2 * Copyright (c) 2000-2003 Silicon Graphics, Inc. All Rights Reserved.
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of version 2 of the GNU General Public License as
6 * published by the Free Software Foundation.
8 * This program is distributed in the hope that it would be useful, but
9 * WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
12 * Further, this software is distributed without any warranty that it is
13 * free of the rightful claim of any third person regarding infringement
14 * or the like. Any license provided herein, whether implied or
15 * otherwise, applies only to this software file. Patent licenses, if
16 * any, provided herein do not apply to combinations of this program with
17 * other software, or any other product whatsoever.
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write the Free Software Foundation, Inc., 59
21 * Temple Place - Suite 330, Boston MA 02111-1307, USA.
23 * Contact information: Silicon Graphics, Inc., 1600 Amphitheatre Pkwy,
24 * Mountain View, CA 94043, or:
28 * For further information regarding this notice, see:
30 * http://oss.sgi.com/projects/GenInfo/SGIGPLNoticeExplan/
37 #include "xfs_trans.h"
41 #include "xfs_alloc.h"
42 #include "xfs_dmapi.h"
43 #include "xfs_quota.h"
44 #include "xfs_mount.h"
45 #include "xfs_alloc_btree.h"
46 #include "xfs_bmap_btree.h"
47 #include "xfs_ialloc_btree.h"
48 #include "xfs_btree.h"
49 #include "xfs_ialloc.h"
50 #include "xfs_attr_sf.h"
51 #include "xfs_dir_sf.h"
52 #include "xfs_dir2_sf.h"
53 #include "xfs_dinode.h"
54 #include "xfs_inode.h"
57 #include "xfs_rtalloc.h"
58 #include "xfs_error.h"
59 #include "xfs_itable.h"
65 #include "xfs_buf_item.h"
66 #include "xfs_utils.h"
71 # define qdprintk(s, args...) cmn_err(CE_DEBUG, s, ## args)
73 # define qdprintk(s, args...) do { } while (0)
76 STATIC int xfs_qm_scall_trunc_qfiles(xfs_mount_t *, uint);
77 STATIC int xfs_qm_scall_getquota(xfs_mount_t *, xfs_dqid_t, uint,
79 STATIC int xfs_qm_scall_getqstat(xfs_mount_t *, fs_quota_stat_t *);
80 STATIC int xfs_qm_scall_setqlim(xfs_mount_t *, xfs_dqid_t, uint,
82 STATIC int xfs_qm_scall_quotaon(xfs_mount_t *, uint);
83 STATIC int xfs_qm_scall_quotaoff(xfs_mount_t *, uint, boolean_t);
84 STATIC int xfs_qm_log_quotaoff(xfs_mount_t *, xfs_qoff_logitem_t **, uint);
85 STATIC int xfs_qm_log_quotaoff_end(xfs_mount_t *, xfs_qoff_logitem_t *,
87 STATIC uint xfs_qm_import_flags(uint);
88 STATIC uint xfs_qm_export_flags(uint);
89 STATIC uint xfs_qm_import_qtype_flags(uint);
90 STATIC uint xfs_qm_export_qtype_flags(uint);
91 STATIC void xfs_qm_export_dquot(xfs_mount_t *, xfs_disk_dquot_t *,
96 * The main distribution switch of all XFS quotactl system calls.
100 struct bhv_desc *bdp,
109 vfsp = bhvtovfs(bdp);
110 mp = XFS_VFSTOM(vfsp);
112 if (addr == NULL && cmd != Q_SYNC)
113 return XFS_ERROR(EINVAL);
114 if (id < 0 && cmd != Q_SYNC)
115 return XFS_ERROR(EINVAL);
118 * The following commands are valid even when quotaoff.
122 * truncate quota files. quota must be off.
125 if (XFS_IS_QUOTA_ON(mp) || addr == NULL)
126 return XFS_ERROR(EINVAL);
127 if (vfsp->vfs_flag & VFS_RDONLY)
128 return XFS_ERROR(EROFS);
129 return (xfs_qm_scall_trunc_qfiles(mp,
130 xfs_qm_import_qtype_flags(*(uint *)addr)));
132 * Get quota status information.
135 return (xfs_qm_scall_getqstat(mp, (fs_quota_stat_t *)addr));
138 * QUOTAON for root f/s and quota enforcement on others..
139 * Quota accounting for non-root f/s's must be turned on
144 return XFS_ERROR(EINVAL);
145 if (vfsp->vfs_flag & VFS_RDONLY)
146 return XFS_ERROR(EROFS);
147 return (xfs_qm_scall_quotaon(mp,
148 xfs_qm_import_flags(*(uint *)addr)));
150 if (vfsp->vfs_flag & VFS_RDONLY)
151 return XFS_ERROR(EROFS);
158 if (! XFS_IS_QUOTA_ON(mp))
159 return XFS_ERROR(ESRCH);
163 if (vfsp->vfs_flag & VFS_RDONLY)
164 return XFS_ERROR(EROFS);
165 error = xfs_qm_scall_quotaoff(mp,
166 xfs_qm_import_flags(*(uint *)addr),
171 * Defaults to XFS_GETUQUOTA.
174 error = xfs_qm_scall_getquota(mp, (xfs_dqid_t)id, XFS_DQ_USER,
175 (fs_disk_quota_t *)addr);
178 * Set limits, both hard and soft. Defaults to Q_SETUQLIM.
181 if (vfsp->vfs_flag & VFS_RDONLY)
182 return XFS_ERROR(EROFS);
183 error = xfs_qm_scall_setqlim(mp, (xfs_dqid_t)id, XFS_DQ_USER,
184 (fs_disk_quota_t *)addr);
188 if (vfsp->vfs_flag & VFS_RDONLY)
189 return XFS_ERROR(EROFS);
190 error = xfs_qm_scall_setqlim(mp, (xfs_dqid_t)id, XFS_DQ_GROUP,
191 (fs_disk_quota_t *)addr);
196 error = xfs_qm_scall_getquota(mp, (xfs_dqid_t)id, XFS_DQ_GROUP,
197 (fs_disk_quota_t *)addr);
201 * Quotas are entirely undefined after quotaoff in XFS quotas.
202 * For instance, there's no way to set limits when quotaoff.
206 error = XFS_ERROR(EINVAL);
214 * Turn off quota accounting and/or enforcement for all udquots and/or
215 * gdquots. Called only at unmount time.
217 * This assumes that there are no dquots of this file system cached
218 * incore, and modifies the ondisk dquot directly. Therefore, for example,
219 * it is an error to call this twice, without purging the cache.
222 xfs_qm_scall_quotaoff(
230 uint inactivate_flags;
231 xfs_qoff_logitem_t *qoffstart;
234 if (!force && !capable(CAP_SYS_ADMIN))
235 return XFS_ERROR(EPERM);
237 * No file system can have quotas enabled on disk but not in core.
238 * Note that quota utilities (like quotaoff) _expect_
239 * errno == EEXIST here.
241 if ((mp->m_qflags & flags) == 0)
242 return XFS_ERROR(EEXIST);
245 flags &= (XFS_ALL_QUOTA_ACCT | XFS_ALL_QUOTA_ENFD);
248 * We don't want to deal with two quotaoffs messing up each other,
249 * so we're going to serialize it. quotaoff isn't exactly a performance
251 * If quotaoff, then we must be dealing with the root filesystem.
253 ASSERT(mp->m_quotainfo);
255 mutex_lock(&(XFS_QI_QOFFLOCK(mp)), PINOD);
257 ASSERT(mp->m_quotainfo);
260 * If we're just turning off quota enforcement, change mp and go.
262 if ((flags & XFS_ALL_QUOTA_ACCT) == 0) {
263 mp->m_qflags &= ~(flags);
266 mp->m_sb.sb_qflags = mp->m_qflags;
267 XFS_SB_UNLOCK(mp, s);
268 mutex_unlock(&(XFS_QI_QOFFLOCK(mp)));
270 /* XXX what to do if error ? Revert back to old vals incore ? */
271 error = xfs_qm_write_sb_changes(mp, XFS_SB_QFLAGS);
276 inactivate_flags = 0;
278 * If accounting is off, we must turn enforcement off, clear the
279 * quota 'CHKD' certificate to make it known that we have to
280 * do a quotacheck the next time this quota is turned on.
282 if (flags & XFS_UQUOTA_ACCT) {
283 dqtype |= XFS_QMOPT_UQUOTA;
284 flags |= (XFS_UQUOTA_CHKD | XFS_UQUOTA_ENFD);
285 inactivate_flags |= XFS_UQUOTA_ACTIVE;
287 if (flags & XFS_GQUOTA_ACCT) {
288 dqtype |= XFS_QMOPT_GQUOTA;
289 flags |= (XFS_GQUOTA_CHKD | XFS_GQUOTA_ENFD);
290 inactivate_flags |= XFS_GQUOTA_ACTIVE;
294 * Nothing to do? Don't complain. This happens when we're just
295 * turning off quota enforcement.
297 if ((mp->m_qflags & flags) == 0) {
298 mutex_unlock(&(XFS_QI_QOFFLOCK(mp)));
303 * Write the LI_QUOTAOFF log record, and do SB changes atomically,
306 xfs_qm_log_quotaoff(mp, &qoffstart, flags);
309 * Next we clear the XFS_MOUNT_*DQ_ACTIVE bit(s) in the mount struct
310 * to take care of the race between dqget and quotaoff. We don't take
311 * any special locks to reset these bits. All processes need to check
312 * these bits *after* taking inode lock(s) to see if the particular
313 * quota type is in the process of being turned off. If *ACTIVE, it is
314 * guaranteed that all dquot structures and all quotainode ptrs will all
315 * stay valid as long as that inode is kept locked.
317 * There is no turning back after this.
319 mp->m_qflags &= ~inactivate_flags;
322 * Give back all the dquot reference(s) held by inodes.
323 * Here we go thru every single incore inode in this file system, and
324 * do a dqrele on the i_udquot/i_gdquot that it may have.
325 * Essentially, as long as somebody has an inode locked, this guarantees
326 * that quotas will not be turned off. This is handy because in a
327 * transaction once we lock the inode(s) and check for quotaon, we can
328 * depend on the quota inodes (and other things) being valid as long as
329 * we keep the lock(s).
331 xfs_qm_dqrele_all_inodes(mp, flags);
334 * Next we make the changes in the quota flag in the mount struct.
335 * This isn't protected by a particular lock directly, because we
336 * don't want to take a mrlock everytime we depend on quotas being on.
338 mp->m_qflags &= ~(flags);
341 * Go through all the dquots of this file system and purge them,
342 * according to what was turned off. We may not be able to get rid
343 * of all dquots, because dquots can have temporary references that
344 * are not attached to inodes. eg. xfs_setattr, xfs_create.
345 * So, if we couldn't purge all the dquots from the filesystem,
346 * we can't get rid of the incore data structures.
348 while ((nculprits = xfs_qm_dqpurge_all(mp, dqtype|XFS_QMOPT_QUOTAOFF)))
349 delay(10 * nculprits);
352 * Transactions that had started before ACTIVE state bit was cleared
353 * could have logged many dquots, so they'd have higher LSNs than
354 * the first QUOTAOFF log record does. If we happen to crash when
355 * the tail of the log has gone past the QUOTAOFF record, but
356 * before the last dquot modification, those dquots __will__
357 * recover, and that's not good.
359 * So, we have QUOTAOFF start and end logitems; the start
360 * logitem won't get overwritten until the end logitem appears...
362 xfs_qm_log_quotaoff_end(mp, qoffstart, flags);
365 * If quotas is completely disabled, close shop.
367 if ((flags & XFS_MOUNT_QUOTA_ALL) == XFS_MOUNT_QUOTA_ALL) {
368 mutex_unlock(&(XFS_QI_QOFFLOCK(mp)));
369 xfs_qm_destroy_quotainfo(mp);
374 * Release our quotainode references, and vn_purge them,
375 * if we don't need them anymore.
377 if ((dqtype & XFS_QMOPT_UQUOTA) && XFS_QI_UQIP(mp)) {
378 XFS_PURGE_INODE(XFS_QI_UQIP(mp));
379 XFS_QI_UQIP(mp) = NULL;
381 if ((dqtype & XFS_QMOPT_GQUOTA) && XFS_QI_GQIP(mp)) {
382 XFS_PURGE_INODE(XFS_QI_GQIP(mp));
383 XFS_QI_GQIP(mp) = NULL;
385 mutex_unlock(&(XFS_QI_QOFFLOCK(mp)));
391 xfs_qm_scall_trunc_qfiles(
398 if (!capable(CAP_SYS_ADMIN))
399 return XFS_ERROR(EPERM);
401 if (!XFS_SB_VERSION_HASQUOTA(&mp->m_sb) || flags == 0) {
402 qdprintk("qtrunc flags=%x m_qflags=%x\n", flags, mp->m_qflags);
403 return XFS_ERROR(EINVAL);
406 if ((flags & XFS_DQ_USER) && mp->m_sb.sb_uquotino != NULLFSINO) {
407 error = xfs_iget(mp, NULL, mp->m_sb.sb_uquotino, 0, &qip, 0);
409 (void) xfs_truncate_file(mp, qip);
410 VN_RELE(XFS_ITOV(qip));
414 if ((flags & XFS_DQ_GROUP) && mp->m_sb.sb_gquotino != NULLFSINO) {
415 error = xfs_iget(mp, NULL, mp->m_sb.sb_gquotino, 0, &qip, 0);
417 (void) xfs_truncate_file(mp, qip);
418 VN_RELE(XFS_ITOV(qip));
427 * Switch on (a given) quota enforcement for a filesystem. This takes
428 * effect immediately.
429 * (Switching on quota accounting must be done at mount time.)
432 xfs_qm_scall_quotaon(
442 if (!capable(CAP_SYS_ADMIN))
443 return XFS_ERROR(EPERM);
445 flags &= (XFS_ALL_QUOTA_ACCT | XFS_ALL_QUOTA_ENFD);
447 * Switching on quota accounting must be done at mount time.
449 accflags = flags & XFS_ALL_QUOTA_ACCT;
450 flags &= ~(XFS_ALL_QUOTA_ACCT);
455 qdprintk("quotaon: zero flags, m_qflags=%x\n", mp->m_qflags);
456 return XFS_ERROR(EINVAL);
459 /* No fs can turn on quotas with a delayed effect */
460 ASSERT((flags & XFS_ALL_QUOTA_ACCT) == 0);
463 * Can't enforce without accounting. We check the superblock
464 * qflags here instead of m_qflags because rootfs can have
465 * quota acct on ondisk without m_qflags' knowing.
467 if (((flags & XFS_UQUOTA_ACCT) == 0 &&
468 (mp->m_sb.sb_qflags & XFS_UQUOTA_ACCT) == 0 &&
469 (flags & XFS_UQUOTA_ENFD))
471 ((flags & XFS_GQUOTA_ACCT) == 0 &&
472 (mp->m_sb.sb_qflags & XFS_GQUOTA_ACCT) == 0 &&
473 (flags & XFS_GQUOTA_ENFD))) {
474 qdprintk("Can't enforce without acct, flags=%x sbflags=%x\n",
475 flags, mp->m_sb.sb_qflags);
476 return XFS_ERROR(EINVAL);
479 * If everything's upto-date incore, then don't waste time.
481 if ((mp->m_qflags & flags) == flags)
482 return XFS_ERROR(EEXIST);
485 * Change sb_qflags on disk but not incore mp->qflags
486 * if this is the root filesystem.
489 qf = mp->m_sb.sb_qflags;
490 mp->m_sb.sb_qflags = qf | flags;
491 XFS_SB_UNLOCK(mp, s);
494 * There's nothing to change if it's the same.
496 if ((qf & flags) == flags && sbflags == 0)
497 return XFS_ERROR(EEXIST);
498 sbflags |= XFS_SB_QFLAGS;
500 if ((error = xfs_qm_write_sb_changes(mp, sbflags)))
503 * If we aren't trying to switch on quota enforcement, we are done.
505 if (((mp->m_sb.sb_qflags & XFS_UQUOTA_ACCT) !=
506 (mp->m_qflags & XFS_UQUOTA_ACCT)) ||
507 (flags & XFS_ALL_QUOTA_ENFD) == 0)
510 if (! XFS_IS_QUOTA_RUNNING(mp))
511 return XFS_ERROR(ESRCH);
514 * Switch on quota enforcement in core.
516 mutex_lock(&(XFS_QI_QOFFLOCK(mp)), PINOD);
517 mp->m_qflags |= (flags & XFS_ALL_QUOTA_ENFD);
518 mutex_unlock(&(XFS_QI_QOFFLOCK(mp)));
526 * Return quota status information, such as uquota-off, enforcements, etc.
529 xfs_qm_scall_getqstat(
531 fs_quota_stat_t *out)
533 xfs_inode_t *uip, *gip;
534 boolean_t tempuqip, tempgqip;
537 tempuqip = tempgqip = B_FALSE;
538 memset(out, 0, sizeof(fs_quota_stat_t));
540 out->qs_version = FS_QSTAT_VERSION;
541 if (! XFS_SB_VERSION_HASQUOTA(&mp->m_sb)) {
542 out->qs_uquota.qfs_ino = NULLFSINO;
543 out->qs_gquota.qfs_ino = NULLFSINO;
546 out->qs_flags = (__uint16_t) xfs_qm_export_flags(mp->m_qflags &
548 XFS_ALL_QUOTA_ENFD));
550 out->qs_uquota.qfs_ino = mp->m_sb.sb_uquotino;
551 out->qs_gquota.qfs_ino = mp->m_sb.sb_gquotino;
553 if (mp->m_quotainfo) {
554 uip = mp->m_quotainfo->qi_uquotaip;
555 gip = mp->m_quotainfo->qi_gquotaip;
557 if (!uip && mp->m_sb.sb_uquotino != NULLFSINO) {
558 if (xfs_iget(mp, NULL, mp->m_sb.sb_uquotino, 0, &uip, 0) == 0)
561 if (!gip && mp->m_sb.sb_gquotino != NULLFSINO) {
562 if (xfs_iget(mp, NULL, mp->m_sb.sb_gquotino, 0, &gip, 0) == 0)
566 out->qs_uquota.qfs_nblks = uip->i_d.di_nblocks;
567 out->qs_uquota.qfs_nextents = uip->i_d.di_nextents;
569 VN_RELE(XFS_ITOV(uip));
572 out->qs_gquota.qfs_nblks = gip->i_d.di_nblocks;
573 out->qs_gquota.qfs_nextents = gip->i_d.di_nextents;
575 VN_RELE(XFS_ITOV(gip));
577 if (mp->m_quotainfo) {
578 out->qs_incoredqs = XFS_QI_MPLNDQUOTS(mp);
579 out->qs_btimelimit = XFS_QI_BTIMELIMIT(mp);
580 out->qs_itimelimit = XFS_QI_ITIMELIMIT(mp);
581 out->qs_rtbtimelimit = XFS_QI_RTBTIMELIMIT(mp);
582 out->qs_bwarnlimit = XFS_QI_BWARNLIMIT(mp);
583 out->qs_iwarnlimit = XFS_QI_IWARNLIMIT(mp);
589 * Adjust quota limits, and start/stop timers accordingly.
592 xfs_qm_scall_setqlim(
596 fs_disk_quota_t *newlim)
598 xfs_disk_dquot_t *ddq;
602 xfs_qcnt_t hard, soft;
604 if (!capable(CAP_SYS_ADMIN))
605 return XFS_ERROR(EPERM);
607 if ((newlim->d_fieldmask & (FS_DQ_LIMIT_MASK|FS_DQ_TIMER_MASK)) == 0)
610 tp = xfs_trans_alloc(mp, XFS_TRANS_QM_SETQLIM);
611 if ((error = xfs_trans_reserve(tp, 0, sizeof(xfs_disk_dquot_t) + 128,
612 0, 0, XFS_DEFAULT_LOG_COUNT))) {
613 xfs_trans_cancel(tp, 0);
618 * We don't want to race with a quotaoff so take the quotaoff lock.
619 * (We don't hold an inode lock, so there's nothing else to stop
620 * a quotaoff from happening). (XXXThis doesn't currently happen
621 * because we take the vfslock before calling xfs_qm_sysent).
623 mutex_lock(&(XFS_QI_QOFFLOCK(mp)), PINOD);
626 * Get the dquot (locked), and join it to the transaction.
627 * Allocate the dquot if this doesn't exist.
629 if ((error = xfs_qm_dqget(mp, NULL, id, type, XFS_QMOPT_DQALLOC, &dqp))) {
630 xfs_trans_cancel(tp, XFS_TRANS_ABORT);
631 mutex_unlock(&(XFS_QI_QOFFLOCK(mp)));
632 ASSERT(error != ENOENT);
635 xfs_dqtrace_entry(dqp, "Q_SETQLIM: AFT DQGET");
636 xfs_trans_dqjoin(tp, dqp);
640 * Make sure that hardlimits are >= soft limits before changing.
642 hard = (newlim->d_fieldmask & FS_DQ_BHARD) ?
643 (xfs_qcnt_t) XFS_BB_TO_FSB(mp, newlim->d_blk_hardlimit) :
644 INT_GET(ddq->d_blk_hardlimit, ARCH_CONVERT);
645 soft = (newlim->d_fieldmask & FS_DQ_BSOFT) ?
646 (xfs_qcnt_t) XFS_BB_TO_FSB(mp, newlim->d_blk_softlimit) :
647 INT_GET(ddq->d_blk_softlimit, ARCH_CONVERT);
648 if (hard == 0 || hard >= soft) {
649 INT_SET(ddq->d_blk_hardlimit, ARCH_CONVERT, hard);
650 INT_SET(ddq->d_blk_softlimit, ARCH_CONVERT, soft);
653 qdprintk("blkhard %Ld < blksoft %Ld\n", hard, soft);
655 hard = (newlim->d_fieldmask & FS_DQ_RTBHARD) ?
656 (xfs_qcnt_t) XFS_BB_TO_FSB(mp, newlim->d_rtb_hardlimit) :
657 INT_GET(ddq->d_rtb_hardlimit, ARCH_CONVERT);
658 soft = (newlim->d_fieldmask & FS_DQ_RTBSOFT) ?
659 (xfs_qcnt_t) XFS_BB_TO_FSB(mp, newlim->d_rtb_softlimit) :
660 INT_GET(ddq->d_rtb_softlimit, ARCH_CONVERT);
661 if (hard == 0 || hard >= soft) {
662 INT_SET(ddq->d_rtb_hardlimit, ARCH_CONVERT, hard);
663 INT_SET(ddq->d_rtb_softlimit, ARCH_CONVERT, soft);
666 qdprintk("rtbhard %Ld < rtbsoft %Ld\n", hard, soft);
668 hard = (newlim->d_fieldmask & FS_DQ_IHARD) ?
669 (xfs_qcnt_t) newlim->d_ino_hardlimit :
670 INT_GET(ddq->d_ino_hardlimit, ARCH_CONVERT);
671 soft = (newlim->d_fieldmask & FS_DQ_ISOFT) ?
672 (xfs_qcnt_t) newlim->d_ino_softlimit :
673 INT_GET(ddq->d_ino_softlimit, ARCH_CONVERT);
674 if (hard == 0 || hard >= soft) {
675 INT_SET(ddq->d_ino_hardlimit, ARCH_CONVERT, hard);
676 INT_SET(ddq->d_ino_softlimit, ARCH_CONVERT, soft);
679 qdprintk("ihard %Ld < isoft %Ld\n", hard, soft);
683 * Timelimits for the super user set the relative time
684 * the other users can be over quota for this file system.
685 * If it is zero a default is used.
687 if (newlim->d_fieldmask & FS_DQ_BTIMER) {
688 mp->m_quotainfo->qi_btimelimit = newlim->d_btimer;
689 INT_SET(dqp->q_core.d_btimer, ARCH_CONVERT, newlim->d_btimer);
691 if (newlim->d_fieldmask & FS_DQ_ITIMER) {
692 mp->m_quotainfo->qi_itimelimit = newlim->d_itimer;
693 INT_SET(dqp->q_core.d_itimer, ARCH_CONVERT, newlim->d_itimer);
695 if (newlim->d_fieldmask & FS_DQ_RTBTIMER) {
696 mp->m_quotainfo->qi_rtbtimelimit = newlim->d_rtbtimer;
697 INT_SET(dqp->q_core.d_rtbtimer, ARCH_CONVERT, newlim->d_rtbtimer);
699 } else /* if (XFS_IS_QUOTA_ENFORCED(mp)) */ {
701 * If the user is now over quota, start the timelimit.
702 * The user will not be 'warned'.
703 * Note that we keep the timers ticking, whether enforcement
704 * is on or off. We don't really want to bother with iterating
705 * over all ondisk dquots and turning the timers on/off.
707 xfs_qm_adjust_dqtimers(mp, ddq);
709 dqp->dq_flags |= XFS_DQ_DIRTY;
710 xfs_trans_log_dquot(tp, dqp);
712 xfs_dqtrace_entry(dqp, "Q_SETQLIM: COMMIT");
713 xfs_trans_commit(tp, 0, NULL);
716 mutex_unlock(&(XFS_QI_QOFFLOCK(mp)));
722 xfs_qm_scall_getquota(
726 fs_disk_quota_t *out)
732 * Try to get the dquot. We don't want it allocated on disk, so
733 * we aren't passing the XFS_QMOPT_DOALLOC flag. If it doesn't
734 * exist, we'll get ENOENT back.
736 if ((error = xfs_qm_dqget(mp, NULL, id, type, 0, &dqp))) {
740 xfs_dqtrace_entry(dqp, "Q_GETQUOTA SUCCESS");
742 * If everything's NULL, this dquot doesn't quite exist as far as
743 * our utility programs are concerned.
745 if (XFS_IS_DQUOT_UNINITIALIZED(dqp)) {
747 return XFS_ERROR(ENOENT);
749 /* xfs_qm_dqprint(dqp); */
751 * Convert the disk dquot to the exportable format
753 xfs_qm_export_dquot(mp, &dqp->q_core, out);
755 return (error ? XFS_ERROR(EFAULT) : 0);
760 xfs_qm_log_quotaoff_end(
762 xfs_qoff_logitem_t *startqoff,
767 xfs_qoff_logitem_t *qoffi;
769 tp = xfs_trans_alloc(mp, XFS_TRANS_QM_QUOTAOFF_END);
771 if ((error = xfs_trans_reserve(tp, 0, sizeof(xfs_qoff_logitem_t) * 2,
772 0, 0, XFS_DEFAULT_LOG_COUNT))) {
773 xfs_trans_cancel(tp, 0);
777 qoffi = xfs_trans_get_qoff_item(tp, startqoff,
778 flags & XFS_ALL_QUOTA_ACCT);
779 xfs_trans_log_quotaoff_item(tp, qoffi);
782 * We have to make sure that the transaction is secure on disk before we
783 * return and actually stop quota accounting. So, make it synchronous.
784 * We don't care about quotoff's performance.
786 xfs_trans_set_sync(tp);
787 error = xfs_trans_commit(tp, 0, NULL);
795 xfs_qoff_logitem_t **qoffstartp,
801 xfs_qoff_logitem_t *qoffi=NULL;
804 tp = xfs_trans_alloc(mp, XFS_TRANS_QM_QUOTAOFF);
805 if ((error = xfs_trans_reserve(tp, 0,
806 sizeof(xfs_qoff_logitem_t) * 2 +
807 mp->m_sb.sb_sectsize + 128,
810 XFS_DEFAULT_LOG_COUNT))) {
814 qoffi = xfs_trans_get_qoff_item(tp, NULL, flags & XFS_ALL_QUOTA_ACCT);
815 xfs_trans_log_quotaoff_item(tp, qoffi);
818 oldsbqflag = mp->m_sb.sb_qflags;
819 mp->m_sb.sb_qflags = (mp->m_qflags & ~(flags)) & XFS_MOUNT_QUOTA_ALL;
820 XFS_SB_UNLOCK(mp, s);
822 xfs_mod_sb(tp, XFS_SB_QFLAGS);
825 * We have to make sure that the transaction is secure on disk before we
826 * return and actually stop quota accounting. So, make it synchronous.
827 * We don't care about quotoff's performance.
829 xfs_trans_set_sync(tp);
830 error = xfs_trans_commit(tp, 0, NULL);
834 xfs_trans_cancel(tp, 0);
836 * No one else is modifying sb_qflags, so this is OK.
837 * We still hold the quotaofflock.
840 mp->m_sb.sb_qflags = oldsbqflag;
841 XFS_SB_UNLOCK(mp, s);
849 * Translate an internal style on-disk-dquot to the exportable format.
850 * The main differences are that the counters/limits are all in Basic
851 * Blocks (BBs) instead of the internal FSBs, and all on-disk data has
852 * to be converted to the native endianness.
857 xfs_disk_dquot_t *src,
858 struct fs_disk_quota *dst)
860 memset(dst, 0, sizeof(*dst));
861 dst->d_version = FS_DQUOT_VERSION; /* different from src->d_version */
863 xfs_qm_export_qtype_flags(INT_GET(src->d_flags, ARCH_CONVERT));
864 dst->d_id = INT_GET(src->d_id, ARCH_CONVERT);
865 dst->d_blk_hardlimit = (__uint64_t)
866 XFS_FSB_TO_BB(mp, INT_GET(src->d_blk_hardlimit, ARCH_CONVERT));
867 dst->d_blk_softlimit = (__uint64_t)
868 XFS_FSB_TO_BB(mp, INT_GET(src->d_blk_softlimit, ARCH_CONVERT));
869 dst->d_ino_hardlimit = (__uint64_t)
870 INT_GET(src->d_ino_hardlimit, ARCH_CONVERT);
871 dst->d_ino_softlimit = (__uint64_t)
872 INT_GET(src->d_ino_softlimit, ARCH_CONVERT);
873 dst->d_bcount = (__uint64_t)
874 XFS_FSB_TO_BB(mp, INT_GET(src->d_bcount, ARCH_CONVERT));
875 dst->d_icount = (__uint64_t) INT_GET(src->d_icount, ARCH_CONVERT);
876 dst->d_btimer = (__uint32_t) INT_GET(src->d_btimer, ARCH_CONVERT);
877 dst->d_itimer = (__uint32_t) INT_GET(src->d_itimer, ARCH_CONVERT);
878 dst->d_iwarns = INT_GET(src->d_iwarns, ARCH_CONVERT);
879 dst->d_bwarns = INT_GET(src->d_bwarns, ARCH_CONVERT);
881 dst->d_rtb_hardlimit = (__uint64_t)
882 XFS_FSB_TO_BB(mp, INT_GET(src->d_rtb_hardlimit, ARCH_CONVERT));
883 dst->d_rtb_softlimit = (__uint64_t)
884 XFS_FSB_TO_BB(mp, INT_GET(src->d_rtb_softlimit, ARCH_CONVERT));
885 dst->d_rtbcount = (__uint64_t)
886 XFS_FSB_TO_BB(mp, INT_GET(src->d_rtbcount, ARCH_CONVERT));
887 dst->d_rtbtimer = (__uint32_t) INT_GET(src->d_rtbtimer, ARCH_CONVERT);
888 dst->d_rtbwarns = INT_GET(src->d_rtbwarns, ARCH_CONVERT);
891 * Internally, we don't reset all the timers when quota enforcement
892 * gets turned off. No need to confuse the userlevel code,
893 * so return zeroes in that case.
895 if (! XFS_IS_QUOTA_ENFORCED(mp)) {
902 if (XFS_IS_QUOTA_ENFORCED(mp) && dst->d_id != 0) {
903 if (((int) dst->d_bcount >= (int) dst->d_blk_softlimit) &&
904 (dst->d_blk_softlimit > 0)) {
905 ASSERT(dst->d_btimer != 0);
907 if (((int) dst->d_icount >= (int) dst->d_ino_softlimit) &&
908 (dst->d_ino_softlimit > 0)) {
909 ASSERT(dst->d_itimer != 0);
916 xfs_qm_import_qtype_flags(
920 * Can't be both at the same time.
922 if (((uflags & (XFS_GROUP_QUOTA | XFS_USER_QUOTA)) ==
923 (XFS_GROUP_QUOTA | XFS_USER_QUOTA)) ||
924 ((uflags & (XFS_GROUP_QUOTA | XFS_USER_QUOTA)) == 0))
927 return (uflags & XFS_USER_QUOTA) ?
928 XFS_DQ_USER : XFS_DQ_GROUP;
932 xfs_qm_export_qtype_flags(
936 * Can't be both at the same time.
938 ASSERT((flags & (XFS_GROUP_QUOTA | XFS_USER_QUOTA)) !=
939 (XFS_GROUP_QUOTA | XFS_USER_QUOTA));
940 ASSERT((flags & (XFS_GROUP_QUOTA | XFS_USER_QUOTA)) != 0);
942 return (flags & XFS_DQ_USER) ?
943 XFS_USER_QUOTA : XFS_GROUP_QUOTA;
952 if (uflags & XFS_QUOTA_UDQ_ACCT)
953 flags |= XFS_UQUOTA_ACCT;
954 if (uflags & XFS_QUOTA_GDQ_ACCT)
955 flags |= XFS_GQUOTA_ACCT;
956 if (uflags & XFS_QUOTA_UDQ_ENFD)
957 flags |= XFS_UQUOTA_ENFD;
958 if (uflags & XFS_QUOTA_GDQ_ENFD)
959 flags |= XFS_GQUOTA_ENFD;
971 if (flags & XFS_UQUOTA_ACCT)
972 uflags |= XFS_QUOTA_UDQ_ACCT;
973 if (flags & XFS_GQUOTA_ACCT)
974 uflags |= XFS_QUOTA_GDQ_ACCT;
975 if (flags & XFS_UQUOTA_ENFD)
976 uflags |= XFS_QUOTA_UDQ_ENFD;
977 if (flags & XFS_GQUOTA_ENFD)
978 uflags |= XFS_QUOTA_GDQ_ENFD;
984 * Go thru all the inodes in the file system, releasing their dquots.
985 * Note that the mount structure gets modified to indicate that quotas are off
986 * AFTER this, in the case of quotaoff. This also gets called from
990 xfs_qm_dqrele_all_inodes(
991 struct xfs_mount *mp,
995 xfs_inode_t *ip, *topino;
998 boolean_t vnode_refd;
1000 ASSERT(mp->m_quotainfo);
1003 XFS_MOUNT_ILOCK(mp);
1006 XFS_MOUNT_IUNLOCK(mp);
1010 /* Skip markers inserted by xfs_sync */
1011 if (ip->i_mount == NULL) {
1015 /* Root inode, rbmip and rsumip have associated blocks */
1016 if (ip == XFS_QI_UQIP(mp) || ip == XFS_QI_GQIP(mp)) {
1017 ASSERT(ip->i_udquot == NULL);
1018 ASSERT(ip->i_gdquot == NULL);
1022 vp = XFS_ITOV_NULL(ip);
1024 ASSERT(ip->i_udquot == NULL);
1025 ASSERT(ip->i_gdquot == NULL);
1029 vnode_refd = B_FALSE;
1030 if (xfs_ilock_nowait(ip, XFS_ILOCK_EXCL) == 0) {
1032 * Sample vp mapping while holding the mplock, lest
1033 * we come across a non-existent vnode.
1036 ireclaims = mp->m_ireclaims;
1037 topino = mp->m_inodes;
1038 XFS_MOUNT_IUNLOCK(mp);
1040 /* XXX restart limit ? */
1041 if ( ! (vp = vn_get(vp, &vmap)))
1043 xfs_ilock(ip, XFS_ILOCK_EXCL);
1044 vnode_refd = B_TRUE;
1046 ireclaims = mp->m_ireclaims;
1047 topino = mp->m_inodes;
1048 XFS_MOUNT_IUNLOCK(mp);
1052 * We don't keep the mountlock across the dqrele() call,
1053 * since it can take a while..
1055 if ((flags & XFS_UQUOTA_ACCT) && ip->i_udquot) {
1056 xfs_qm_dqrele(ip->i_udquot);
1057 ip->i_udquot = NULL;
1059 if ((flags & XFS_GQUOTA_ACCT) && ip->i_gdquot) {
1060 xfs_qm_dqrele(ip->i_gdquot);
1061 ip->i_gdquot = NULL;
1063 xfs_iunlock(ip, XFS_ILOCK_EXCL);
1065 * Wait until we've dropped the ilock and mountlock to
1066 * do the vn_rele. Or be condemned to an eternity in the
1067 * inactive code in hell.
1071 XFS_MOUNT_ILOCK(mp);
1073 * If an inode was inserted or removed, we gotta
1076 if (topino != mp->m_inodes || mp->m_ireclaims != ireclaims) {
1077 /* XXX use a sentinel */
1078 XFS_MOUNT_IUNLOCK(mp);
1082 } while (ip != mp->m_inodes);
1084 XFS_MOUNT_IUNLOCK(mp);
1087 /*------------------------------------------------------------------------*/
1090 * This contains all the test functions for XFS disk quotas.
1091 * Currently it does a quota accounting check. ie. it walks through
1092 * all inodes in the file system, calculating the dquot accounting fields,
1093 * and prints out any inconsistencies.
1095 xfs_dqhash_t *qmtest_udqtab;
1096 xfs_dqhash_t *qmtest_gdqtab;
1097 int qmtest_hashmask;
1099 mutex_t qcheck_lock;
1101 #define DQTEST_HASHVAL(mp, id) (((__psunsigned_t)(mp) + \
1102 (__psunsigned_t)(id)) & \
1103 (qmtest_hashmask - 1))
1105 #define DQTEST_HASH(mp, id, type) ((type & XFS_DQ_USER) ? \
1107 DQTEST_HASHVAL(mp, id)) : \
1109 DQTEST_HASHVAL(mp, id)))
1111 #define DQTEST_LIST_PRINT(l, NXT, title) \
1113 xfs_dqtest_t *dqp; int i = 0;\
1114 cmn_err(CE_DEBUG, "%s (#%d)", title, (int) (l)->qh_nelems); \
1115 for (dqp = (xfs_dqtest_t *)(l)->qh_next; dqp != NULL; \
1116 dqp = (xfs_dqtest_t *)dqp->NXT) { \
1117 cmn_err(CE_DEBUG, " %d\. \"%d (%s)\" bcnt = %d, icnt = %d", \
1118 ++i, dqp->d_id, DQFLAGTO_TYPESTR(dqp), \
1119 dqp->d_bcount, dqp->d_icount); } \
1122 typedef struct dqtest {
1123 xfs_dqmarker_t q_lists;
1124 xfs_dqhash_t *q_hash; /* the hashchain header */
1125 xfs_mount_t *q_mount; /* filesystem this relates to */
1126 xfs_dqid_t d_id; /* user id or group id */
1127 xfs_qcnt_t d_bcount; /* # disk blocks owned by the user */
1128 xfs_qcnt_t d_icount; /* # inodes owned by the user */
1132 xfs_qm_hashinsert(xfs_dqhash_t *h, xfs_dqtest_t *dqp)
1135 if (((d) = (h)->qh_next))
1136 (d)->HL_PREVP = &((dqp)->HL_NEXT);
1138 (dqp)->HL_PREVP = &((h)->qh_next);
1139 (h)->qh_next = (xfs_dquot_t *)dqp;
1144 xfs_qm_dqtest_print(
1147 cmn_err(CE_DEBUG, "-----------DQTEST DQUOT----------------");
1148 cmn_err(CE_DEBUG, "---- dquot ID = %d", d->d_id);
1149 cmn_err(CE_DEBUG, "---- type = %s", XFS_QM_ISUDQ(d)? "USR" : "GRP");
1150 cmn_err(CE_DEBUG, "---- fs = 0x%p", d->q_mount);
1151 cmn_err(CE_DEBUG, "---- bcount = %Lu (0x%x)",
1152 d->d_bcount, (int)d->d_bcount);
1153 cmn_err(CE_DEBUG, "---- icount = %Lu (0x%x)",
1154 d->d_icount, (int)d->d_icount);
1155 cmn_err(CE_DEBUG, "---------------------------");
1159 xfs_qm_dqtest_failed(
1169 cmn_err(CE_DEBUG, "quotacheck failed id=%d, err=%d\nreason: %s",
1170 INT_GET(d->d_id, ARCH_CONVERT), error, reason);
1172 cmn_err(CE_DEBUG, "quotacheck failed id=%d (%s) [%d != %d]",
1173 INT_GET(d->d_id, ARCH_CONVERT), reason, (int)a, (int)b);
1174 xfs_qm_dqtest_print(d);
1176 xfs_qm_dqprint(dqp);
1185 if (INT_GET(dqp->q_core.d_icount, ARCH_CONVERT) != d->d_icount) {
1186 xfs_qm_dqtest_failed(d, dqp, "icount mismatch",
1187 INT_GET(dqp->q_core.d_icount, ARCH_CONVERT),
1191 if (INT_GET(dqp->q_core.d_bcount, ARCH_CONVERT) != d->d_bcount) {
1192 xfs_qm_dqtest_failed(d, dqp, "bcount mismatch",
1193 INT_GET(dqp->q_core.d_bcount, ARCH_CONVERT),
1197 if (INT_GET(dqp->q_core.d_blk_softlimit, ARCH_CONVERT) &&
1198 INT_GET(dqp->q_core.d_bcount, ARCH_CONVERT) >=
1199 INT_GET(dqp->q_core.d_blk_softlimit, ARCH_CONVERT)) {
1200 if (INT_ISZERO(dqp->q_core.d_btimer, ARCH_CONVERT) &&
1201 !INT_ISZERO(dqp->q_core.d_id, ARCH_CONVERT)) {
1203 "%d [%s] [0x%p] BLK TIMER NOT STARTED",
1204 d->d_id, DQFLAGTO_TYPESTR(d), d->q_mount);
1208 if (INT_GET(dqp->q_core.d_ino_softlimit, ARCH_CONVERT) &&
1209 INT_GET(dqp->q_core.d_icount, ARCH_CONVERT) >=
1210 INT_GET(dqp->q_core.d_ino_softlimit, ARCH_CONVERT)) {
1211 if (INT_ISZERO(dqp->q_core.d_itimer, ARCH_CONVERT) &&
1212 !INT_ISZERO(dqp->q_core.d_id, ARCH_CONVERT)) {
1214 "%d [%s] [0x%p] INO TIMER NOT STARTED",
1215 d->d_id, DQFLAGTO_TYPESTR(d), d->q_mount);
1221 cmn_err(CE_DEBUG, "%d [%s] [0x%p] qchecked",
1222 d->d_id, XFS_QM_ISUDQ(d) ? "USR" : "GRP", d->q_mount);
1235 /* xfs_qm_dqtest_print(d); */
1236 if ((error = xfs_qm_dqget(d->q_mount, NULL, d->d_id, d->dq_flags, 0,
1238 xfs_qm_dqtest_failed(d, NULL, "dqget failed", 0, 0, error);
1241 xfs_dqtest_cmp2(d, dqp);
1246 xfs_qm_internalqcheck_dqget(
1250 xfs_dqtest_t **O_dq)
1255 h = DQTEST_HASH(mp, id, type);
1256 for (d = (xfs_dqtest_t *) h->qh_next; d != NULL;
1257 d = (xfs_dqtest_t *) d->HL_NEXT) {
1258 /* DQTEST_LIST_PRINT(h, HL_NEXT, "@@@@@ dqtestlist @@@@@"); */
1259 if (d->d_id == id && mp == d->q_mount) {
1264 d = kmem_zalloc(sizeof(xfs_dqtest_t), KM_SLEEP);
1269 xfs_qm_hashinsert(h, d);
1275 xfs_qm_internalqcheck_get_dquots(
1282 if (XFS_IS_UQUOTA_ON(mp))
1283 xfs_qm_internalqcheck_dqget(mp, uid, XFS_DQ_USER, ud);
1284 if (XFS_IS_GQUOTA_ON(mp))
1285 xfs_qm_internalqcheck_dqget(mp, gid, XFS_DQ_GROUP, gd);
1290 xfs_qm_internalqcheck_dqadjust(
1295 d->d_bcount += (xfs_qcnt_t)ip->i_d.di_nblocks;
1299 xfs_qm_internalqcheck_adjust(
1300 xfs_mount_t *mp, /* mount point for filesystem */
1301 xfs_ino_t ino, /* inode number to get data for */
1302 void *buffer, /* not used */
1303 int ubsize, /* not used */
1304 void *private_data, /* not used */
1305 xfs_daddr_t bno, /* starting block of inode cluster */
1306 int *ubused, /* not used */
1307 void *dip, /* not used */
1308 int *res) /* bulkstat result code */
1311 xfs_dqtest_t *ud, *gd;
1313 boolean_t ipreleased;
1316 ASSERT(XFS_IS_QUOTA_RUNNING(mp));
1318 if (ino == mp->m_sb.sb_uquotino || ino == mp->m_sb.sb_gquotino) {
1319 *res = BULKSTAT_RV_NOTHING;
1320 qdprintk("internalqcheck: ino=%llu, uqino=%llu, gqino=%llu\n",
1321 (unsigned long long) ino,
1322 (unsigned long long) mp->m_sb.sb_uquotino,
1323 (unsigned long long) mp->m_sb.sb_gquotino);
1324 return XFS_ERROR(EINVAL);
1326 ipreleased = B_FALSE;
1328 lock_flags = XFS_ILOCK_SHARED;
1329 if ((error = xfs_iget(mp, NULL, ino, lock_flags, &ip, bno))) {
1330 *res = BULKSTAT_RV_NOTHING;
1334 if (ip->i_d.di_mode == 0) {
1335 xfs_iput_new(ip, lock_flags);
1336 *res = BULKSTAT_RV_NOTHING;
1337 return XFS_ERROR(ENOENT);
1341 * This inode can have blocks after eof which can get released
1342 * when we send it to inactive. Since we don't check the dquot
1343 * until the after all our calculations are done, we must get rid
1347 xfs_iput(ip, lock_flags);
1348 ipreleased = B_TRUE;
1351 xfs_qm_internalqcheck_get_dquots(mp,
1352 (xfs_dqid_t) ip->i_d.di_uid,
1353 (xfs_dqid_t) ip->i_d.di_gid,
1355 if (XFS_IS_UQUOTA_ON(mp)) {
1357 xfs_qm_internalqcheck_dqadjust(ip, ud);
1359 if (XFS_IS_GQUOTA_ON(mp)) {
1361 xfs_qm_internalqcheck_dqadjust(ip, gd);
1363 xfs_iput(ip, lock_flags);
1364 *res = BULKSTAT_RV_DIDONE;
1369 /* PRIVATE, debugging */
1371 xfs_qm_internalqcheck(
1377 xfs_dqtest_t *d, *e;
1382 qmtest_hashmask = 32;
1387 if (! XFS_IS_QUOTA_ON(mp))
1388 return XFS_ERROR(ESRCH);
1390 xfs_log_force(mp, (xfs_lsn_t)0, XFS_LOG_FORCE | XFS_LOG_SYNC);
1391 XFS_bflush(mp->m_ddev_targp);
1392 xfs_log_force(mp, (xfs_lsn_t)0, XFS_LOG_FORCE | XFS_LOG_SYNC);
1393 XFS_bflush(mp->m_ddev_targp);
1395 mutex_lock(&qcheck_lock, PINOD);
1396 /* There should be absolutely no quota activity while this
1398 qmtest_udqtab = kmem_zalloc(qmtest_hashmask *
1399 sizeof(xfs_dqhash_t), KM_SLEEP);
1400 qmtest_gdqtab = kmem_zalloc(qmtest_hashmask *
1401 sizeof(xfs_dqhash_t), KM_SLEEP);
1404 * Iterate thru all the inodes in the file system,
1405 * adjusting the corresponding dquot counters
1407 if ((error = xfs_bulkstat(mp, &lastino, &count,
1408 xfs_qm_internalqcheck_adjust, NULL,
1409 0, NULL, BULKSTAT_FG_IGET, &done))) {
1414 cmn_err(CE_DEBUG, "Bulkstat returned error 0x%x", error);
1416 cmn_err(CE_DEBUG, "Checking results against system dquots");
1417 for (i = 0; i < qmtest_hashmask; i++) {
1418 h1 = &qmtest_udqtab[i];
1419 for (d = (xfs_dqtest_t *) h1->qh_next; d != NULL; ) {
1421 e = (xfs_dqtest_t *) d->HL_NEXT;
1422 kmem_free(d, sizeof(xfs_dqtest_t));
1425 h1 = &qmtest_gdqtab[i];
1426 for (d = (xfs_dqtest_t *) h1->qh_next; d != NULL; ) {
1428 e = (xfs_dqtest_t *) d->HL_NEXT;
1429 kmem_free(d, sizeof(xfs_dqtest_t));
1434 if (qmtest_nfails) {
1435 cmn_err(CE_DEBUG, "******** quotacheck failed ********");
1436 cmn_err(CE_DEBUG, "failures = %d", qmtest_nfails);
1438 cmn_err(CE_DEBUG, "******** quotacheck successful! ********");
1440 kmem_free(qmtest_udqtab, qmtest_hashmask * sizeof(xfs_dqhash_t));
1441 kmem_free(qmtest_gdqtab, qmtest_hashmask * sizeof(xfs_dqhash_t));
1442 mutex_unlock(&qcheck_lock);
1443 return (qmtest_nfails);