1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * quota.c - CephFS quota
4  *
5  * Copyright (C) 2017-2018 SUSE
6  *
7  * This program is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU General Public License
9  * as published by the Free Software Foundation; either version 2
10  * of the License, or (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, see <http://www.gnu.org/licenses/>.
19  */
20 
21 #include <linux/statfs.h>
22 
23 #include "super.h"
24 #include "mds_client.h"
25 
ceph_adjust_quota_realms_count(struct inode * inode,bool inc)26 void ceph_adjust_quota_realms_count(struct inode *inode, bool inc)
27 {
28 	struct ceph_mds_client *mdsc = ceph_inode_to_client(inode)->mdsc;
29 	if (inc)
30 		atomic64_inc(&mdsc->quotarealms_count);
31 	else
32 		atomic64_dec(&mdsc->quotarealms_count);
33 }
34 
ceph_has_realms_with_quotas(struct inode * inode)35 static inline bool ceph_has_realms_with_quotas(struct inode *inode)
36 {
37 	struct ceph_mds_client *mdsc = ceph_inode_to_client(inode)->mdsc;
38 	return atomic64_read(&mdsc->quotarealms_count) > 0;
39 }
40 
ceph_handle_quota(struct ceph_mds_client * mdsc,struct ceph_mds_session * session,struct ceph_msg * msg)41 void ceph_handle_quota(struct ceph_mds_client *mdsc,
42 		       struct ceph_mds_session *session,
43 		       struct ceph_msg *msg)
44 {
45 	struct super_block *sb = mdsc->fsc->sb;
46 	struct ceph_mds_quota *h = msg->front.iov_base;
47 	struct ceph_vino vino;
48 	struct inode *inode;
49 	struct ceph_inode_info *ci;
50 
51 	if (msg->front.iov_len < sizeof(*h)) {
52 		pr_err("%s corrupt message mds%d len %d\n", __func__,
53 		       session->s_mds, (int)msg->front.iov_len);
54 		ceph_msg_dump(msg);
55 		return;
56 	}
57 
58 	/* increment msg sequence number */
59 	mutex_lock(&session->s_mutex);
60 	session->s_seq++;
61 	mutex_unlock(&session->s_mutex);
62 
63 	/* lookup inode */
64 	vino.ino = le64_to_cpu(h->ino);
65 	vino.snap = CEPH_NOSNAP;
66 	inode = ceph_find_inode(sb, vino);
67 	if (!inode) {
68 		pr_warn("Failed to find inode %llu\n", vino.ino);
69 		return;
70 	}
71 	ci = ceph_inode(inode);
72 
73 	spin_lock(&ci->i_ceph_lock);
74 	ci->i_rbytes = le64_to_cpu(h->rbytes);
75 	ci->i_rfiles = le64_to_cpu(h->rfiles);
76 	ci->i_rsubdirs = le64_to_cpu(h->rsubdirs);
77 	__ceph_update_quota(ci, le64_to_cpu(h->max_bytes),
78 		            le64_to_cpu(h->max_files));
79 	spin_unlock(&ci->i_ceph_lock);
80 
81 	iput(inode);
82 }
83 
84 /*
85  * This function walks through the snaprealm for an inode and returns the
86  * ceph_snap_realm for the first snaprealm that has quotas set (either max_files
87  * or max_bytes).  If the root is reached, return the root ceph_snap_realm
88  * instead.
89  *
90  * Note that the caller is responsible for calling ceph_put_snap_realm() on the
91  * returned realm.
92  */
get_quota_realm(struct ceph_mds_client * mdsc,struct inode * inode)93 static struct ceph_snap_realm *get_quota_realm(struct ceph_mds_client *mdsc,
94 					       struct inode *inode)
95 {
96 	struct ceph_inode_info *ci = NULL;
97 	struct ceph_snap_realm *realm, *next;
98 	struct inode *in;
99 	bool has_quota;
100 
101 	if (ceph_snap(inode) != CEPH_NOSNAP)
102 		return NULL;
103 
104 	realm = ceph_inode(inode)->i_snap_realm;
105 	if (realm)
106 		ceph_get_snap_realm(mdsc, realm);
107 	else
108 		pr_err_ratelimited("get_quota_realm: ino (%llx.%llx) "
109 				   "null i_snap_realm\n", ceph_vinop(inode));
110 	while (realm) {
111 		spin_lock(&realm->inodes_with_caps_lock);
112 		in = realm->inode ? igrab(realm->inode) : NULL;
113 		spin_unlock(&realm->inodes_with_caps_lock);
114 		if (!in)
115 			break;
116 
117 		ci = ceph_inode(in);
118 		has_quota = __ceph_has_any_quota(ci);
119 		iput(in);
120 
121 		next = realm->parent;
122 		if (has_quota || !next)
123 		       return realm;
124 
125 		ceph_get_snap_realm(mdsc, next);
126 		ceph_put_snap_realm(mdsc, realm);
127 		realm = next;
128 	}
129 	if (realm)
130 		ceph_put_snap_realm(mdsc, realm);
131 
132 	return NULL;
133 }
134 
ceph_quota_is_same_realm(struct inode * old,struct inode * new)135 bool ceph_quota_is_same_realm(struct inode *old, struct inode *new)
136 {
137 	struct ceph_mds_client *mdsc = ceph_inode_to_client(old)->mdsc;
138 	struct ceph_snap_realm *old_realm, *new_realm;
139 	bool is_same;
140 
141 	down_read(&mdsc->snap_rwsem);
142 	old_realm = get_quota_realm(mdsc, old);
143 	new_realm = get_quota_realm(mdsc, new);
144 	is_same = (old_realm == new_realm);
145 	up_read(&mdsc->snap_rwsem);
146 
147 	if (old_realm)
148 		ceph_put_snap_realm(mdsc, old_realm);
149 	if (new_realm)
150 		ceph_put_snap_realm(mdsc, new_realm);
151 
152 	return is_same;
153 }
154 
155 enum quota_check_op {
156 	QUOTA_CHECK_MAX_FILES_OP,	/* check quota max_files limit */
157 	QUOTA_CHECK_MAX_BYTES_OP,	/* check quota max_files limit */
158 	QUOTA_CHECK_MAX_BYTES_APPROACHING_OP	/* check if quota max_files
159 						   limit is approaching */
160 };
161 
162 /*
163  * check_quota_exceeded() will walk up the snaprealm hierarchy and, for each
164  * realm, it will execute quota check operation defined by the 'op' parameter.
165  * The snaprealm walk is interrupted if the quota check detects that the quota
166  * is exceeded or if the root inode is reached.
167  */
check_quota_exceeded(struct inode * inode,enum quota_check_op op,loff_t delta)168 static bool check_quota_exceeded(struct inode *inode, enum quota_check_op op,
169 				 loff_t delta)
170 {
171 	struct ceph_mds_client *mdsc = ceph_inode_to_client(inode)->mdsc;
172 	struct ceph_inode_info *ci;
173 	struct ceph_snap_realm *realm, *next;
174 	struct inode *in;
175 	u64 max, rvalue;
176 	bool exceeded = false;
177 
178 	if (ceph_snap(inode) != CEPH_NOSNAP)
179 		return false;
180 
181 	down_read(&mdsc->snap_rwsem);
182 	realm = ceph_inode(inode)->i_snap_realm;
183 	if (realm)
184 		ceph_get_snap_realm(mdsc, realm);
185 	else
186 		pr_err_ratelimited("check_quota_exceeded: ino (%llx.%llx) "
187 				   "null i_snap_realm\n", ceph_vinop(inode));
188 	while (realm) {
189 		spin_lock(&realm->inodes_with_caps_lock);
190 		in = realm->inode ? igrab(realm->inode) : NULL;
191 		spin_unlock(&realm->inodes_with_caps_lock);
192 		if (!in)
193 			break;
194 
195 		ci = ceph_inode(in);
196 		spin_lock(&ci->i_ceph_lock);
197 		if (op == QUOTA_CHECK_MAX_FILES_OP) {
198 			max = ci->i_max_files;
199 			rvalue = ci->i_rfiles + ci->i_rsubdirs;
200 		} else {
201 			max = ci->i_max_bytes;
202 			rvalue = ci->i_rbytes;
203 		}
204 		spin_unlock(&ci->i_ceph_lock);
205 		switch (op) {
206 		case QUOTA_CHECK_MAX_FILES_OP:
207 			exceeded = (max && (rvalue >= max));
208 			break;
209 		case QUOTA_CHECK_MAX_BYTES_OP:
210 			exceeded = (max && (rvalue + delta > max));
211 			break;
212 		case QUOTA_CHECK_MAX_BYTES_APPROACHING_OP:
213 			if (max) {
214 				if (rvalue >= max)
215 					exceeded = true;
216 				else {
217 					/*
218 					 * when we're writing more that 1/16th
219 					 * of the available space
220 					 */
221 					exceeded =
222 						(((max - rvalue) >> 4) < delta);
223 				}
224 			}
225 			break;
226 		default:
227 			/* Shouldn't happen */
228 			pr_warn("Invalid quota check op (%d)\n", op);
229 			exceeded = true; /* Just break the loop */
230 		}
231 		iput(in);
232 
233 		next = realm->parent;
234 		if (exceeded || !next)
235 			break;
236 		ceph_get_snap_realm(mdsc, next);
237 		ceph_put_snap_realm(mdsc, realm);
238 		realm = next;
239 	}
240 	if (realm)
241 		ceph_put_snap_realm(mdsc, realm);
242 	up_read(&mdsc->snap_rwsem);
243 
244 	return exceeded;
245 }
246 
247 /*
248  * ceph_quota_is_max_files_exceeded - check if we can create a new file
249  * @inode:	directory where a new file is being created
250  *
251  * This functions returns true is max_files quota allows a new file to be
252  * created.  It is necessary to walk through the snaprealm hierarchy (until the
253  * FS root) to check all realms with quotas set.
254  */
ceph_quota_is_max_files_exceeded(struct inode * inode)255 bool ceph_quota_is_max_files_exceeded(struct inode *inode)
256 {
257 	if (!ceph_has_realms_with_quotas(inode))
258 		return false;
259 
260 	WARN_ON(!S_ISDIR(inode->i_mode));
261 
262 	return check_quota_exceeded(inode, QUOTA_CHECK_MAX_FILES_OP, 0);
263 }
264 
265 /*
266  * ceph_quota_is_max_bytes_exceeded - check if we can write to a file
267  * @inode:	inode being written
268  * @newsize:	new size if write succeeds
269  *
270  * This functions returns true is max_bytes quota allows a file size to reach
271  * @newsize; it returns false otherwise.
272  */
ceph_quota_is_max_bytes_exceeded(struct inode * inode,loff_t newsize)273 bool ceph_quota_is_max_bytes_exceeded(struct inode *inode, loff_t newsize)
274 {
275 	loff_t size = i_size_read(inode);
276 
277 	if (!ceph_has_realms_with_quotas(inode))
278 		return false;
279 
280 	/* return immediately if we're decreasing file size */
281 	if (newsize <= size)
282 		return false;
283 
284 	return check_quota_exceeded(inode, QUOTA_CHECK_MAX_BYTES_OP, (newsize - size));
285 }
286 
287 /*
288  * ceph_quota_is_max_bytes_approaching - check if we're reaching max_bytes
289  * @inode:	inode being written
290  * @newsize:	new size if write succeeds
291  *
292  * This function returns true if the new file size @newsize will be consuming
293  * more than 1/16th of the available quota space; it returns false otherwise.
294  */
ceph_quota_is_max_bytes_approaching(struct inode * inode,loff_t newsize)295 bool ceph_quota_is_max_bytes_approaching(struct inode *inode, loff_t newsize)
296 {
297 	loff_t size = ceph_inode(inode)->i_reported_size;
298 
299 	if (!ceph_has_realms_with_quotas(inode))
300 		return false;
301 
302 	/* return immediately if we're decreasing file size */
303 	if (newsize <= size)
304 		return false;
305 
306 	return check_quota_exceeded(inode, QUOTA_CHECK_MAX_BYTES_APPROACHING_OP,
307 				    (newsize - size));
308 }
309 
310 /*
311  * ceph_quota_update_statfs - if root has quota update statfs with quota status
312  * @fsc:	filesystem client instance
313  * @buf:	statfs to update
314  *
315  * If the mounted filesystem root has max_bytes quota set, update the filesystem
316  * statistics with the quota status.
317  *
318  * This function returns true if the stats have been updated, false otherwise.
319  */
ceph_quota_update_statfs(struct ceph_fs_client * fsc,struct kstatfs * buf)320 bool ceph_quota_update_statfs(struct ceph_fs_client *fsc, struct kstatfs *buf)
321 {
322 	struct ceph_mds_client *mdsc = fsc->mdsc;
323 	struct ceph_inode_info *ci;
324 	struct ceph_snap_realm *realm;
325 	struct inode *in;
326 	u64 total = 0, used, free;
327 	bool is_updated = false;
328 
329 	down_read(&mdsc->snap_rwsem);
330 	realm = get_quota_realm(mdsc, d_inode(fsc->sb->s_root));
331 	up_read(&mdsc->snap_rwsem);
332 	if (!realm)
333 		return false;
334 
335 	spin_lock(&realm->inodes_with_caps_lock);
336 	in = realm->inode ? igrab(realm->inode) : NULL;
337 	spin_unlock(&realm->inodes_with_caps_lock);
338 	if (in) {
339 		ci = ceph_inode(in);
340 		spin_lock(&ci->i_ceph_lock);
341 		if (ci->i_max_bytes) {
342 			total = ci->i_max_bytes >> CEPH_BLOCK_SHIFT;
343 			used = ci->i_rbytes >> CEPH_BLOCK_SHIFT;
344 			/* It is possible for a quota to be exceeded.
345 			 * Report 'zero' in that case
346 			 */
347 			free = total > used ? total - used : 0;
348 		}
349 		spin_unlock(&ci->i_ceph_lock);
350 		if (total) {
351 			buf->f_blocks = total;
352 			buf->f_bfree = free;
353 			buf->f_bavail = free;
354 			is_updated = true;
355 		}
356 		iput(in);
357 	}
358 	ceph_put_snap_realm(mdsc, realm);
359 
360 	return is_updated;
361 }
362 
363