1. 18 8月, 2017 5 次提交
  2. 22 6月, 2017 1 次提交
    • T
      quota: add get_inode_usage callback to transfer multi-inode charges · 7a9ca53a
      Tahsin Erdogan 提交于
      Ext4 ea_inode feature allows storing xattr values in external inodes to
      be able to store values that are bigger than a block in size. Ext4 also
      has deduplication support for these type of inodes. With deduplication,
      the actual storage waste is eliminated but the users of such inodes are
      still charged full quota for the inodes as if there was no sharing
      happening in the background.
      
      This design requires ext4 to manually charge the users because the
      inodes are shared.
      
      An implication of this is that, if someone calls chown on a file that
      has such references we need to transfer the quota for the file and xattr
      inodes. Current dquot_transfer() function implicitly transfers one inode
      charge. With ea_inode feature, we would like to transfer multiple inode
      charges.
      
      Add get_inode_usage callback which can interrogate the total number of
      inodes that were charged for a given inode.
      
      [ Applied fix from Colin King to make sure the 'ret' variable is
        initialized on the successful return path.  Detected by
        CoverityScan, CID#1446616 ("Uninitialized scalar variable") --tytso]
      Signed-off-by: NTahsin Erdogan <tahsin@google.com>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: NColin Ian King <colin.king@canonical.com>
      Acked-by: NJan Kara <jack@suse.cz>
      7a9ca53a
  3. 25 5月, 2017 1 次提交
  4. 19 4月, 2017 2 次提交
  5. 02 3月, 2017 1 次提交
  6. 19 12月, 2016 1 次提交
    • J
      quota: Fix bogus warning in dquot_disable() · 2700e606
      Jan Kara 提交于
      dquot_disable() was warning when sb_has_quota_loaded() was true when
      invalidating page cache for quota files. The thinking behind this
      warning was that we must have raced with somebody else turning quotas on
      and this should not happen because all places modifying quota state must
      hold s_umount exclusively now. However sb_has_quota_loaded() can be also
      true at this point when we are just suspending quotas on remount
      read-only. Just restore the behavior to situation before commit
      c3b00446 ("quota: Remove dqonoff_mutex") which introduced the
      warning.
      
      The code in dquot_disable() can be further simplified with the new
      locking of quota state changes however let's leave that to a separate
      commit that can get more testing exposure.
      
      Fixes: c3b00446Signed-off-by: NJan Kara <jack@suse.cz>
      2700e606
  7. 06 12月, 2016 1 次提交
  8. 30 11月, 2016 2 次提交
  9. 24 11月, 2016 2 次提交
    • J
      quota: Use s_umount protection for quota operations · 9d1ccbe7
      Jan Kara 提交于
      Writeback quota is protected by s_umount semaphore held for reading
      because every writeback must be protected by that lock (grabbed either
      by the generic writeback code or by quotactl handler). Getting next
      available ID in quota file, querying quota state, setting quota
      information, getting quota format are all quotactl operations protected
      by s_umount semaphore held for reading grabbed in quotactl handler.
      
      This also fixes lockdep splat about possible deadlock during filesystem
      freezing where sync_filesystem() is called with page-faults already
      blocked but sync_filesystem() calls into dquot_writeback_dquots() which
      grabs dqonoff_mutex which ranks above i_mutex (vfs_load_quota_inode()
      grabs i_mutex under dqonoff_mutex) which clearly ranks below page fault
      freeze protection (e.g. via mmap_sem dependencies). The reported problem
      is not a real deadlock possibility since during quota on we check
      whether filesystem freezing is not in progress but still it is good to
      have this fixed.
      Reported-by: NTed Tso <tytso@mit.edu>
      Reported-by: NEric Whitney <enwlinux@gmail.com>
      Signed-off-by: NJan Kara <jack@suse.cz>
      9d1ccbe7
    • J
      quota: Hold s_umount in exclusive mode when enabling / disabling quotas · 7d6cd73d
      Jan Kara 提交于
      Currently we hold s_umount semaphore only in shared mode when enabling
      or disabling quotas and use dqonoff_mutex for serializing quota state
      changes on a filesystem and also quota state changes with other places
      depending on current quota state. Using dedicated mutex for this causes
      possible deadlocks during filesystem freezing (see following commit for
      details) so we transition to using s_umount semaphore for the necessary
      synchronization whose lock ordering is properly handled by the
      filesystem freezing code. As a start grab s_umount in exclusive mode
      when enabling / disabling quotas.
      Signed-off-by: NJan Kara <jack@suse.cz>
      7d6cd73d
  10. 06 7月, 2016 2 次提交
    • E
      dquot: For now explicitly don't support filesystems outside of init_user_ns · 5c004828
      Eric W. Biederman 提交于
      Mostly supporting filesystems outside of init_user_ns is
      s/&init_usre_ns/dquot->dq_sb->s_user_ns/.  An actual need for
      supporting quotas on filesystems outside of s_user_ns is quite a ways
      away and to be done responsibily needs an audit on what can happen
      with hostile quota files.  Until that audit is complete don't attempt
      to support quota files on filesystems outside of s_user_ns.
      
      Cc: Jan Kara <jack@suse.cz>
      Acked-by: NSeth Forshee <seth.forshee@canonical.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      5c004828
    • E
      quota: Ensure qids map to the filesystem · d49d3762
      Eric W. Biederman 提交于
      Introduce the helper qid_has_mapping and use it to ensure that the
      quota system only considers qids that map to the filesystems
      s_user_ns.
      
      In practice for quota supporting filesystems today this is the exact
      same check as qid_valid.  As only 0xffffffff aka (qid_t)-1 does not
      map into init_user_ns.
      
      Replace the qid_valid calls with qid_has_mapping as values come in
      from userspace.  This is harmless today and it prepares the quota
      system to work on filesystems with quotas but mounted by unprivileged
      users.
      
      Call qid_has_mapping from dqget.  This ensures the passed in qid has a
      prepresentation on the underlying filesystem.  Previously this was
      unnecessary as filesystesm never had qids that could not map.  With
      the introduction of filesystems outside of s_user_ns this will not
      remain true.
      
      All of this ensures the quota code never has to deal with qids that
      don't map to the underlying filesystem.
      
      Cc: Jan Kara <jack@suse.cz>
      Acked-by: NSeth Forshee <seth.forshee@canonical.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      d49d3762
  11. 20 6月, 2016 1 次提交
    • A
      quota: use time64_t internally · e008bb61
      Arnd Bergmann 提交于
      The quota subsystem has two formats, the old v1 format using architecture
      specific time_t values on the on-disk format, while the v2 format
      (introduced in Linux 2.5.16 and 2.4.22) uses fixed 64-bit little-endian.
      
      While there is no future for the v1 format beyond y2038, the v2 format
      is almost there on 32-bit architectures, as both the user interface
      and the on-disk format use 64-bit timestamps, just not the time_t
      inbetween.
      
      This changes the internal representation to use time64_t, which will
      end up doing the right thing everywhere for v2 format.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Signed-off-by: NJan Kara <jack@suse.cz>
      e008bb61
  12. 29 3月, 2016 1 次提交
  13. 14 3月, 2016 1 次提交
  14. 03 3月, 2016 1 次提交
  15. 18 2月, 2016 1 次提交
    • J
      quota: Fix possible races during quota loading · 044c9b67
      Jan Kara 提交于
      When loading new quota structure from disk, there is a possibility caller
      of dqget() will see uninitialized data due to CPU reordering loads or
      stores - loads from dquot can be reordered before test of DQ_ACTIVE_B
      bit or setting of this bit could be reordered before filling of the
      structure. Fix the issue by adding proper memory barriers.
      Signed-off-by: NJan Kara <jack@suse.cz>
      044c9b67
  16. 09 2月, 2016 1 次提交
  17. 23 1月, 2016 1 次提交
    • A
      wrappers for ->i_mutex access · 5955102c
      Al Viro 提交于
      parallel to mutex_{lock,unlock,trylock,is_locked,lock_nested},
      inode_foo(inode) being mutex_foo(&inode->i_mutex).
      
      Please, use those for access to ->i_mutex; over the coming cycle
      ->i_mutex will become rwsem, with ->lookup() done with it held
      only shared.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      5955102c
  18. 14 12月, 2015 1 次提交
    • P
      fs: make quota/dquot.c explicitly non-modular · 331221fa
      Paul Gortmaker 提交于
      The Kconfig currently controlling compilation of this code is:
      
      config QUOTA
              bool "Quota support"
      
      ...meaning that it currently is not being built as a module by anyone.
      
      Lets remove the couple traces of modularity so that when reading the
      driver there is no doubt it is builtin-only.
      
      Since module_init translates to device_initcall in the non-modular
      case, the init ordering gets bumped to one level earlier when we
      use the more appropriate fs_initcall here.  However we've made similar
      changes before without any fallout and none is expected here either.
      
      We don't delete module.h because the code in turn tries to load other
      modules as appropriate and so it still needs that header.
      
      Cc: Jan Kara <jack@suse.com>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: linux-fsdevel@vger.kernel.org
      Signed-off-by: NPaul Gortmaker <paul.gortmaker@windriver.com>
      Signed-off-by: NJan Kara <jack@suse.cz>
      331221fa
  19. 18 8月, 2015 1 次提交
  20. 24 7月, 2015 1 次提交
    • J
      quota: Propagate error from ->acquire_dquot() · 6184fc0b
      Jan Kara 提交于
      Currently when some error happened in ->acquire_dquot(), dqget() just
      returned NULL. That was indistinguishable from a case when e.g. someone
      run quotaoff and so was generally silently ignored. However
      ->acquire_dquot() can fail because of ENOSPC or EIO in which case user
      should better know. So propagate error up from ->acquire_dquot properly.
      Signed-off-by: NJan Kara <jack@suse.cz>
      6184fc0b
  21. 16 4月, 2015 1 次提交
  22. 19 3月, 2015 1 次提交
  23. 04 3月, 2015 3 次提交
  24. 30 1月, 2015 2 次提交
    • J
      quota: Store maximum space limit in bytes · b10a0819
      Jan Kara 提交于
      Currently maximum space limit quota format supports is in blocks however
      since we store space limits in bytes, this is somewhat confusing. So
      store the maximum limit in bytes as well. Also rename the field to match
      the new unit and related inode field to match the new naming scheme.
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NJan Kara <jack@suse.cz>
      b10a0819
    • J
      quota: Add ->quota_{enable,disable} callbacks for VFS quotas · 3e2af67e
      Jan Kara 提交于
      Add functions which translate ->quota_enable / ->quota_disable calls
      into appropriate changes in VFS quota. This will enable filesystems
      supporting VFS quota files in system inodes to be controlled via
      Q_XQUOTA[ON|OFF] quotactls for better userspace compatibility.
      
      Also provide a vector for quotactl using these functions which can be
      used by filesystems with quota files stored in hidden system files.
      Signed-off-by: NJan Kara <jack@suse.cz>
      3e2af67e
  25. 28 1月, 2015 1 次提交
    • J
      quota: Switch ->get_dqblk() and ->set_dqblk() to use bytes as space units · 14bf61ff
      Jan Kara 提交于
      Currently ->get_dqblk() and ->set_dqblk() use struct fs_disk_quota which
      tracks space limits and usage in 512-byte blocks. However VFS quotas
      track usage in bytes (as some filesystems require that) and we need to
      somehow pass this information. Upto now it wasn't a problem because we
      didn't do any unit conversion (thus VFS quota routines happily stuck
      number of bytes into d_bcount field of struct fd_disk_quota). Only if
      you tried to use Q_XGETQUOTA or Q_XSETQLIM for VFS quotas (or Q_GETQUOTA
      / Q_SETQUOTA for XFS quotas), you got bogus results. Hardly anyone
      tried this but reportedly some Samba users hit the problem in practice.
      So when we want interfaces compatible we need to fix this.
      
      We bite the bullet and define another quota structure used for passing
      information from/to ->get_dqblk()/->set_dqblk. It's somewhat sad we have
      to have more conversion routines in fs/quota/quota.c and another copying
      of quota structure slows down getting of quota information by about 2%
      but it seems cleaner than overloading e.g. units of d_bcount to bytes.
      
      CC: stable@vger.kernel.org
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NJan Kara <jack@suse.cz>
      14bf61ff
  26. 22 1月, 2015 2 次提交
    • J
      quota: Verify flags passed to Q_SETINFO · ca6cb091
      Jan Kara 提交于
      Currently flags passed via Q_SETINFO were just stored. This makes it
      hard to add new flags since in theory userspace could be just setting /
      clearing random flags. Since currently there is only one userspace
      settable flag and that is somewhat obscure flags only for ancient v1
      quota format, I'm reasonably sure noone operates these flags and
      hopefully we are fine just adding the check that passed flags are sane.
      If we indeed find some userspace program that gets broken by the strict
      check, we can always remove it again.
      Signed-off-by: NJan Kara <jack@suse.cz>
      ca6cb091
    • J
      quota: Cleanup flags definitions · 9c45101e
      Jan Kara 提交于
      Currently all quota flags were defined just in kernel-private headers.
      Export flags readable / writeable from userspace to userspace via
      include/uapi/linux/quota.h.
      Signed-off-by: NJan Kara <jack@suse.cz>
      9c45101e
  27. 10 11月, 2014 2 次提交