mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-08-05 16:54:27 +00:00
9f0902091c
Mounting a filesystem that requires quota state changing will generate a transaction. We already check for a read-only device; we should do that for norecovery too. A quotacheck on a norecovery mount, and with the right log size, will cause the mount process to hang on: [<0>] xlog_grant_head_wait+0x5d/0x2a0 [xfs] [<0>] xlog_grant_head_check+0x112/0x180 [xfs] [<0>] xfs_log_reserve+0xe3/0x260 [xfs] [<0>] xfs_trans_reserve+0x179/0x250 [xfs] [<0>] xfs_trans_alloc+0x101/0x260 [xfs] [<0>] xfs_sync_sb+0x3f/0x80 [xfs] [<0>] xfs_qm_mount_quotas+0xe3/0x2f0 [xfs] [<0>] xfs_mountfs+0x7ad/0xc20 [xfs] [<0>] xfs_fs_fill_super+0x762/0xa50 [xfs] [<0>] get_tree_bdev_flags+0x131/0x1d0 [<0>] vfs_get_tree+0x26/0xd0 [<0>] vfs_cmd_create+0x59/0xe0 [<0>] __do_sys_fsconfig+0x4e3/0x6b0 [<0>] do_syscall_64+0x82/0x160 [<0>] entry_SYSCALL_64_after_hwframe+0x76/0x7e This is caused by a transaction running with bogus initialized head/tail I initially hit this while running generic/050, with random log sizes, but I managed to reproduce it reliably here with the steps below: mkfs.xfs -f -lsize=1025M -f -b size=4096 -m crc=1,reflink=1,rmapbt=1, -i sparse=1 /dev/vdb2 > /dev/null mount -o usrquota,grpquota,prjquota /dev/vdb2 /mnt xfs_io -x -c 'shutdown -f' /mnt umount /mnt mount -o ro,norecovery,usrquota,grpquota,prjquota /dev/vdb2 /mnt Last mount hangs up As we add yet another validation if quota state is changing, this also add a new helper named xfs_qm_validate_state_change(), factoring the quota state changes out of xfs_qm_newmount() to reduce cluttering within it. Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com> Reviewed-by: Darrick J. Wong <djwong@kernel.org> Signed-off-by: Carlos Maiolino <cem@kernel.org>
190 lines
4.6 KiB
C
190 lines
4.6 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* Copyright (c) 2000-2006 Silicon Graphics, Inc.
|
|
* All Rights Reserved.
|
|
*/
|
|
#include "xfs.h"
|
|
#include "xfs_fs.h"
|
|
#include "xfs_shared.h"
|
|
#include "xfs_format.h"
|
|
#include "xfs_log_format.h"
|
|
#include "xfs_trans_resv.h"
|
|
#include "xfs_mount.h"
|
|
#include "xfs_quota.h"
|
|
#include "xfs_inode.h"
|
|
#include "xfs_trans.h"
|
|
#include "xfs_qm.h"
|
|
|
|
|
|
STATIC void
|
|
xfs_fill_statvfs_from_dquot(
|
|
struct kstatfs *statp,
|
|
struct xfs_inode *ip,
|
|
struct xfs_dquot *dqp)
|
|
{
|
|
struct xfs_dquot_res *blkres = &dqp->q_blk;
|
|
uint64_t limit;
|
|
|
|
if (XFS_IS_REALTIME_MOUNT(ip->i_mount) &&
|
|
(ip->i_diflags & (XFS_DIFLAG_RTINHERIT | XFS_DIFLAG_REALTIME)))
|
|
blkres = &dqp->q_rtb;
|
|
|
|
limit = blkres->softlimit ?
|
|
blkres->softlimit :
|
|
blkres->hardlimit;
|
|
if (limit) {
|
|
uint64_t remaining = 0;
|
|
|
|
if (limit > blkres->reserved)
|
|
remaining = limit - blkres->reserved;
|
|
|
|
statp->f_blocks = min(statp->f_blocks, limit);
|
|
statp->f_bfree = min(statp->f_bfree, remaining);
|
|
}
|
|
|
|
limit = dqp->q_ino.softlimit ?
|
|
dqp->q_ino.softlimit :
|
|
dqp->q_ino.hardlimit;
|
|
if (limit) {
|
|
uint64_t remaining = 0;
|
|
|
|
if (limit > dqp->q_ino.reserved)
|
|
remaining = limit - dqp->q_ino.reserved;
|
|
|
|
statp->f_files = min(statp->f_files, limit);
|
|
statp->f_ffree = min(statp->f_ffree, remaining);
|
|
}
|
|
}
|
|
|
|
|
|
/*
|
|
* Directory tree accounting is implemented using project quotas, where
|
|
* the project identifier is inherited from parent directories.
|
|
* A statvfs (df, etc.) of a directory that is using project quota should
|
|
* return a statvfs of the project, not the entire filesystem.
|
|
* This makes such trees appear as if they are filesystems in themselves.
|
|
*/
|
|
void
|
|
xfs_qm_statvfs(
|
|
struct xfs_inode *ip,
|
|
struct kstatfs *statp)
|
|
{
|
|
struct xfs_mount *mp = ip->i_mount;
|
|
struct xfs_dquot *dqp;
|
|
|
|
if (!xfs_qm_dqget(mp, ip->i_projid, XFS_DQTYPE_PROJ, false, &dqp)) {
|
|
xfs_fill_statvfs_from_dquot(statp, ip, dqp);
|
|
xfs_qm_dqput(dqp);
|
|
}
|
|
}
|
|
|
|
STATIC int
|
|
xfs_qm_validate_state_change(
|
|
struct xfs_mount *mp,
|
|
uint uqd,
|
|
uint gqd,
|
|
uint pqd)
|
|
{
|
|
int state;
|
|
|
|
/* Is quota state changing? */
|
|
state = ((uqd && !XFS_IS_UQUOTA_ON(mp)) ||
|
|
(!uqd && XFS_IS_UQUOTA_ON(mp)) ||
|
|
(gqd && !XFS_IS_GQUOTA_ON(mp)) ||
|
|
(!gqd && XFS_IS_GQUOTA_ON(mp)) ||
|
|
(pqd && !XFS_IS_PQUOTA_ON(mp)) ||
|
|
(!pqd && XFS_IS_PQUOTA_ON(mp)));
|
|
|
|
return state &&
|
|
(xfs_dev_is_read_only(mp, "changing quota state") ||
|
|
xfs_has_norecovery(mp));
|
|
}
|
|
|
|
int
|
|
xfs_qm_newmount(
|
|
xfs_mount_t *mp,
|
|
uint *needquotamount,
|
|
uint *quotaflags)
|
|
{
|
|
uint quotaondisk;
|
|
uint uquotaondisk = 0, gquotaondisk = 0, pquotaondisk = 0;
|
|
|
|
quotaondisk = xfs_has_quota(mp) &&
|
|
(mp->m_sb.sb_qflags & XFS_ALL_QUOTA_ACCT);
|
|
|
|
if (quotaondisk) {
|
|
uquotaondisk = mp->m_sb.sb_qflags & XFS_UQUOTA_ACCT;
|
|
pquotaondisk = mp->m_sb.sb_qflags & XFS_PQUOTA_ACCT;
|
|
gquotaondisk = mp->m_sb.sb_qflags & XFS_GQUOTA_ACCT;
|
|
}
|
|
|
|
/*
|
|
* If the device itself is read-only and/or in norecovery
|
|
* mode, we can't allow the user to change the state of
|
|
* quota on the mount - this would generate a transaction
|
|
* on the ro device, which would lead to an I/O error and
|
|
* shutdown.
|
|
*/
|
|
|
|
if (xfs_qm_validate_state_change(mp, uquotaondisk,
|
|
gquotaondisk, pquotaondisk)) {
|
|
|
|
if (xfs_has_metadir(mp))
|
|
xfs_warn(mp,
|
|
"metadir enabled, please mount without any quota mount options");
|
|
else
|
|
xfs_warn(mp, "please mount with%s%s%s%s.",
|
|
(!quotaondisk ? "out quota" : ""),
|
|
(uquotaondisk ? " usrquota" : ""),
|
|
(gquotaondisk ? " grpquota" : ""),
|
|
(pquotaondisk ? " prjquota" : ""));
|
|
return -EPERM;
|
|
}
|
|
|
|
if (XFS_IS_QUOTA_ON(mp) || quotaondisk) {
|
|
/*
|
|
* Call mount_quotas at this point only if we won't have to do
|
|
* a quotacheck.
|
|
*/
|
|
if (quotaondisk && !XFS_QM_NEED_QUOTACHECK(mp)) {
|
|
/*
|
|
* If an error occurred, qm_mount_quotas code
|
|
* has already disabled quotas. So, just finish
|
|
* mounting, and get on with the boring life
|
|
* without disk quotas.
|
|
*/
|
|
xfs_qm_mount_quotas(mp);
|
|
} else {
|
|
/*
|
|
* Clear the quota flags, but remember them. This
|
|
* is so that the quota code doesn't get invoked
|
|
* before we're ready. This can happen when an
|
|
* inode goes inactive and wants to free blocks,
|
|
* or via xfs_log_mount_finish.
|
|
*/
|
|
*needquotamount = true;
|
|
*quotaflags = mp->m_qflags;
|
|
mp->m_qflags = 0;
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* If the sysadmin didn't provide any quota mount options, restore the quota
|
|
* accounting and enforcement state from the ondisk superblock. Only do this
|
|
* for metadir filesystems because this is a behavior change.
|
|
*/
|
|
void
|
|
xfs_qm_resume_quotaon(
|
|
struct xfs_mount *mp)
|
|
{
|
|
if (!xfs_has_metadir(mp))
|
|
return;
|
|
if (xfs_has_norecovery(mp))
|
|
return;
|
|
|
|
mp->m_qflags = mp->m_sb.sb_qflags & (XFS_ALL_QUOTA_ACCT |
|
|
XFS_ALL_QUOTA_ENFD);
|
|
}
|