quota: Make quota code not call tty layer with dqptr_sem held

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

dqptr_sem can be called from slab reclaim. tty layer uses GFP_KERNEL mask for
allocation so it can end up calling slab reclaim. Given quota code can call
into tty layer to print warning this creates possibility for lock inversion
between tty->atomic_write_lock and dqptr_sem.

Using direct printing of warnings from quota layer is obsolete but since it's
easy enough to change quota code to not hold any locks when printing warnings,
let's just do it. It seems like a good thing to do even when we use netlink
layer to transmit warnings to userspace.

Reported-by: Markus <M4rkusXXL@web.de>
Signed-off-by: Jan Kara <jack@suse.cz>

Jan Kara 14 years ago bf097aaf d5e2cf07

+113 -76

1 changed file

expand all

quota

dquot.c

+113 -76

fs/quota/dquot.c

··· 1109 1109 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 1110 1110 } 1111 1111 1112 + struct dquot_warn { 1113 + struct super_block *w_sb; 1114 + qid_t w_dq_id; 1115 + short w_dq_type; 1116 + short w_type; 1117 + }; 1118 + 1112 1119 static int warning_issued(struct dquot *dquot, const int warntype) 1113 1120 { 1114 1121 int flag = (warntype == QUOTA_NL_BHARDWARN || ··· 1131 1124 #ifdef CONFIG_PRINT_QUOTA_WARNING 1132 1125 static int flag_print_warnings = 1; 1133 1126 1134 - static int need_print_warning(struct dquot *dquot) 1127 + static int need_print_warning(struct dquot_warn *warn) 1135 1128 { 1136 1129 if (!flag_print_warnings) 1137 1130 return 0; 1138 1131 1139 - switch (dquot->dq_type) { 1132 + switch (warn->w_dq_type) { 1140 1133 case USRQUOTA: 1141 - return current_fsuid() == dquot->dq_id; 1134 + return current_fsuid() == warn->w_dq_id; 1142 1135 case GRPQUOTA: 1143 - return in_group_p(dquot->dq_id); 1136 + return in_group_p(warn->w_dq_id); 1144 1137 } 1145 1138 return 0; 1146 1139 } 1147 1140 1148 1141 /* Print warning to user which exceeded quota */ 1149 - static void print_warning(struct dquot *dquot, const int warntype) 1142 + static void print_warning(struct dquot_warn *warn) 1150 1143 { 1151 1144 char *msg = NULL; 1152 1145 struct tty_struct *tty; 1146 + int warntype = warn->w_type; 1153 1147 1154 1148 if (warntype == QUOTA_NL_IHARDBELOW || 1155 1149 warntype == QUOTA_NL_ISOFTBELOW || 1156 1150 warntype == QUOTA_NL_BHARDBELOW || 1157 - warntype == QUOTA_NL_BSOFTBELOW || !need_print_warning(dquot)) 1151 + warntype == QUOTA_NL_BSOFTBELOW || !need_print_warning(warn)) 1158 1152 return; 1159 1153 1160 1154 tty = get_current_tty(); 1161 1155 if (!tty) 1162 1156 return; 1163 - tty_write_message(tty, dquot->dq_sb->s_id); 1157 + tty_write_message(tty, warn->w_sb->s_id); 1164 1158 if (warntype == QUOTA_NL_ISOFTWARN || warntype == QUOTA_NL_BSOFTWARN) 1165 1159 tty_write_message(tty, ": warning, "); 1166 1160 else 1167 1161 tty_write_message(tty, ": write failed, "); 1168 - tty_write_message(tty, quotatypes[dquot->dq_type]); 1162 + tty_write_message(tty, quotatypes[warn->w_dq_type]); 1169 1163 switch (warntype) { 1170 1164 case QUOTA_NL_IHARDWARN: 1171 1165 msg = " file limit reached.\r\n"; ··· 1192 1184 } 1193 1185 #endif 1194 1186 1187 + static void prepare_warning(struct dquot_warn *warn, struct dquot *dquot, 1188 + int warntype) 1189 + { 1190 + if (warning_issued(dquot, warntype)) 1191 + return; 1192 + warn->w_type = warntype; 1193 + warn->w_sb = dquot->dq_sb; 1194 + warn->w_dq_id = dquot->dq_id; 1195 + warn->w_dq_type = dquot->dq_type; 1196 + } 1197 + 1195 1198 /* 1196 1199 * Write warnings to the console and send warning messages over netlink. 1197 1200 * 1198 - * Note that this function can sleep. 1201 + * Note that this function can call into tty and networking code. 1199 1202 */ 1200 - static void flush_warnings(struct dquot *const *dquots, char *warntype) 1203 + static void flush_warnings(struct dquot_warn *warn) 1201 1204 { 1202 - struct dquot *dq; 1203 1205 int i; 1204 1206 1205 1207 for (i = 0; i < MAXQUOTAS; i++) { 1206 - dq = dquots[i]; 1207 - if (dq && warntype[i] != QUOTA_NL_NOWARN && 1208 - !warning_issued(dq, warntype[i])) { 1208 + if (warn[i].w_type == QUOTA_NL_NOWARN) 1209 + continue; 1209 1210 #ifdef CONFIG_PRINT_QUOTA_WARNING 1210 - print_warning(dq, warntype[i]); 1211 + print_warning(&warn[i]); 1211 1212 #endif 1212 - quota_send_warning(dq->dq_type, dq->dq_id, 1213 - dq->dq_sb->s_dev, warntype[i]); 1214 - } 1213 + quota_send_warning(warn[i].w_dq_type, warn[i].w_dq_id, 1214 + warn[i].w_sb->s_dev, warn[i].w_type); 1215 1215 } 1216 1216 } 1217 1217 ··· 1233 1217 } 1234 1218 1235 1219 /* needs dq_data_lock */ 1236 - static int check_idq(struct dquot *dquot, qsize_t inodes, char *warntype) 1220 + static int check_idq(struct dquot *dquot, qsize_t inodes, 1221 + struct dquot_warn *warn) 1237 1222 { 1238 1223 qsize_t newinodes = dquot->dq_dqb.dqb_curinodes + inodes; 1239 1224 1240 - *warntype = QUOTA_NL_NOWARN; 1241 1225 if (!sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_type) || 1242 1226 test_bit(DQ_FAKE_B, &dquot->dq_flags)) 1243 1227 return 0; ··· 1245 1229 if (dquot->dq_dqb.dqb_ihardlimit && 1246 1230 newinodes > dquot->dq_dqb.dqb_ihardlimit && 1247 1231 !ignore_hardlimit(dquot)) { 1248 - *warntype = QUOTA_NL_IHARDWARN; 1232 + prepare_warning(warn, dquot, QUOTA_NL_IHARDWARN); 1249 1233 return -EDQUOT; 1250 1234 } 1251 1235 ··· 1254 1238 dquot->dq_dqb.dqb_itime && 1255 1239 get_seconds() >= dquot->dq_dqb.dqb_itime && 1256 1240 !ignore_hardlimit(dquot)) { 1257 - *warntype = QUOTA_NL_ISOFTLONGWARN; 1241 + prepare_warning(warn, dquot, QUOTA_NL_ISOFTLONGWARN); 1258 1242 return -EDQUOT; 1259 1243 } 1260 1244 1261 1245 if (dquot->dq_dqb.dqb_isoftlimit && 1262 1246 newinodes > dquot->dq_dqb.dqb_isoftlimit && 1263 1247 dquot->dq_dqb.dqb_itime == 0) { 1264 - *warntype = QUOTA_NL_ISOFTWARN; 1248 + prepare_warning(warn, dquot, QUOTA_NL_ISOFTWARN); 1265 1249 dquot->dq_dqb.dqb_itime = get_seconds() + 1266 1250 sb_dqopt(dquot->dq_sb)->info[dquot->dq_type].dqi_igrace; 1267 1251 } ··· 1270 1254 } 1271 1255 1272 1256 /* needs dq_data_lock */ 1273 - static int check_bdq(struct dquot *dquot, qsize_t space, int prealloc, char *warntype) 1257 + static int check_bdq(struct dquot *dquot, qsize_t space, int prealloc, 1258 + struct dquot_warn *warn) 1274 1259 { 1275 1260 qsize_t tspace; 1276 1261 struct super_block *sb = dquot->dq_sb; 1277 1262 1278 - *warntype = QUOTA_NL_NOWARN; 1279 1263 if (!sb_has_quota_limits_enabled(sb, dquot->dq_type) || 1280 1264 test_bit(DQ_FAKE_B, &dquot->dq_flags)) 1281 1265 return 0; ··· 1287 1271 tspace > dquot->dq_dqb.dqb_bhardlimit && 1288 1272 !ignore_hardlimit(dquot)) { 1289 1273 if (!prealloc) 1290 - *warntype = QUOTA_NL_BHARDWARN; 1274 + prepare_warning(warn, dquot, QUOTA_NL_BHARDWARN); 1291 1275 return -EDQUOT; 1292 1276 } 1293 1277 ··· 1297 1281 get_seconds() >= dquot->dq_dqb.dqb_btime && 1298 1282 !ignore_hardlimit(dquot)) { 1299 1283 if (!prealloc) 1300 - *warntype = QUOTA_NL_BSOFTLONGWARN; 1284 + prepare_warning(warn, dquot, QUOTA_NL_BSOFTLONGWARN); 1301 1285 return -EDQUOT; 1302 1286 } 1303 1287 ··· 1305 1289 tspace > dquot->dq_dqb.dqb_bsoftlimit && 1306 1290 dquot->dq_dqb.dqb_btime == 0) { 1307 1291 if (!prealloc) { 1308 - *warntype = QUOTA_NL_BSOFTWARN; 1292 + prepare_warning(warn, dquot, QUOTA_NL_BSOFTWARN); 1309 1293 dquot->dq_dqb.dqb_btime = get_seconds() + 1310 1294 sb_dqopt(sb)->info[dquot->dq_type].dqi_bgrace; 1311 1295 } ··· 1558 1542 int __dquot_alloc_space(struct inode *inode, qsize_t number, int flags) 1559 1543 { 1560 1544 int cnt, ret = 0; 1561 - char warntype[MAXQUOTAS]; 1562 - int warn = flags & DQUOT_SPACE_WARN; 1545 + struct dquot_warn warn[MAXQUOTAS]; 1546 + struct dquot **dquots = inode->i_dquot; 1563 1547 int reserve = flags & DQUOT_SPACE_RESERVE; 1564 - int nofail = flags & DQUOT_SPACE_NOFAIL; 1565 1548 1566 1549 /* 1567 1550 * First test before acquiring mutex - solves deadlocks when we ··· 1573 1558 1574 1559 down_read(&sb_dqopt(inode->i_sb)->dqptr_sem); 1575 1560 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1576 - warntype[cnt] = QUOTA_NL_NOWARN; 1561 + warn[cnt].w_type = QUOTA_NL_NOWARN; 1577 1562 1578 1563 spin_lock(&dq_data_lock); 1579 1564 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1580 - if (!inode->i_dquot[cnt]) 1565 + if (!dquots[cnt]) 1581 1566 continue; 1582 - ret = check_bdq(inode->i_dquot[cnt], number, !warn, 1583 - warntype+cnt); 1584 - if (ret && !nofail) { 1567 + ret = check_bdq(dquots[cnt], number, 1568 + !(flags & DQUOT_SPACE_WARN), &warn[cnt]); 1569 + if (ret && !(flags & DQUOT_SPACE_NOFAIL)) { 1585 1570 spin_unlock(&dq_data_lock); 1586 1571 goto out_flush_warn; 1587 1572 } 1588 1573 } 1589 1574 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1590 - if (!inode->i_dquot[cnt]) 1575 + if (!dquots[cnt]) 1591 1576 continue; 1592 1577 if (reserve) 1593 - dquot_resv_space(inode->i_dquot[cnt], number); 1578 + dquot_resv_space(dquots[cnt], number); 1594 1579 else 1595 - dquot_incr_space(inode->i_dquot[cnt], number); 1580 + dquot_incr_space(dquots[cnt], number); 1596 1581 } 1597 1582 inode_incr_space(inode, number, reserve); 1598 1583 spin_unlock(&dq_data_lock); 1599 1584 1600 1585 if (reserve) 1601 1586 goto out_flush_warn; 1602 - mark_all_dquot_dirty(inode->i_dquot); 1587 + mark_all_dquot_dirty(dquots); 1603 1588 out_flush_warn: 1604 - flush_warnings(inode->i_dquot, warntype); 1605 1589 up_read(&sb_dqopt(inode->i_sb)->dqptr_sem); 1590 + flush_warnings(warn); 1606 1591 out: 1607 1592 return ret; 1608 1593 } ··· 1614 1599 int dquot_alloc_inode(const struct inode *inode) 1615 1600 { 1616 1601 int cnt, ret = 0; 1617 - char warntype[MAXQUOTAS]; 1602 + struct dquot_warn warn[MAXQUOTAS]; 1603 + struct dquot * const *dquots = inode->i_dquot; 1618 1604 1619 1605 /* First test before acquiring mutex - solves deadlocks when we 1620 1606 * re-enter the quota code and are already holding the mutex */ 1621 1607 if (!dquot_active(inode)) 1622 1608 return 0; 1623 1609 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1624 - warntype[cnt] = QUOTA_NL_NOWARN; 1610 + warn[cnt].w_type = QUOTA_NL_NOWARN; 1625 1611 down_read(&sb_dqopt(inode->i_sb)->dqptr_sem); 1626 1612 spin_lock(&dq_data_lock); 1627 1613 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1628 - if (!inode->i_dquot[cnt]) 1614 + if (!dquots[cnt]) 1629 1615 continue; 1630 - ret = check_idq(inode->i_dquot[cnt], 1, warntype + cnt); 1616 + ret = check_idq(dquots[cnt], 1, &warn[cnt]); 1631 1617 if (ret) 1632 1618 goto warn_put_all; 1633 1619 } 1634 1620 1635 1621 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1636 - if (!inode->i_dquot[cnt]) 1622 + if (!dquots[cnt]) 1637 1623 continue; 1638 - dquot_incr_inodes(inode->i_dquot[cnt], 1); 1624 + dquot_incr_inodes(dquots[cnt], 1); 1639 1625 } 1640 1626 1641 1627 warn_put_all: 1642 1628 spin_unlock(&dq_data_lock); 1643 1629 if (ret == 0) 1644 - mark_all_dquot_dirty(inode->i_dquot); 1645 - flush_warnings(inode->i_dquot, warntype); 1630 + mark_all_dquot_dirty(dquots); 1646 1631 up_read(&sb_dqopt(inode->i_sb)->dqptr_sem); 1632 + flush_warnings(warn); 1647 1633 return ret; 1648 1634 } 1649 1635 EXPORT_SYMBOL(dquot_alloc_inode); ··· 1684 1668 void __dquot_free_space(struct inode *inode, qsize_t number, int flags) 1685 1669 { 1686 1670 unsigned int cnt; 1687 - char warntype[MAXQUOTAS]; 1671 + struct dquot_warn warn[MAXQUOTAS]; 1672 + struct dquot **dquots = inode->i_dquot; 1688 1673 int reserve = flags & DQUOT_SPACE_RESERVE; 1689 1674 1690 1675 /* First test before acquiring mutex - solves deadlocks when we ··· 1698 1681 down_read(&sb_dqopt(inode->i_sb)->dqptr_sem); 1699 1682 spin_lock(&dq_data_lock); 1700 1683 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1701 - if (!inode->i_dquot[cnt]) 1684 + int wtype; 1685 + 1686 + warn[cnt].w_type = QUOTA_NL_NOWARN; 1687 + if (!dquots[cnt]) 1702 1688 continue; 1703 - warntype[cnt] = info_bdq_free(inode->i_dquot[cnt], number); 1689 + wtype = info_bdq_free(dquots[cnt], number); 1690 + if (wtype != QUOTA_NL_NOWARN) 1691 + prepare_warning(&warn[cnt], dquots[cnt], wtype); 1704 1692 if (reserve) 1705 - dquot_free_reserved_space(inode->i_dquot[cnt], number); 1693 + dquot_free_reserved_space(dquots[cnt], number); 1706 1694 else 1707 - dquot_decr_space(inode->i_dquot[cnt], number); 1695 + dquot_decr_space(dquots[cnt], number); 1708 1696 } 1709 1697 inode_decr_space(inode, number, reserve); 1710 1698 spin_unlock(&dq_data_lock); 1711 1699 1712 1700 if (reserve) 1713 1701 goto out_unlock; 1714 - mark_all_dquot_dirty(inode->i_dquot); 1702 + mark_all_dquot_dirty(dquots); 1715 1703 out_unlock: 1716 - flush_warnings(inode->i_dquot, warntype); 1717 1704 up_read(&sb_dqopt(inode->i_sb)->dqptr_sem); 1705 + flush_warnings(warn); 1718 1706 } 1719 1707 EXPORT_SYMBOL(__dquot_free_space); 1720 1708 ··· 1729 1707 void dquot_free_inode(const struct inode *inode) 1730 1708 { 1731 1709 unsigned int cnt; 1732 - char warntype[MAXQUOTAS]; 1710 + struct dquot_warn warn[MAXQUOTAS]; 1711 + struct dquot * const *dquots = inode->i_dquot; 1733 1712 1734 1713 /* First test before acquiring mutex - solves deadlocks when we 1735 1714 * re-enter the quota code and are already holding the mutex */ ··· 1740 1717 down_read(&sb_dqopt(inode->i_sb)->dqptr_sem); 1741 1718 spin_lock(&dq_data_lock); 1742 1719 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1743 - if (!inode->i_dquot[cnt]) 1720 + int wtype; 1721 + 1722 + warn[cnt].w_type = QUOTA_NL_NOWARN; 1723 + if (!dquots[cnt]) 1744 1724 continue; 1745 - warntype[cnt] = info_idq_free(inode->i_dquot[cnt], 1); 1746 - dquot_decr_inodes(inode->i_dquot[cnt], 1); 1725 + wtype = info_idq_free(dquots[cnt], 1); 1726 + if (wtype != QUOTA_NL_NOWARN) 1727 + prepare_warning(&warn[cnt], dquots[cnt], wtype); 1728 + dquot_decr_inodes(dquots[cnt], 1); 1747 1729 } 1748 1730 spin_unlock(&dq_data_lock); 1749 - mark_all_dquot_dirty(inode->i_dquot); 1750 - flush_warnings(inode->i_dquot, warntype); 1731 + mark_all_dquot_dirty(dquots); 1751 1732 up_read(&sb_dqopt(inode->i_sb)->dqptr_sem); 1733 + flush_warnings(warn); 1752 1734 } 1753 1735 EXPORT_SYMBOL(dquot_free_inode); 1754 1736 ··· 1774 1746 struct dquot *transfer_from[MAXQUOTAS] = {}; 1775 1747 int cnt, ret = 0; 1776 1748 char is_valid[MAXQUOTAS] = {}; 1777 - char warntype_to[MAXQUOTAS]; 1778 - char warntype_from_inodes[MAXQUOTAS], warntype_from_space[MAXQUOTAS]; 1749 + struct dquot_warn warn_to[MAXQUOTAS]; 1750 + struct dquot_warn warn_from_inodes[MAXQUOTAS]; 1751 + struct dquot_warn warn_from_space[MAXQUOTAS]; 1779 1752 1780 1753 /* First test before acquiring mutex - solves deadlocks when we 1781 1754 * re-enter the quota code and are already holding the mutex */ 1782 1755 if (IS_NOQUOTA(inode)) 1783 1756 return 0; 1784 1757 /* Initialize the arrays */ 1785 - for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1786 - warntype_to[cnt] = QUOTA_NL_NOWARN; 1758 + for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1759 + warn_to[cnt].w_type = QUOTA_NL_NOWARN; 1760 + warn_from_inodes[cnt].w_type = QUOTA_NL_NOWARN; 1761 + warn_from_space[cnt].w_type = QUOTA_NL_NOWARN; 1762 + } 1787 1763 down_write(&sb_dqopt(inode->i_sb)->dqptr_sem); 1788 1764 if (IS_NOQUOTA(inode)) { /* File without quota accounting? */ 1789 1765 up_write(&sb_dqopt(inode->i_sb)->dqptr_sem); ··· 1809 1777 continue; 1810 1778 is_valid[cnt] = 1; 1811 1779 transfer_from[cnt] = inode->i_dquot[cnt]; 1812 - ret = check_idq(transfer_to[cnt], 1, warntype_to + cnt); 1780 + ret = check_idq(transfer_to[cnt], 1, &warn_to[cnt]); 1813 1781 if (ret) 1814 1782 goto over_quota; 1815 - ret = check_bdq(transfer_to[cnt], space, 0, warntype_to + cnt); 1783 + ret = check_bdq(transfer_to[cnt], space, 0, &warn_to[cnt]); 1816 1784 if (ret) 1817 1785 goto over_quota; 1818 1786 } ··· 1825 1793 continue; 1826 1794 /* Due to IO error we might not have transfer_from[] structure */ 1827 1795 if (transfer_from[cnt]) { 1828 - warntype_from_inodes[cnt] = 1829 - info_idq_free(transfer_from[cnt], 1); 1830 - warntype_from_space[cnt] = 1831 - info_bdq_free(transfer_from[cnt], space); 1796 + int wtype; 1797 + wtype = info_idq_free(transfer_from[cnt], 1); 1798 + if (wtype != QUOTA_NL_NOWARN) 1799 + prepare_warning(&warn_from_inodes[cnt], 1800 + transfer_from[cnt], wtype); 1801 + wtype = info_bdq_free(transfer_from[cnt], space); 1802 + if (wtype != QUOTA_NL_NOWARN) 1803 + prepare_warning(&warn_from_space[cnt], 1804 + transfer_from[cnt], wtype); 1832 1805 dquot_decr_inodes(transfer_from[cnt], 1); 1833 1806 dquot_decr_space(transfer_from[cnt], cur_space); 1834 1807 dquot_free_reserved_space(transfer_from[cnt], ··· 1851 1814 1852 1815 mark_all_dquot_dirty(transfer_from); 1853 1816 mark_all_dquot_dirty(transfer_to); 1854 - flush_warnings(transfer_to, warntype_to); 1855 - flush_warnings(transfer_from, warntype_from_inodes); 1856 - flush_warnings(transfer_from, warntype_from_space); 1817 + flush_warnings(warn_to); 1818 + flush_warnings(warn_from_inodes); 1819 + flush_warnings(warn_from_space); 1857 1820 /* Pass back references to put */ 1858 1821 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1859 1822 if (is_valid[cnt]) ··· 1862 1825 over_quota: 1863 1826 spin_unlock(&dq_data_lock); 1864 1827 up_write(&sb_dqopt(inode->i_sb)->dqptr_sem); 1865 - flush_warnings(transfer_to, warntype_to); 1828 + flush_warnings(warn_to); 1866 1829 return ret; 1867 1830 } 1868 1831 EXPORT_SYMBOL(__dquot_transfer);