function must hold write lock
103 * (these locking rules also apply for S_NOQUOTA flag in the inode - note that
104 * for altering the flag i_mutex is also needed). If operation is holding
105 * reference to dquot in other way (e.g. quotactl ops) it must be guarded by
106 * dqonoff_sem.
107 * This locking assures that:
108 * a) update/access to dquot pointers in inode is serialized
109 * b) everyone is guarded against invalidate_dquots()
111 * Each dquot has its dq_lock semaphore. Locked dquots might not be referenced
112 * from inodes (dquot_alloc_space() and such don't check the dq_lock).
113 * Currently dquot is locked only when it is being read to memory (or space for
114 * it is being allocated) on the first dqget() and when it is being released on
115 * the last dqput(). The allocation and release oparations are serialized by
116 * the dq_lock and by checking the use count in dquot_release(). Write
117 * operations on dquots don't hold dq_lock as they copy data under dq_data_lock
118 * spinlock to internal buffers before writing.
120 * Lock ordering (including related VFS locks) is the following:
121 * i_mutex > dqonoff_sem > iprune_sem > journal_lock > dqptr_sem >
122 * > dquot->dq_lock > dqio_sem
123 * i_mutex on quota files is special (it's below dqio_sem)
126 static DEFINE_SPINLOCK(dq_list_lock);
127 DEFINE_SPINLOCK(dq_data_lock);
129 static char *quotatypes[] = INITQFNAMES;
130 static struct quota_format_type *quota_formats; /* List of registered formats */
131 static struct quota_module_name module_names[] = INIT_QUOTA_MODULE_NAMES;
133 /* SLAB cache for dquot structures */
134 static kmem_cache_t *dquot_cachep;
136 int register_quota_format(struct quota_format_type *fmt)
138 spin_lock(&dq_list_lock);
139 fmt->qf_next = quota_formats;
140 quota_formats = fmt;
141 spin_unlock(&dq_list_lock);
142 return 0;
145 void unregister_quota_format(struct quota_format_type *fmt)
147 struct quota_format_type **actqf;
149 spin_lock(&dq_list_lock);
150 for (actqf = &quota_formats; *actqf && *actqf != fmt; actqf = &(*actqf)->qf_next);
151 if (*actqf)
152 *actqf = (*actqf)->qf_next;
153 spin_unlock(&dq_list_lock);
156 static struct quota_format_type *find_quota_format(int id)
158 struct quota_format_type *actqf;
160 spin_lock(&dq_list_lock);
161 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id; actqf = actqf->qf_next);
162 if (!actqf || !try_module_get(actqf->qf_owner)) {
163 int qm;
165 spin_unlock(&dq_list_lock);
167 for (qm = 0; module_names[qm].qm_fmt_id && module_names[qm].qm_fmt_id != id; qm++);
168 if (!module_names[qm].qm_fmt_id || request_module(module_names[qm].qm_mod_name))
169 return NULL;
171 spin_lock(&dq_list_lock);
172 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id; actqf = actqf->qf_next);
173 if (actqf && !try_module_get(actqf->qf_owner))
174 actqf = NULL;
176 spin_unlock(&dq_list_lock);
177 return actqf;
180 static void put_quota_format(struct quota_format_type *fmt)
182 module_put(fmt->qf_owner);
186 * Dquot List Management:
187 * The quota code uses three lists for dquot management: the inuse_list,
188 * free_dquots, and dquot_hash[] array. A single dquot structure may be
189 * on all three lists, depending on its current state.
191 * All dquots are placed to the end of inuse_list when first created, and this
192 * list is used for invalidate operation, which must look at every dquot.
194 * Unused dquots (dq_count == 0) are added to the free_dquots list when freed,
195 * and this list is searched whenever we need an available dquot. Dquots are
196 * removed from the list as soon as they are used again, and
197 * dqstats.free_dquots gives the number of dquots on the list. When
198 * dquot is invalidated it's completely released from memory.
200 * Dquots with a specific identity (device, type and id) are placed on
201 * one of the dquot_hash[] hash chains. The provides an efficient search
202 * mechanism to locate a specific dquot.
205 static LIST_HEAD(inuse_list);
206 static LIST_HEAD(free_dquots);
207 static unsigned int dq_hash_bits, dq_hash_mask;
208 static struct hlist_head *dquot_hash;
210 struct dqstats dqstats;
212 static void dqput(struct dquot *dquot);
214 static inline unsigned int
215 hashfn(const struct super_block *sb, unsigned int id, int type)
217 unsigned long tmp;
219 tmp = (((unsigned long)sb>>L1_CACHE_SHIFT) ^ id) * (MAXQUOTAS - type);
220 return (tmp + (tmp >> dq_hash_bits)) & dq_hash_mask;
224 * Following list functions expect dq_list_lock to be held
226 static inline void insert_dquot_hash(struct dquot *dquot)
228 struct hlist_head *head = dquot_hash + hashfn(dquot->dq_sb, dquot->dq_id, dquot->dq_type);
229 hlist_add_head(&dquot->dq_hash, head);
232 static inline void remove_dquot_hash(struct dquot *dquot)
234 hlist_del_init(&dquot->dq_hash);
237 static inline struct dquot *find_dquot(unsigned int hashent, struct super_block *sb, unsigned int id, int type)
239 struct hlist_node *node;
240 struct dquot *dquot;
242 hlist_for_each (node, dquot_hash+hashent) {
243 dquot = hlist_entry(node, struct dquot, dq_hash);
244 if (dquot->dq_sb == sb && dquot->dq_id == id && dquot->dq_type == type)
245 return dquot;
247 return NODQUOT;
250 /* Add a dquot to the tail of the free list */
251 static inline void put_dquot_last(struct dquot *dquot)
253 list_add(&dquot->dq_free, free_dquots.prev);
254 dqstats.free_dquots++;
257 static inline void remove_free_dquot(struct dquot *dquot)
259 if (list_empty(&dquot->dq_free))
260 return;
261 list_del_init(&dquot->dq_free);
262 dqstats.free_dquots--;
265 static inline void put_inuse(struct dquot *dquot)
267 /* We add to the back of inuse list so we don't have to restart
268 * when traversing this list and we block */
269 list_add(&dquot->dq_inuse, inuse_list.prev);
270 dqstats.allocated_dquots++;
273 static inline void remove_inuse(struct dquot *dquot)
275 dqstats.allocated_dquots--;
276 list_del(&dquot->dq_inuse);
279 * End of list functions needing dq_list_lock
282 static void wait_on_dquot(struct dquot *dquot)
284 down(&dquot->dq_lock);
285 up(&dquot->dq_lock);
288 #define mark_dquot_dirty(dquot) ((dquot)->dq_sb->dq_op->mark_dirty(dquot))
290 int dquot_mark_dquot_dirty(struct dquot *dquot)
292 spin_lock(&dq_list_lock);
293 if (!test_and_set_bit(DQ_MOD_B, &dquot->dq_flags))
294 list_add(&dquot->dq_dirty, &sb_dqopt(dquot->dq_sb)->
295 info[dquot->dq_type].dqi_dirty_list);
296 spin_unlock(&dq_list_lock);
297 return 0;
300 /* This function needs dq_list_lock */
301 static inline int clear_dquot_dirty(struct dquot *dquot)
303 if (!test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags))
304 return 0;
305 list_del_init(&dquot->dq_dirty);
306 return 1;
309 void mark_info_dirty(struct super_block *sb, int type)
311 set_bit(DQF_INFO_DIRTY_B, &sb_dqopt(sb)->info[type].dqi_flags);
313 EXPORT_SYMBOL(mark_info_dirty);
316 * Read dquot from disk and alloc space for it
319 int dquot_acquire(struct dquot *dquot)
321 int ret = 0, ret2 = 0;
322 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb);
324 down(&dquot->dq_lock);
325 down(&dqopt->dqio_sem);
326 if (!test_bit(DQ_READ_B, &dquot->dq_flags))
327 ret = dqopt->ops[dquot->dq_type]->read_dqblk(dquot);
328 if (ret < 0)
329 goto out_iolock;
330 set_bit(DQ_READ_B, &dquot->dq_flags);
331 /* Instantiate dquot if needed */
332 if (!test_bit(DQ_ACTIVE_B, &dquot->dq_flags) && !dquot->dq_off) {
333 ret = dqopt->ops[dquot->dq_type]->commit_dqblk(dquot);
334 /* Write the info if needed */
335 if (info_dirty(&dqopt->info[dquot->dq_type]))
336 ret2 = dqopt->ops[dquot->dq_type]->write_file_info(dquot->dq_sb, dquot->dq_type);
337 if (ret < 0)
338 goto out_iolock;
339 if (ret2 < 0) {
340 ret = ret2;
341 goto out_iolock;
344 set_bit(DQ_ACTIVE_B, &dquot->dq_flags);
345 out_iolock:
346 up(&dqopt->dqio_sem);
347 up(&dquot->dq_lock);
348 return ret;
352 * Write dquot to disk
354 int dquot_commit(struct dquot *dquot)
356 int ret = 0, ret2 = 0;
357 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb);
359 down(&dqopt->dqio_sem);
360 spin_lock(&dq_list_lock);
361 if (!clear_dquot_dirty(dquot)) {
362 spin_unlock(&dq_list_lock);
363 goto out_sem;
365 spin_unlock(&dq_list_lock);
366 /* Inactive dquot can be only if there was error during read/init
367 * => we have better not writing it */
368 if (test_bit(DQ_ACTIVE_B, &dquot->dq_flags)) {
369 ret = dqopt->ops[dquot->dq_type]->commit_dqblk(dquot);
370 if (info_dirty(&dqopt->info[dquot->dq_type]))
371 ret2 = dqopt->ops[dquot->dq_type]->write_file_info(dquot->dq_sb, dquot->dq_type);
372 if (ret >= 0)
373 ret = ret2;
375 out_sem:
376 up(&dqopt->dqio_sem);
377 return ret;
381 * Release dquot
383 int dquot_release(struct dquot *dquot)
385 int ret = 0, ret2 = 0;
386 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb);
388 down(&dquot->dq_lock);
389 /* Check whether we are not racing with some other dqget() */
390 if (atomic_read(&dquot->dq_count) > 1)
391 goto out_dqlock;
392 down(&dqopt->dqio_sem);
393 if (dqopt->ops[dquot->dq_type]->release_dqblk) {
394 ret = dqopt->ops[dquot->dq_type]->release_dqblk(dquot);
395 /* Write the info */
396 if (info_dirty(&dqopt->info[dquot->dq_type]))
397 ret2 = dqopt->ops[dquot->dq_type]->write_file_info(dquot->dq_sb, dquot->dq_type);
398 if (ret >= 0)
399 ret = ret2;
401 clear_bit(DQ_ACTIVE_B, &dquot->dq_flags);
402 up(&dqopt->dqio_sem);
403 out_dqlock:
404 up(&dquot->dq_lock);
405 return ret;
408 /* Invalidate all dquots on the list. Note that this function is called after
409 * quota is disabled and pointers from inodes removed so there cannot be new
410 * quota users. Also because we hold dqonoff_sem there can be no quota users
411 * for this sb+type at all. */
412 static void invalidate_dquots(struct super_block *sb, int type)
414 struct dquot *dquot, *tmp;
416 spin_lock(&dq_list_lock);
417 list_for_each_entry_safe(dquot, tmp, &inuse_list, dq_inuse) {
418 if (dquot->dq_sb != sb)
419 continue;
420 if (dquot->dq_type != type)
421 continue;
422 #ifdef __DQUOT_PARANOIA
423 if (atomic_read(&dquot->dq_count))
424 BUG();
425 #endif
426 /* Quota now has no users and it has been written on last dqput() */
427 remove_dquot_hash(dquot);
428 remove_free_dquot(dquot);
429 remove_inuse(dquot);
430 kmem_cache_free(dquot_cachep, dquot);
432 spin_unlock(&dq_list_lock);
435 int vfs_quota_sync(struct super_block *sb, int type)
437 struct list_head *dirty;
438 struct dquot *dquot;
439 struct quota_info *dqopt = sb_dqopt(sb);
440 int cnt;
442 down(&dqopt->dqonoff_sem);
443 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
444 if (type != -1 && cnt != type)
445 continue;
446 if (!sb_has_quota_enabled(sb, cnt))
447 continue;
448 spin_lock(&dq_list_lock);
449 dirty = &dqopt->info[cnt].dqi_dirty_list;
450 while (!list_empty(dirty)) {
451 dquot = list_entry(dirty->next, struct dquot, dq_dirty);
452 /* Dirty and inactive can be only bad dquot... */
453 if (!test_bit(DQ_ACTIVE_B, &dquot->dq_flags)) {
454 clear_dquot_dirty(dquot);
455 continue;
457 /* Now we have active dquot from which someone is
458 * holding reference so we can safely just increase
459 * use count */
460 atomic_inc(&dquot->dq_count);
461 dqstats.lookups++;
462 spin_unlock(&dq_list_lock);
463 sb->dq_op->write_dquot(dquot);
464 dqput(dquot);
465 spin_lock(&dq_list_lock);
467 spin_unlock(&dq_list_lock);
470 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
471 if ((cnt == type || type == -1) && sb_has_quota_enabled(sb, cnt)
472 && info_dirty(&dqopt->info[cnt]))
473 sb->dq_op->write_info(sb, cnt);
474 spin_lock(&dq_list_lock);
475 dqstats.syncs++;
476 spin_unlock(&dq_list_lock);
477 up(&dqopt->dqonoff_sem);
479 return 0;
482 /* Free unused dquots from cache */
483 static void prune_dqcache(int count)
485 struct list_head *head;
486 struct dquot *dquot;
488 head = free_dquots.prev;
489 while (head != &free_dquots && count) {
490 dquot = list_entry(head, struct dquot, dq_free);
491 remove_dquot_hash(dquot);
492 remove_free_dquot(dquot);
493 remove_inuse(dquot);
494 kmem_cache_free(dquot_cachep, dquot);
495 count--;
496 head = free_dquots.prev;
501 * This is called from kswapd when we think we need some
502 * more memory
505 static int shrink_dqcache_memory(int nr, gfp_t gfp_mask)
507 if (nr) {
508 spin_lock(&dq_list_lock);
509 prune_dqcache(nr);
510 spin_unlock(&dq_list_lock);
512 return (dqstats.free_dquots / 100) * sysctl_vfs_cache_pressure;
516 * Put reference to dquot
517 * NOTE: If you change this function please check whether dqput_blocks() works right...
518 * MUST be called with either dqptr_sem or dqonoff_sem held
520 static void dqput(struct dquot *dquot)
522 if (!dquot)
523 return;
524 #ifdef __DQUOT_PARANOIA
525 if (!atomic_read(&dquot->dq_count)) {
526 printk("VFS: dqput: trying to free free dquot\n");
527 printk("VFS: device %s, dquot of %s %d\n",
528 dquot->dq_sb->s_id,
529 quotatypes[dquot->dq_type],
530 dquot->dq_id);
531 BUG();
533 #endif
535 spin_lock(&dq_list_lock);
536 dqstats.drops++;
537 spin_unlock(&dq_list_lock);
538 we_slept:
539 spin_lock(&dq_list_lock);
540 if (atomic_read(&dquot->dq_count) > 1) {
541 /* We have more than one user... nothing to do */
542 atomic_dec(&dquot->dq_count);
543 spin_unlock(&dq_list_lock);
544 return;
546 /* Need to release dquot? */
547 if (test_bit(DQ_ACTIVE_B, &dquot->dq_flags) && dquot_dirty(dquot)) {
548 spin_unlock(&dq_list_lock);
549 /* Commit dquot before releasing */
550 dquot->dq_sb->dq_op->write_dquot(dquot);
551 goto we_slept;
553 /* Clear flag in case dquot was inactive (something bad happened) */
554 clear_dquot_dirty(dquot);
555 if (test_bit(DQ_ACTIVE_B, &dquot->dq_flags)) {
556 spin_unlock(&dq_list_lock);
557 dquot->dq_sb->dq_op->release_dquot(dquot);
558 goto we_slept;
560 atomic_dec(&dquot->dq_count);
561 #ifdef __DQUOT_PARANOIA
562 /* sanity check */
563 if (!list_empty(&dquot->dq_free))
564 BUG();
565 #endif
566 put_dquot_last(dquot);
567 spin_unlock(&dq_list_lock);
570 static struct dquot *get_empty_dquot(struct super_block *sb, int type)
572 struct dquot *dquot;
574 dquot = kmem_cache_alloc(dquot_cachep, SLAB_NOFS);
575 if(!dquot)
576 return NODQUOT;
578 memset((caddr_t)dquot, 0, sizeof(struct dquot));
579 sema_init(&dquot->dq_lock, 1);
580 INIT_LIST_HEAD(&dquot->dq_free);
581 INIT_LIST_HEAD(&dquot->dq_inuse);
582 INIT_HLIST_NODE(&dquot->dq_hash);
583 INIT_LIST_HEAD(&dquot->dq_dirty);
584 dquot->dq_sb = sb;
585 dquot->dq_type = type;
586 atomic_set(&dquot->dq_count, 1);
588 return dquot;
592 * Get reference to dquot
593 * MUST be called with either dqptr_sem or dqonoff_sem held
595 static struct dquot *dqget(struct super_block *sb, unsigned int id, int type)
597 unsigned int hashent = hashfn(sb, id, type);
598 struct dquot *dquot, *empty = NODQUOT;
600 if (!sb_has_quota_enabled(sb, type))
601 return NODQUOT;
602 we_slept:
603 spin_lock(&dq_list_lock);
604 if ((dquot = find_dquot(hashent, sb, id, type)) == NODQUOT) {
605 if (empty == NODQUOT) {
606 spin_unlock(&dq_list_lock);
607 if ((empty = get_empty_dquot(sb, type)) == NODQUOT)
608 schedule(); /* Try to wait for a moment... */
609 goto we_slept;
611 dquot = empty;
612 dquot->dq_id = id;
613 /* all dquots go on the inuse_list */
614 put_inuse(dquot);
615 /* hash it first so it can be found */
616 insert_dquot_hash(dquot);
617 dqstats.lookups++;
618 spin_unlock(&dq_list_lock);
619 } else {
620 if (!atomic_read(&dquot->dq_count))
621 remove_free_dquot(dquot);
622 atomic_inc(&dquot->dq_count);
623 dqstats.cache_hits++;
624 dqstats.lookups++;
625 spin_unlock(&dq_list_lock);
626 if (empty)
627 kmem_cache_free(dquot_cachep, empty);
629 /* Wait for dq_lock - after this we know that either dquot_release() is already
630 * finished or it will be canceled due to dq_count > 1 test */
631 wait_on_dquot(dquot);
632 /* Read the dquot and instantiate it (everything done only if needed) */
633 if (!test_bit(DQ_ACTIVE_B, &dquot->dq_flags) && sb->dq_op->acquire_dquot(dquot) < 0) {
634 dqput(dquot);
635 return NODQUOT;
637 #ifdef __DQUOT_PARANOIA
638 if (!dquot->dq_sb) /* Has somebody invalidated entry under us? */
639 BUG();
640 #endif
642 return dquot;
645 static int dqinit_needed(struct inode *inode, int type)
647 int cnt;
649 if (IS_NOQUOTA(inode))
650 return 0;
651 if (type != -1)
652 return inode->i_dquot[type] == NODQUOT;
653 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
654 if (inode->i_dquot[cnt] == NODQUOT)
655 return 1;
656 return 0;
659 /* This routine is guarded by dqonoff_sem semaphore */
660 static void add_dquot_ref(struct super_block *sb, int type)
662 struct list_head *p;
664 restart:
665 file_list_lock();
666 list_for_each(p, &sb->s_files) {
667 struct file *filp = list_entry(p, struct file, f_u.fu_list);
668 struct inode *inode = filp->f_dentry->d_inode;
669 if (filp->f_mode & FMODE_WRITE && dqinit_needed(inode, type)) {
670 struct dentry *dentry = dget(filp->f_dentry);
671 file_list_unlock();
672 sb->dq_op->initialize(inode, type);
673 dput(dentry);
674 /* As we may have blocked we had better restart... */
675 goto restart;
678 file_list_unlock();
681 /* Return 0 if dqput() won't block (note that 1 doesn't necessarily mean blocking) */
682 static inline int dqput_blocks(struct dquot *dquot)
684 if (atomic_read(&dquot->dq_count) <= 1)
685 return 1;
686 return 0;
689 /* Remove references to dquots from inode - add dquot to list for freeing if needed */
690 /* We can't race with anybody because we hold dqptr_sem for writing... */
691 int remove_inode_dquot_ref(struct inode *inode, int type, struct list_head *tofree_head)
693 struct dquot *dquot = inode->i_dquot[type];
695 inode->i_dquot[type] = NODQUOT;
696 if (dquot != NODQUOT) {
697 if (dqput_blocks(dquot)) {
698 #ifdef __DQUOT_PARANOIA
699 if (atomic_read(&dquot->dq_count) != 1)
700 printk(KERN_WARNING "VFS: Adding dquot with dq_count %d to dispose list.\n", atomic_read(&dquot->dq_count));
701 #endif
702 spin_lock(&dq_list_lock);
703 list_add(&dquot->dq_free, tofree_head); /* As dquot must have currently users it can't be on the free list... */
704 spin_unlock(&dq_list_lock);
705 return 1;
707 else
708 dqput(dquot); /* We have guaranteed we won't block */
710 return 0;
713 /* Free list of dquots - called from inode.c */
714 /* dquots are removed from inodes, no new references can be got so we are the only ones holding reference */
715 static void put_dquot_list(struct list_head *tofree_head)
717 struct list_head *act_head;
718 struct dquot *dquot;
720 act_head = tofree_head->next;
721 /* So now we have dquots on the list... Just free them */
722 while (act_head != tofree_head) {
723 dquot = list_entry(act_head, struct dquot, dq_free);
724 act_head = act_head->next;
725 list_del_init(&dquot->dq_free); /* Remove dquot from the list so we won't have problems... */
726 dqput(dquot);
730 /* Gather all references from inodes and drop them */
731 static void drop_dquot_ref(struct super_block *sb, int type)
733 LIST_HEAD(tofree_head);
735 /* We need to be guarded against prune_icache to reach all the
736 * inodes - otherwise some can be on the local list of prune_icache */
737 down(&iprune_sem);
738 down_write(&sb_dqopt(sb)->dqptr_sem);
739 remove_dquot_ref(sb, type, &tofree_head);
740 up_write(&sb_dqopt(sb)->dqptr_sem);
741 up(&iprune_sem);
742 put_dquot_list(&tofree_head);
745 static inline void dquot_incr_inodes(struct dquot *dquot, unsigned long number)
747 dquot->dq_dqb.dqb_curinodes += number;
750 static inline void dquot_incr_space(struct dquot *dquot, qsize_t number)
752 dquot->dq_dqb.dqb_curspace += number;
755 static inline void dquot_decr_inodes(struct dquot *dquot, unsigned long number)
757 if (dquot->dq_dqb.dqb_curinodes > number)
758 dquot->dq_dqb.dqb_curinodes -= number;
759 else
760 dquot->dq_dqb.dqb_curinodes = 0;
761 if (dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit)
762 dquot->dq_dqb.dqb_itime = (time_t) 0;
763 clear_bit(DQ_INODES_B, &dquot->dq_flags);
766 static inline void dquot_decr_space(struct dquot *dquot, qsize_t number)
768 if (dquot->dq_dqb.dqb_curspace > number)
769 dquot->dq_dqb.dqb_curspace -= number;
770 else
771 dquot->dq_dqb.dqb_curspace = 0;
772 if (toqb(dquot->dq_dqb.dqb_curspace) <= dquot->dq_dqb.dqb_bsoftlimit)
773 dquot->dq_dqb.dqb_btime = (time_t) 0;
774 clear_bit(DQ_BLKS_B, &dquot->dq_flags);
777 static int flag_print_warnings = 1;
779 static inline int need_print_warning(struct dquot *dquot)
781 if (!flag_print_warnings)
782 return 0;
784 switch (dquot->dq_type) {
785 case USRQUOTA:
786 return current->fsuid == dquot->dq_id;
787 case GRPQUOTA:
788 return in_group_p(dquot->dq_id);
790 return 0;
793 /* Values of warnings */
794 #define NOWARN 0
795 #define IHARDWARN 1
796 #define ISOFTLONGWARN 2
797 #define ISOFTWARN 3
798 #define BHARDWARN 4
799 #define BSOFTLONGWARN 5
800 #define BSOFTWARN 6
802 /* Print warning to user which exceeded quota */
803 static void print_warning(struct dquot *dquot, const char warntype)
805 char *msg = NULL;
806 int flag = (warntype == BHARDWARN || warntype == BSOFTLONGWARN) ? DQ_BLKS_B :
807 ((warntype == IHARDWARN || warntype == ISOFTLONGWARN) ? DQ_INODES_B : 0);
809 if (!need_print_warning(dquot) || (flag && test_and_set_bit(flag, &dquot->dq_flags)))
810 return;
812 tty_write_message(current->signal->tty, dquot->dq_sb->s_id);
813 if (warntype == ISOFTWARN || warntype == BSOFTWARN)
814 tty_write_message(current->signal->tty, ": warning, ");
815 else
816 tty_write_message(current->signal->tty, ": write failed, ");
817 tty_write_message(current->signal->tty, quotatypes[dquot->dq_type]);
818 switch (warntype) {
819 case IHARDWARN:
820 msg = " file limit reached.\r\n";
821 break;
822 case ISOFTLONGWARN:
823 msg = " file quota exceeded too long.\r\n";
824 break;
825 case ISOFTWARN:
826 msg = " file quota exceeded.\r\n";
827 break;
828 case BHARDWARN:
829 msg = " block limit reached.\r\n";
830 break;
831 case BSOFTLONGWARN:
832 msg = " block quota exceeded too long.\r\n";
833 break;
834 case BSOFTWARN:
835 msg = " block quota exceeded.\r\n";
836 break;
838 tty_write_message(current->signal->tty, msg);
841 static inline void flush_warnings(struct dquot **dquots, char *warntype)
843 int i;
845 for (i = 0; i < MAXQUOTAS; i++)
846 if (dquots[i] != NODQUOT && warntype[i] != NOWARN)
847 print_warning(dquots[i], warntype[i]);
850 static inline char ignore_hardlimit(struct dquot *dquot)
852 struct mem_dqinfo *info = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_type];
854 return capable(CAP_SYS_RESOURCE) &&
855 (info->dqi_format->qf_fmt_id != QFMT_VFS_OLD || !(info->dqi_flags & V1_DQF_RSQUASH));
858 /* needs dq_data_lock */
859 static int check_idq(struct dquot *dquot, ulong inodes, char *warntype)
861 *warntype = NOWARN;
862 if (inodes <= 0 || test_bit(DQ_FAKE_B, &dquot->dq_flags))
863 return QUOTA_OK;
865 if (dquot->dq_dqb.dqb_ihardlimit &&
866 (dquot->dq_dqb.dqb_curinodes + inodes) > dquot->dq_dqb.dqb_ihardlimit &&
867 !ignore_hardlimit(dquot)) {
868 *warntype = IHARDWARN;
869 return NO_QUOTA;
872 if (dquot->dq_dqb.dqb_isoftlimit &&
873 (dquot->dq_dqb.dqb_curinodes + inodes) > dquot->dq_dqb.dqb_isoftlimit &&
874 dquot->dq_dqb.dqb_itime && get_seconds() >= dquot->dq_dqb.dqb_itime &&
875 !ignore_hardlimit(dquot)) {
876 *warntype = ISOFTLONGWARN;
877 return NO_QUOTA;
880 if (dquot->dq_dqb.dqb_isoftlimit &&
881 (dquot->dq_dqb.dqb_curinodes + inodes) > dquot->dq_dqb.dqb_isoftlimit &&
882 dquot->dq_dqb.dqb_itime == 0) {
883 *warntype = ISOFTWARN;
884 dquot->dq_dqb.dqb_itime = get_seconds() + sb_dqopt(dquot->dq_sb)->info[dquot->dq_type].dqi_igrace;
887 return QUOTA_OK;
890 /* needs dq_data_lock */
891 static int check_bdq(struct dquot *dquot, qsize_t space, int prealloc, char *warntype)
893 *warntype = 0;
894 if (space <= 0 || test_bit(DQ_FAKE_B, &dquot->dq_flags))
895 return QUOTA_OK;
897 if (dquot->dq_dqb.dqb_bhardlimit &&
898 toqb(dquot->dq_dqb.dqb_curspace + space) > dquot->dq_dqb.dqb_bhardlimit &&
899 !ignore_hardlimit(dquot)) {
900 if (!prealloc)
901 *warntype = BHARDWARN;
902 return NO_QUOTA;
905 if (dquot->dq_dqb.dqb_bsoftlimit &&
906 toqb(dquot->dq_dqb.dqb_curspace + space) > dquot->dq_dqb.dqb_bsoftlimit &&
907 dquot->dq_dqb.dqb_btime && get_seconds() >= dquot->dq_dqb.dqb_btime &&
908 !ignore_hardlimit(dquot)) {
909 if (!prealloc)
910 *warntype = BSOFTLONGWARN;
911 return NO_QUOTA;
914 if (dquot->dq_dqb.dqb_bsoftlimit &&
915 toqb(dquot->dq_dqb.dqb_curspace + space) > dquot->dq_dqb.dqb_bsoftlimit &&
916 dquot->dq_dqb.dqb_btime == 0) {
917 if (!prealloc) {
918 *warntype = BSOFTWARN;
919 dquot->dq_dqb.dqb_btime = get_seconds() + sb_dqopt(dquot->dq_sb)->info[dquot->dq_type].dqi_bgrace;
921 else
923 * We don't allow preallocation to exceed softlimit so exceeding will
924 * be always printed
926 return NO_QUOTA;
929 return QUOTA_OK;
933 * Initialize quota pointers in inode
934 * Transaction must be started at entry
936 int dquot_initialize(struct inode *inode, int type)
938 unsigned int id = 0;
939 int cnt, ret = 0;
941 /* First test before acquiring semaphore - solves deadlocks when we
942 * re-enter the quota code and are already holding the semaphore */
943 if (IS_NOQUOTA(inode))
944 return 0;
945 down_write(&sb_dqopt(inode->i_sb)->dqptr_sem);
946 /* Having dqptr_sem we know NOQUOTA flags can't be altered... */
947 if (IS_NOQUOTA(inode))
948 goto out_err;
949 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
950 if (type != -1 && cnt != type)
951 continue;
952 if (inode->i_dquot[cnt] == NODQUOT) {
953 switch (cnt) {
954 case USRQUOTA:
955 id = inode->i_uid;
956 break;
957 case GRPQUOTA:
958 id = inode->i_gid;
959 break;
961 inode->i_dquot[cnt] = dqget(inode->i_sb, id, cnt);
964 out_err:
965 up_write(&sb_dqopt(inode->i_sb)->dqptr_sem);
966 return ret;
970 * Release all quotas referenced by inode
971 * Transaction must be started at an entry
973 int dquot_drop(struct inode *inode)
975 int cnt;
977 down_write(&sb_dqopt(inode->i_sb)->dqptr_sem);
978 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
979 if (inode->i_dquot[cnt] != NODQUOT) {
980 dqput(inode->i_dquot[cnt]);
981 inode->i_dquot[cnt] = NODQUOT;
984 up_write(&sb_dqopt(inode->i_sb)->dqptr_sem);
985 return 0;
989 * Following four functions update i_blocks+i_bytes fields and
990 * quota information (together with appropriate checks)
991 * NOTE: We absolutely rely on the fact that caller dirties
992 * the inode (usually macros in quotaops.h care about this) and
993 * holds a handle for the current transaction so that dquot write and
994 * inode write go into the same transaction.
998 * This operation can block, but only after everything is updated
1000 int dquot_alloc_space(struct inode *inode, qsize_t number, int warn)
1002 int cnt, ret = NO_QUOTA;
1003 char warntype[MAXQUOTAS];
1005 /* First test before acquiring semaphore - solves deadlocks when we
1006 * re-enter the quota code and are already holding the semaphore */
1007 if (IS_NOQUOTA(inode)) {
1008 out_add:
1009 inode_add_bytes(inode, number);
1010 return QUOTA_OK;
1012 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1013 warntype[cnt] = NOWARN;
1015 down_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
1016 if (IS_NOQUOTA(inode)) { /* Now we can do reliable test... */
1017 up_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
1018 goto out_add;
1020 spin_lock(&dq_data_lock);
1021 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1022 if (inode->i_dquot[cnt] == NODQUOT)
1023 continue;
1024 if (check_bdq(inode->i_dquot[cnt], number, warn, warntype+cnt) == NO_QUOTA)
1025 goto warn_put_all;
1027 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1028 if (inode->i_dquot[cnt] == NODQUOT)
1029 continue;
1030 dquot_incr_space(inode->i_dquot[cnt], number);
1032 inode_add_bytes(inode, number);
1033 ret = QUOTA_OK;
1034 warn_put_all:
1035 spin_unlock(&dq_data_lock);
1036 if (ret == QUOTA_OK)
1037 /* Dirtify all the dquots - this can block when journalling */
1038 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1039 if (inode->i_dquot[cnt])
1040 mark_dquot_dirty(inode->i_dquot[cnt]);
1041 flush_warnings(inode->i_dquot, warntype);
1042 up_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
1043 return ret;
1047 * This operation can block, but only after everything is updated
1049 int dquot_alloc_inode(const struct inode *inode, unsigned long number)
1051 int cnt, ret = NO_QUOTA;
1052 char warntype[MAXQUOTAS];
1054 /* First test before acquiring semaphore - solves deadlocks when we
1055 * re-enter the quota code and are already holding the semaphore */
1056 if (IS_NOQUOTA(inode))
1057 return QUOTA_OK;
1058 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1059 warntype[cnt] = NOWARN;
1060 down_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
1061 if (IS_NOQUOTA(inode)) {
1062 up_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
1063 return QUOTA_OK;
1065 spin_lock(&dq_data_lock);
1066 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1067 if (inode->i_dquot[cnt] == NODQUOT)
1068 continue;
1069 if (check_idq(inode->i_dquot[cnt], number, warntype+cnt) == NO_QUOTA)
1070 goto warn_put_all;
1073 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1074 if (inode->i_dquot[cnt] == NODQUOT)
1075 continue;
1076 dquot_incr_inodes(inode->i_dquot[cnt], number);
1078 ret = QUOTA_OK;
1079 warn_put_all:
1080 spin_unlock(&dq_data_lock);
1081 if (ret == QUOTA_OK)
1082 /* Dirtify all the dquots - this can block when journalling */
1083 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1084 if (inode->i_dquot[cnt])
1085 mark_dquot_dirty(inode->i_dquot[cnt]);
1086 flush_warnings((struct dquot **)inode->i_dquot, warntype);
1087 up_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
1088 return ret;
1092 * This operation can block, but only after everything is updated
1094 int dquot_free_space(struct inode *inode, qsize_t number)
1096 unsigned int cnt;
1098 /* First test before acquiring semaphore - solves deadlocks when we
1099 * re-enter the quota code and are already holding the semaphore */
1100 if (IS_NOQUOTA(inode)) {
1101 out_sub:
1102 inode_sub_bytes(inode, number);
1103 return QUOTA_OK;
1105 down_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
1106 /* Now recheck reliably when holding dqptr_sem */
1107 if (IS_NOQUOTA(inode)) {
1108 up_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
1109 goto out_sub;
1111 spin_lock(&dq_data_lock);
1112 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1113 if (inode->i_dquot[cnt] == NODQUOT)
1114 continue;
1115 dquot_decr_space(inode->i_dquot[cnt], number);
1117 inode_sub_bytes(inode, number);
1118 spin_unlock(&dq_data_lock);
1119 /* Dirtify all the dquots - this can block when journalling */
1120 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1121 if (inode->i_dquot[cnt])
1122 mark_dquot_dirty(inode->i_dquot[cnt]);
1123 up_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
1124 return QUOTA_OK;
1128 * This operation can block, but only after everything is updated
1130 int dquot_free_inode(const struct inode *inode, unsigned long number)
1132 unsigned int cnt;
1134 /* First test before acquiring semaphore - solves deadlocks when we
1135 * re-enter the quota code and are already holding the semaphore */
1136 if (IS_NOQUOTA(inode))
1137 return QUOTA_OK;
1138 down_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
1139 /* Now recheck reliably when holding dqptr_sem */
1140 if (IS_NOQUOTA(inode)) {
1141 up_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
1142 return QUOTA_OK;
1144 spin_lock(&dq_data_lock);
1145 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1146 if (inode->i_dquot[cnt] == NODQUOT)
1147 continue;
1148 dquot_decr_inodes(inode->i_dquot[cnt], number);
1150 spin_unlock(&dq_data_lock);
1151 /* Dirtify all the dquots - this can block when journalling */
1152 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1153 if (inode->i_dquot[cnt])
1154 mark_dquot_dirty(inode->i_dquot[cnt]);
1155 up_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
1156 return QUOTA_OK;
1160 * Transfer the number of inode and blocks from one diskquota to an other.
1162 * This operation can block, but only after everything is updated
1163 * A transaction must be started when entering this function.
1165 int dquot_transfer(struct inode *inode, struct iattr *iattr)
1167 qsize_t space;
1168 struct dquot *transfer_from[MAXQUOTAS];
1169 struct dquot *transfer_to[MAXQUOTAS];
1170 int cnt, ret = NO_QUOTA, chuid = (iattr->ia_valid & ATTR_UID) && inode->i_uid != iattr->ia_uid,
1171 chgid = (iattr->ia_valid & ATTR_GID) && inode->i_gid != iattr->ia_gid;
1172 char warntype[MAXQUOTAS];
1174 /* First test before acquiring semaphore - solves deadlocks when we
1175 * re-enter the quota code and are already holding the semaphore */
1176 if (IS_NOQUOTA(inode))
1177 return QUOTA_OK;
1178 /* Clear the arrays */
1179 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1180 transfer_to[cnt] = transfer_from[cnt] = NODQUOT;
1181 warntype[cnt] = NOWARN;
1183 down_write(&sb_dqopt(inode->i_sb)->dqptr_sem);
1184 /* Now recheck reliably when holding dqptr_sem */
1185 if (IS_NOQUOTA(inode)) { /* File without quota accounting? */
1186 up_write(&sb_dqopt(inode->i_sb)->dqptr_sem);
1187 return QUOTA_OK;
1189 /* First build the transfer_to list - here we can block on
1190 * reading/instantiating of dquots. We know that the transaction for
1191 * us was already started so we don't violate lock ranking here */
1192 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1193 switch (cnt) {
1194 case USRQUOTA:
1195 if (!chuid)
1196 continue;
1197 transfer_to[cnt] = dqget(inode->i_sb, iattr->ia_uid, cnt);
1198 break;
1199 case GRPQUOTA:
1200 if (!chgid)
1201 continue;
1202 transfer_to[cnt] = dqget(inode->i_sb, iattr->ia_gid, cnt);
1203 break;
1206 spin_lock(&dq_data_lock);
1207 space = inode_get_bytes(inode);
1208 /* Build the transfer_from list and check the limits */
1209 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1210 if (transfer_to[cnt] == NODQUOT)
1211 continue;
1212 transfer_from[cnt] = inode->i_dquot[cnt];
1213 if (check_idq(transfer_to[cnt], 1, warntype+cnt) == NO_QUOTA ||
1214 check_bdq(transfer_to[cnt], space, 0, warntype+cnt) == NO_QUOTA)
1215 goto warn_put_all;
1219 * Finally perform the needed transfer from transfer_from to transfer_to
1221 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1223 * Skip changes for same uid or gid or for turned off quota-type.
1225 if (transfer_to[cnt] == NODQUOT)
1226 continue;
1228 /* Due to IO error we might not have transfer_from[] structure */
1229 if (transfer_from[cnt]) {
1230 dquot_decr_inodes(transfer_from[cnt], 1);
1231 dquot_decr_space(transfer_from[cnt], space);
1234 dquot_incr_inodes(transfer_to[cnt], 1);
1235 dquot_incr_space(transfer_to[cnt], space);
1237 inode->i_dquot[cnt] = transfer_to[cnt];
1239 ret = QUOTA_OK;
1240 warn_put_all:
1241 spin_unlock(&dq_data_lock);
1242 /* Dirtify all the dquots - this can block when journalling */
1243 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1244 if (transfer_from[cnt])
1245 mark_dquot_dirty(transfer_from[cnt]);
1246 if (transfer_to[cnt])
1247 mark_dquot_dirty(transfer_to[cnt]);
1249 flush_warnings(transfer_to, warntype);
1251 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1252 if (ret == QUOTA_OK && transfer_from[cnt] != NODQUOT)
1253 dqput(transfer_from[cnt]);
1254 if (ret == NO_QUOTA && transfer_to[cnt] != NODQUOT)
1255 dqput(transfer_to[cnt]);
1257 up_write(&sb_dqopt(inode->i_sb)->dqptr_sem);
1258 return ret;
1262 * Write info of quota file to disk
1264 int dquot_commit_info(struct super_block *sb, int type)
1266 int ret;
1267 struct quota_info *dqopt = sb_dqopt(sb);
1269 down(&dqopt->dqio_sem);
1270 ret = dqopt->ops[type]->write_file_info(sb, type);
1271 up(&dqopt->dqio_sem);
1272 return ret;
1276 * Definitions of diskquota operations.
1278 struct dquot_operations dquot_operations = {
1279 .initialize = dquot_initialize,
1280 .drop = dquot_drop,
1281 .alloc_space = dquot_alloc_space,
1282 .alloc_inode = dquot_alloc_inode,
1283 .free_space = dquot_free_space,
1284 .free_inode = dquot_free_inode,
1285 .transfer = dquot_transfer,
1286 .write_dquot = dquot_commit,
1287 .acquire_dquot = dquot_acquire,
1288 .release_dquot = dquot_release,
1289 .mark_dirty = dquot_mark_dquot_dirty,
1290 .write_info = dquot_commit_info
1293 static inline void set_enable_flags(struct quota_info *dqopt, int type)
1295 switch (type) {
1296 case USRQUOTA:
1297 dqopt->flags |= DQUOT_USR_ENABLED;
1298 break;
1299 case GRPQUOTA:
1300 dqopt->flags |= DQUOT_GRP_ENABLED;
1301 break;
1305 static inline void reset_enable_flags(struct quota_info *dqopt, int type)
1307 switch (type) {
1308 case USRQUOTA:
1309 dqopt->flags &= ~DQUOT_USR_ENABLED;
1310 break;
1311 case GRPQUOTA:
1312 dqopt->flags &= ~DQUOT_GRP_ENABLED;
1313 break;
1318 * Turn quota off on a device. type == -1 ==> quotaoff for all types (umount)
1320 int vfs_quota_off(struct super_block *sb, int type)
1322 int cnt;
1323 struct quota_info *dqopt = sb_dqopt(sb);
1324 struct inode *toputinode[MAXQUOTAS];
1326 /* We need to serialize quota_off() for device */
1327 down(&dqopt->dqonoff_sem);
1328 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1329 toputinode[cnt] = NULL;
1330 if (type != -1 && cnt != type)
1331 continue;
1332 if (!sb_has_quota_enabled(sb, cnt))
1333 continue;
1334 reset_enable_flags(dqopt, cnt);
1336 /* Note: these are blocking operations */
1337 drop_dquot_ref(sb, cnt);
1338 invalidate_dquots(sb, cnt);
1340 * Now all dquots should be invalidated, all writes done so we should be only
1341 * users of the info. No locks needed.
1343 if (info_dirty(&dqopt->info[cnt]))
1344 sb->dq_op->write_info(sb, cnt);
1345 if (dqopt->ops[cnt]->free_file_info)
1346 dqopt->ops[cnt]->free_file_info(sb, cnt);
1347 put_quota_format(dqopt->info[cnt].dqi_format);
1349 toputinode[cnt] = dqopt->files[cnt];
1350 dqopt->files[cnt] = NULL;
1351 dqopt->info[cnt].dqi_flags = 0;
1352 dqopt->info[cnt].dqi_igrace = 0;
1353 dqopt->info[cnt].dqi_bgrace = 0;
1354 dqopt->ops[cnt] = NULL;
1356 up(&dqopt->dqonoff_sem);
1357 /* Sync the superblock so that buffers with quota data are written to
1358 * disk (and so userspace sees correct data afterwards). */
1359 if (sb->s_op->sync_fs)
1360 sb->s_op->sync_fs(sb, 1);
1361 sync_blockdev(sb->s_bdev);
1362 /* Now the quota files are just ordinary files and we can set the
1363 * inode flags back. Moreover we discard the pagecache so that
1364 * userspace sees the writes we did bypassing the pagecache. We
1365 * must also discard the blockdev buffers so that we see the
1366 * changes done by userspace on the next quotaon() */
1367 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1368 if (toputinode[cnt]) {
1369 down(&dqopt->dqonoff_sem);
1370 /* If quota was reenabled in the meantime, we have
1371 * nothing to do */
1372 if (!sb_has_quota_enabled(sb, cnt)) {
1373 mutex_lock(&toputinode[cnt]->i_mutex);
1374 toputinode[cnt]->i_flags &= ~(S_IMMUTABLE |
1375 S_NOATIME | S_NOQUOTA);
1376 truncate_inode_pages(&toputinode[cnt]->i_data, 0);
1377 mutex_unlock(&toputinode[cnt]->i_mutex);
1378 mark_inode_dirty(toputinode[cnt]);
1379 iput(toputinode[cnt]);
1381 up(&dqopt->dqonoff_sem);
1383 if (sb->s_bdev)
1384 invalidate_bdev(sb->s_bdev, 0);
1385 return 0;
1389 * Turn quotas on on a device
1392 /* Helper function when we already have the inode */
1393 static int vfs_quota_on_inode(struct inode *inode, int type, int format_id)
1395 struct quota_format_type *fmt = find_quota_format(format_id);
1396 struct super_block *sb = inode->i_sb;
1397 struct quota_info *dqopt = sb_dqopt(sb);
1398 int error;
1399 int oldflags = -1;
1401 if (!fmt)
1402 return -ESRCH;
1403 if (!S_ISREG(inode->i_mode)) {
1404 error = -EACCES;
1405 goto out_fmt;
1407 if (IS_RDONLY(inode)) {
1408 error = -EROFS;
1409 goto out_fmt;
1411 if (!sb->s_op->quota_write || !sb->s_op->quota_read) {
1412 error = -EINVAL;
1413 goto out_fmt;
1416 /* As we bypass the pagecache we must now flush the inode so that
1417 * we see all the changes from userspace... */
1418 write_inode_now(inode, 1);
1419 /* And now flush the block cache so that kernel sees the changes */
1420 invalidate_bdev(sb->s_bdev, 0);
1421 mutex_lock(&inode->i_mutex);
1422 down(&dqopt->dqonoff_sem);
1423 if (sb_has_quota_enabled(sb, type)) {
1424 error = -EBUSY;
1425 goto out_lock;
1427 /* We don't want quota and atime on quota files (deadlocks possible)
1428 * Also nobody should write to the file - we use special IO operations
1429 * which ignore the immutable bit. */
1430 down_write(&dqopt->dqptr_sem);
1431 oldflags = inode->i_flags & (S_NOATIME | S_IMMUTABLE | S_NOQUOTA);
1432 inode->i_flags |= S_NOQUOTA | S_NOATIME | S_IMMUTABLE;
1433 up_write(&dqopt->dqptr_sem);
1434 sb->dq_op->drop(inode);
1436 error = -EIO;
1437 dqopt->files[type] = igrab(inode);
1438 if (!dqopt->files[type])
1439 goto out_lock;
1440 error = -EINVAL;
1441 if (!fmt->qf_ops->check_quota_file(sb, type))
1442 goto out_file_init;
1444 dqopt->ops[type] = fmt->qf_ops;
1445 dqopt->info[type].dqi_format = fmt;
1446 INIT_LIST_HEAD(&dqopt->info[type].dqi_dirty_list);
1447 down(&dqopt->dqio_sem);
1448 if ((error = dqopt->ops[type]->read_file_info(sb, type)) < 0) {
1449 up(&dqopt->dqio_sem);
1450 goto out_file_init;
1452 up(&dqopt->dqio_sem);
1453 mutex_unlock(&inode->i_mutex);
1454 set_enable_flags(dqopt, type);
1456 add_dquot_ref(sb, type);
1457 up(&dqopt->dqonoff_sem);
1459 return 0;
1461 out_file_init:
1462 dqopt->files[type] = NULL;
1463 iput(inode);
1464 out_lock:
1465 up(&dqopt->dqonoff_sem);
1466 if (oldflags != -1) {
1467 down_write(&dqopt->dqptr_sem);
1468 /* Set the flags back (in the case of accidental quotaon()
1469 * on a wrong file we don't want to mess up the flags) */
1470 inode->i_flags &= ~(S_NOATIME | S_NOQUOTA | S_IMMUTABLE);
1471 inode->i_flags |= oldflags;
1472 up_write(&dqopt->dqptr_sem);
1474 mutex_unlock(&inode->i_mutex);
1475 out_fmt:
1476 put_quota_format(fmt);
1478 return error;
1481 /* Actual function called from quotactl() */
1482 int vfs_quota_on(struct super_block *sb, int type, int format_id, char *path)
1484 struct nameidata nd;
1485 int error;
1487 error = path_lookup(path, LOOKUP_FOLLOW, &nd);
1488 if (error < 0)
1489 return error;
1490 error = security_quota_on(nd.dentry);
1491 if (error)
1492 goto out_path;
1493 /* Quota file not on the same filesystem? */
1494 if (nd.mnt->mnt_sb != sb)
1495 error = -EXDEV;
1496 else
1497 error = vfs_quota_on_inode(nd.dentry->d_inode, type, format_id);
1498 out_path:
1499 path_release(&nd);
1500 return error;
1504 * This function is used when filesystem needs to initialize quotas
1505 * during mount time.
1507 int vfs_quota_on_mount(struct super_block *sb, char *qf_name,
1508 int format_id, int type)
1510 struct dentry *dentry;
1511 int error;
1513 dentry = lookup_one_len(qf_name, sb->s_root, strlen(qf_name));
1514 if (IS_ERR(dentry))
1515 return PTR_ERR(dentry);
1517 if (!dentry->d_inode) {
1518 error = -ENOENT;
1519 goto out;
1522 error = security_quota_on(dentry);
1523 if (!error)
1524 error = vfs_quota_on_inode(dentry->d_inode, type, format_id);
1526 out:
1527 dput(dentry);
1528 return error;
1531 /* Generic routine for getting common part of quota structure */
1532 static void do_get_dqblk(struct dquot *dquot, struct if_dqblk *di)
1534 struct mem_dqblk *dm = &dquot->dq_dqb;
1536 spin_lock(&dq_data_lock);
1537 di->dqb_bhardlimit = dm->dqb_bhardlimit;
1538 di->dqb_bsoftlimit = dm->dqb_bsoftlimit;
1539 di->dqb_curspace = dm->dqb_curspace;
1540 di->dqb_ihardlimit = dm->dqb_ihardlimit;
1541 di->dqb_isoftlimit = dm->dqb_isoftlimit;
1542 di->dqb_curinodes = dm->dqb_curinodes;
1543 di->dqb_btime = dm->dqb_btime;
1544 di->dqb_itime = dm->dqb_itime;
1545 di->dqb_valid = QIF_ALL;
1546 spin_unlock(&dq_data_lock);
1549 int vfs_get_dqblk(struct super_block *sb, int type, qid_t id, struct if_dqblk *di)
1551 struct dquot *dquot;
1553 down(&sb_dqopt(sb)->dqonoff_sem);
1554 if (!(dquot = dqget(sb, id, type))) {
1555 up(&sb_dqopt(sb)->dqonoff_sem);
1556 return -ESRCH;
1558 do_get_dqblk(dquot, di);
1559 dqput(dquot);
1560 up(&sb_dqopt(sb)->dqonoff_sem);
1561 return 0;
1564 /* Generic routine for setting common part of quota structure */
1565 static void do_set_dqblk(struct dquot *dquot, struct if_dqblk *di)
1567 struct mem_dqblk *dm = &dquot->dq_dqb;
1568 int check_blim = 0, check_ilim = 0;
1570 spin_lock(&dq_data_lock);
1571 if (di->dqb_valid & QIF_SPACE) {
1572 dm->dqb_curspace = di->dqb_curspace;
1573 check_blim = 1;
1575 if (di->dqb_valid & QIF_BLIMITS) {
1576 dm->dqb_bsoftlimit = di->dqb_bsoftlimit;
1577 dm->dqb_bhardlimit = di->dqb_bhardlimit;
1578 check_blim = 1;
1580 if (di->dqb_valid & QIF_INODES) {
1581 dm->dqb_curinodes = di->dqb_curinodes;
1582 check_ilim = 1;
1584 if (di->dqb_valid & QIF_ILIMITS) {
1585 dm->dqb_isoftlimit = di->dqb_isoftlimit;
1586 dm->dqb_ihardlimit = di->dqb_ihardlimit;
1587 check_ilim = 1;
1589 if (di->dqb_valid & QIF_BTIME)
1590 dm->dqb_btime = di->dqb_btime;
1591 if (di->dqb_valid & QIF_ITIME)
1592 dm->dqb_itime = di->dqb_itime;
1594 if (check_blim) {
1595 if (!dm->dqb_bsoftlimit || toqb(dm->dqb_curspace) < dm->dqb_bsoftlimit) {
1596 dm->dqb_btime = 0;
1597 clear_bit(DQ_BLKS_B, &dquot->dq_flags);
1599 else if (!(di->dqb_valid & QIF_BTIME)) /* Set grace only if user hasn't provided his own... */
1600 dm->dqb_btime = get_seconds() + sb_dqopt(dquot->dq_sb)->info[dquot->dq_type].dqi_bgrace;
1602 if (check_ilim) {
1603 if (!dm->dqb_isoftlimit || dm->dqb_curinodes < dm->dqb_isoftlimit) {
1604 dm->dqb_itime = 0;
1605 clear_bit(DQ_INODES_B, &dquot->dq_flags);
1607 else if (!(di->dqb_valid & QIF_ITIME)) /* Set grace only if user hasn't provided his own... */
1608 dm->dqb_itime = get_seconds() + sb_dqopt(dquot->dq_sb)->info[dquot->dq_type].dqi_igrace;
1610 if (dm->dqb_bhardlimit || dm->dqb_bsoftlimit || dm->dqb_ihardlimit || dm->dqb_isoftlimit)
1611 clear_bit(DQ_FAKE_B, &dquot->dq_flags);
1612 else
1613 set_bit(DQ_FAKE_B, &dquot->dq_flags);
1614 spin_unlock(&dq_data_lock);
1615 mark_dquot_dirty(dquot);
1618 int vfs_set_dqblk(struct super_block *sb, int type, qid_t id, struct if_dqblk *di)
1620 struct dquot *dquot;
1622 down(&sb_dqopt(sb)->dqonoff_sem);
1623 if (!(dquot = dqget(sb, id, type))) {
1624 up(&sb_dqopt(sb)->dqonoff_sem);
1625 return -ESRCH;
1627 do_set_dqblk(dquot, di);
1628 dqput(dquot);
1629 up(&sb_dqopt(sb)->dqonoff_sem);
1630 return 0;
1633 /* Generic routine for getting common part of quota file information */
1634 int vfs_get_dqinfo(struct super_block *sb, int type, struct if_dqinfo *ii)
1636 struct mem_dqinfo *mi;
1638 down(&sb_dqopt(sb)->dqonoff_sem);
1639 if (!sb_has_quota_enabled(sb, type)) {
1640 up(&sb_dqopt(sb)->dqonoff_sem);
1641 return -ESRCH;
1643 mi = sb_dqopt(sb)->info + type;
1644 spin_lock(&dq_data_lock);
1645 ii->dqi_bgrace = mi->dqi_bgrace;
1646 ii->dqi_igrace = mi->dqi_igrace;
1647 ii->dqi_flags = mi->dqi_flags & DQF_MASK;
1648 ii->dqi_valid = IIF_ALL;
1649 spin_unlock(&dq_data_lock);
1650 up(&sb_dqopt(sb)->dqonoff_sem);
1651 return 0;
1654 /* Generic routine for setting common part of quota file information */
1655 int vfs_set_dqinfo(struct super_block *sb, int type, struct if_dqinfo *ii)
1657 struct mem_dqinfo *mi;
1659 down(&sb_dqopt(sb)->dqonoff_sem);
1660 if (!sb_has_quota_enabled(sb, type)) {
1661 up(&sb_dqopt(sb)->dqonoff_sem);
1662 return -ESRCH;
1664 mi = sb_dqopt(sb)->info + type;
1665 spin_lock(&dq_data_lock);
1666 if (ii->dqi_valid & IIF_BGRACE)
1667 mi->dqi_bgrace = ii->dqi_bgrace;
1668 if (ii->dqi_valid & IIF_IGRACE)
1669 mi->dqi_igrace = ii->dqi_igrace;
1670 if (ii->dqi_valid & IIF_FLAGS)
1671 mi->dqi_flags = (mi->dqi_flags & ~DQF_MASK) | (ii->dqi_flags & DQF_MASK);
1672 spin_unlock(&dq_data_lock);
1673 mark_info_dirty(sb, type);
1674 /* Force write to disk */
1675 sb->dq_op->write_info(sb, type);
1676 up(&sb_dqopt(sb)->dqonoff_sem);
1677 return 0;
1680 struct quotactl_ops vfs_quotactl_ops = {
1681 .quota_on = vfs_quota_on,
1682 .quota_off = vfs_quota_off,
1683 .quota_sync = vfs_quota_sync,
1684 .get_info = vfs_get_dqinfo,
1685 .set_info = vfs_set_dqinfo,
1686 .get_dqblk = vfs_get_dqblk,
1687 .set_dqblk = vfs_set_dqblk
1690 static ctl_table fs_dqstats_table[] = {
1692 .ctl_name = FS_DQ_LOOKUPS,
1693 .procname = "lookups",
1694 .data = &dqstats.lookups,
1695 .maxlen = sizeof(int),
1696 .mode = 0444,
1697 .proc_handler = &proc_dointvec,
1700 .ctl_name = FS_DQ_DROPS,
1701 .procname = "drops",
1702 .data = &dqstats.drops,
1703 .maxlen = sizeof(int),
1704 .mode = 0444,
1705 .proc_handler = &proc_dointvec,
1708 .ctl_name = FS_DQ_READS,
1709 .procname = "reads",
1710 .data = &dqstats.reads,
1711 .maxlen = sizeof(int),
1712 .mode = 0444,
1713 .proc_handler = &proc_dointvec,
1716 .ctl_name = FS_DQ_WRITES,
1717 .procname = "writes",
1718 .data = &dqstats.writes,
1719 .maxlen = sizeof(int),
1720 .mode = 0444,
1721 .proc_handler = &proc_dointvec,
1724 .ctl_name = FS_DQ_CACHE_HITS,
1725 .procname = "cache_hits",
1726 .data = &dqstats.cache_hits,
1727 .maxlen = sizeof(int),
1728 .mode = 0444,
1729 .proc_handler = &proc_dointvec,
1732 .ctl_name = FS_DQ_ALLOCATED,
1733 .procname = "allocated_dquots",
1734 .data = &dqstats.allocated_dquots,
1735 .maxlen = sizeof(int),
1736 .mode = 0444,
1737 .proc_handler = &proc_dointvec,
1740 .ctl_name = FS_DQ_FREE,
1741 .procname = "free_dquots",
1742 .data = &dqstats.free_dquots,
1743 .maxlen = sizeof(int),
1744 .mode = 0444,
1745 .proc_handler = &proc_dointvec,
1748 .ctl_name = FS_DQ_SYNCS,
1749 .procname = "syncs",
1750 .data = &dqstats.syncs,
1751 .maxlen = sizeof(int),
1752 .mode = 0444,
1753 .proc_handler = &proc_dointvec,
1756 .ctl_name = FS_DQ_WARNINGS,
1757 .procname = "warnings",
1758 .data = &flag_print_warnings,
1759 .maxlen = sizeof(int),
1760 .mode = 0644,
1761 .proc_handler = &proc_dointvec,
1763 { .ctl_name = 0 },
1766 static ctl_table fs_table[] = {
1768 .ctl_name = FS_DQSTATS,
1769 .procname = "quota",
1770 .mode = 0555,
1771 .child = fs_dqstats_table,
1773 { .ctl_name = 0 },
1776 static ctl_table sys_table[] = {
1778 .ctl_name = CTL_FS,
1779 .procname = "fs",
1780 .mode = 0555,
1781 .child = fs_table,
1783 { .ctl_name = 0 },
1786 static int __init dquot_init(void)
1788 int i;
1789 unsigned long nr_hash, order;
1791 printk(KERN_NOTICE "VFS: Disk quotas %s\n", __DQUOT_VERSION__);
1793 register_sysctl_table(sys_table, 0);
1795 dquot_cachep = kmem_cache_create("dquot",
1796 sizeof(struct dquot), sizeof(unsigned long) * 4,
1797 SLAB_HWCACHE_ALIGN|SLAB_RECLAIM_ACCOUNT|SLAB_PANIC,
1798 NULL, NULL);
1800 order = 0;
1801 dquot_hash = (struct hlist_head *)__get_free_pages(GFP_ATOMIC, order);
1802 if (!dquot_hash)
1803 panic("Cannot create dquot hash table");
1805 /* Find power-of-two hlist_heads which can fit into allocation */
1806 nr_hash = (1UL << order) * PAGE_SIZE / sizeof(struct hlist_head);
1807 dq_hash_bits = 0;
1808 do {
1809 dq_hash_bits++;
1810 } while (nr_hash >> dq_hash_bits);
1811 dq_hash_bits--;
1813 nr_hash = 1UL << dq_hash_bits;
1814 dq_hash_mask = nr_hash - 1;
1815 for (i = 0; i < nr_hash; i++)
1816 INIT_HLIST_HEAD(dquot_hash + i);
1818 printk("Dquot-cache hash table entries: %ld (order %ld, %ld bytes)\n",
1819 nr_hash, order, (PAGE_SIZE << order));
1821 set_shrinker(DEFAULT_SEEKS, shrink_dqcache_memory);
1823 return 0;
1825 module_init(dquot_init);
1827 EXPORT_SYMBOL(register_quota_format);
1828 EXPORT_SYMBOL(unregister_quota_format);
1829 EXPORT_SYMBOL(dqstats);
1830 EXPORT_SYMBOL(dq_data_lock);
1831 EXPORT_SYMBOL(vfs_quota_on);
1832 EXPORT_SYMBOL(vfs_quota_on_mount);
1833 EXPORT_SYMBOL(vfs_quota_off);
1834 EXPORT_SYMBOL(vfs_quota_sync);
1835 EXPORT_SYMBOL(vfs_get_dqinfo);
1836 EXPORT_SYMBOL(vfs_set_dqinfo);
1837 EXPORT_SYMBOL(vfs_get_dqblk);
1838 EXPORT_SYMBOL(vfs_set_dqblk);
1839 EXPORT_SYMBOL(dquot_commit);
1840 EXPORT_SYMBOL(dquot_commit_info);
1841 EXPORT_SYMBOL(dquot_acquire);
1842 EXPORT_SYMBOL(dquot_release);
1843 EXPORT_SYMBOL(dquot_mark_dquot_dirty);
1844 EXPORT_SYMBOL(dquot_initialize);
1845 EXPORT_SYMBOL(dquot_drop);
1846 EXPORT_SYMBOL(dquot_alloc_space);
1847 EXPORT_SYMBOL(dquot_alloc_inode);
1848 EXPORT_SYMBOL(dquot_free_space);
1849 EXPORT_SYMBOL(dquot_free_inode);
1850 EXPORT_SYMBOL(dquot_transfer);