lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 6 Jan 2009 11:06:46 +0100
From:	Jan Kara <jack@...e.cz>
To:	Mingming Cao <cmm@...ibm.com>
Cc:	Andrew Morton <akpm@...ux-foundation.org>, Jan Kara <jack@...e.cz>,
	tytso <tytso@....edu>, linux-ext4 <linux-ext4@...r.kernel.org>,
	linux-fsdevel <linux-fsdevel@...r.kernel.org>
Subject: Re: [PATCH V5 1/5] quota: Add reservation support for delayed
	block allocation

On Mon 05-01-09 20:40:08, Mingming Cao wrote:
> Quota: Add quota reservation support
> 
> Delayed allocation defers the block allocation at the dirty pages
> flush-out time, doing quota charge/check at that time is too late.
> But we can't charge the quota blocks until blocks are really allocated,
> otherwise users could get overcharged after reboot from system crash.
> 
> This patch adds quota reservation for delayed llocation. Quota blocks
> are reserved in memory, inode and quota won't gets dirtied until later
> block allocation time.
> 
> Signed-off-by: Mingming Cao <cmm@...ibm.com>
  Just a few comments below:

> ---
>  fs/dquot.c               |  111 +++++++++++++++++++++++++++++++++--------------
>  include/linux/quota.h    |    3 +
>  include/linux/quotaops.h |   22 +++++++++
>  3 files changed, 105 insertions(+), 31 deletions(-)
> 
> Index: linux-2.6.28-git7/fs/dquot.c
> ===================================================================
> --- linux-2.6.28-git7.orig/fs/dquot.c	2009-01-05 17:09:50.000000000 -0800
> +++ linux-2.6.28-git7/fs/dquot.c	2009-01-05 20:07:08.000000000 -0800
> @@ -898,6 +898,11 @@ static inline void dquot_incr_space(stru
>  	dquot->dq_dqb.dqb_curspace += number;
>  }
>  
> +static inline void dquot_resv_space(struct dquot *dquot, qsize_t number)
> +{
> +	dquot->dq_dqb.dqb_rsvspace += number;
> +}
> +
>  static inline void dquot_decr_inodes(struct dquot *dquot, qsize_t number)
>  {
>  	if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE ||
> @@ -1067,7 +1072,9 @@ err_out:
>  	kfree_skb(skb);
>  }
>  #endif
> -
> +/*
> + * Should called with dq_data_lock dropped, this function could sleep.
> + */
  If you want to add a comment here I'd add something like:
/*
 * Write warnings to the console and send warning messages over netlink.
 *
 * Note that this function can sleep.
 */

  Because you cannot hold *any* spinlock when calling a function that can
sleep...

>  static inline void flush_warnings(struct dquot * const *dquots, char *warntype)
>  {
>  	int i;
> @@ -1128,13 +1135,18 @@ static int check_idq(struct dquot *dquot
>  /* needs dq_data_lock */
>  static int check_bdq(struct dquot *dquot, qsize_t space, int prealloc, char *warntype)
>  {
> +	qsize_t tspace;
> +
>  	*warntype = QUOTA_NL_NOWARN;
>  	if (!sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_type) ||
>  	    test_bit(DQ_FAKE_B, &dquot->dq_flags))
>  		return QUOTA_OK;
>  
> +	tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace
> +		+ space;
> +
>  	if (dquot->dq_dqb.dqb_bhardlimit &&
> -	    dquot->dq_dqb.dqb_curspace + space > dquot->dq_dqb.dqb_bhardlimit &&
> +	    tspace > dquot->dq_dqb.dqb_bhardlimit &&
>              !ignore_hardlimit(dquot)) {
>  		if (!prealloc)
>  			*warntype = QUOTA_NL_BHARDWARN;
> @@ -1142,7 +1154,7 @@ static int check_bdq(struct dquot *dquot
>  	}
>  
>  	if (dquot->dq_dqb.dqb_bsoftlimit &&
> -	    dquot->dq_dqb.dqb_curspace + space > dquot->dq_dqb.dqb_bsoftlimit &&
> +	    tspace > dquot->dq_dqb.dqb_bsoftlimit &&
>  	    dquot->dq_dqb.dqb_btime && get_seconds() >= dquot->dq_dqb.dqb_btime &&
>              !ignore_hardlimit(dquot)) {
>  		if (!prealloc)
> @@ -1151,7 +1163,7 @@ static int check_bdq(struct dquot *dquot
>  	}
>  
>  	if (dquot->dq_dqb.dqb_bsoftlimit &&
> -	    dquot->dq_dqb.dqb_curspace + space > dquot->dq_dqb.dqb_bsoftlimit &&
> +	    tspace > dquot->dq_dqb.dqb_bsoftlimit &&
>  	    dquot->dq_dqb.dqb_btime == 0) {
>  		if (!prealloc) {
>  			*warntype = QUOTA_NL_BSOFTWARN;
> @@ -1292,51 +1304,88 @@ void vfs_dq_drop(struct inode *inode)
>  /*
>   * This operation can block, but only after everything is updated
>   */
> -int dquot_alloc_space(struct inode *inode, qsize_t number, int warn)
> +int __dquot_alloc_space(struct inode *inode, qsize_t number,
> +			int warn, int reserve)
>  {
> -	int cnt, ret = NO_QUOTA;
> +	int cnt, ret = QUOTA_OK;
>  	char warntype[MAXQUOTAS];
>  
> -	/* First test before acquiring mutex - solves deadlocks when we
> -         * re-enter the quota code and are already holding the mutex */
> -	if (IS_NOQUOTA(inode)) {
> -out_add:
> -		inode_add_bytes(inode, number);
> -		return QUOTA_OK;
> -	}
>  	for (cnt = 0; cnt < MAXQUOTAS; cnt++)
>  		warntype[cnt] = QUOTA_NL_NOWARN;
>  
> -	down_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
> -	if (IS_NOQUOTA(inode)) {	/* Now we can do reliable test... */
> -		up_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
> -		goto out_add;
> -	}
>  	spin_lock(&dq_data_lock);
>  	for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
>  		if (inode->i_dquot[cnt] == NODQUOT)
>  			continue;
> -		if (check_bdq(inode->i_dquot[cnt], number, warn, warntype+cnt) == NO_QUOTA)
> -			goto warn_put_all;
> +		if (check_bdq(inode->i_dquot[cnt], number, warn, warntype+cnt)
> +		    == NO_QUOTA) {
> +			ret = NO_QUOTA;
> +			goto out_unlock;
> +		}
>  	}
>  	for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
>  		if (inode->i_dquot[cnt] == NODQUOT)
>  			continue;
> -		dquot_incr_space(inode->i_dquot[cnt], number);
> +		if (reserve)
> +			dquot_resv_space(inode->i_dquot[cnt], number);
> +		else {
> +			dquot_incr_space(inode->i_dquot[cnt], number);
> +			inode_add_bytes(inode, number);
> +		}
>  	}
> -	inode_add_bytes(inode, number);
> -	ret = QUOTA_OK;
> -warn_put_all:
> +out_unlock:
>  	spin_unlock(&dq_data_lock);
> -	if (ret == QUOTA_OK)
> -		/* Dirtify all the dquots - this can block when journalling */
> -		for (cnt = 0; cnt < MAXQUOTAS; cnt++)
> -			if (inode->i_dquot[cnt])
> -				mark_dquot_dirty(inode->i_dquot[cnt]);
>  	flush_warnings(inode->i_dquot, warntype);
> +	return ret;
> +}
> +
> +int dquot_alloc_space(struct inode *inode, qsize_t number, int warn)
> +{
> +	int cnt, ret = QUOTA_OK;
> +
> +	/*
> +	 * First test before acquiring mutex - solves deadlocks when we
> +	 * re-enter the quota code and are already holding the mutex
> +	 */
> +	if (IS_NOQUOTA(inode))
> +		goto out;
> +
> +	down_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
> +	if (IS_NOQUOTA(inode))
> +		goto out_unlock;
    We need to call inode_add_bytes(inode, number) even for IS_NOQUOTA()
inodes (but we don't have to hold dq_data_lock for such inodes). Your
rewrite has removed this call...

> +
> +	ret = __dquot_alloc_space(inode, number, warn, 0);
> +	if (ret == NO_QUOTA)
> +		goto out_unlock;
> +
> +	/* Dirtify all the dquots - this can block when journalling */
> +	for (cnt = 0; cnt < MAXQUOTAS; cnt++)
> +		if (inode->i_dquot[cnt])
> +			mark_dquot_dirty(inode->i_dquot[cnt]);
> +out_unlock:
>  	up_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
> +out:
> +	return ret;
> +}
> +
> +int dquot_reserve_space(struct inode *inode, qsize_t number, int warn)
> +{
> +	int ret = QUOTA_OK;
> +
> +	if (IS_NOQUOTA(inode))
> +		goto out;
> +
> +	down_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
> +	if (IS_NOQUOTA(inode))
> +		goto out_unlock;
> +
> +	ret = __dquot_alloc_space(inode, number, warn, 1);
> +out_unlock:
> +	up_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
> +out:
>  	return ret;
>  }
> +EXPORT_SYMBOL(dquot_reserve_space);
>  
>  /*
>   * This operation can block, but only after everything is updated
> @@ -2025,7 +2074,7 @@ static void do_get_dqblk(struct dquot *d
>  	spin_lock(&dq_data_lock);
>  	di->dqb_bhardlimit = stoqb(dm->dqb_bhardlimit);
>  	di->dqb_bsoftlimit = stoqb(dm->dqb_bsoftlimit);
> -	di->dqb_curspace = dm->dqb_curspace;
> +	di->dqb_curspace = dm->dqb_curspace + dm->dqb_rsvspace;
>  	di->dqb_ihardlimit = dm->dqb_ihardlimit;
>  	di->dqb_isoftlimit = dm->dqb_isoftlimit;
>  	di->dqb_curinodes = dm->dqb_curinodes;
> @@ -2067,7 +2116,7 @@ static int do_set_dqblk(struct dquot *dq
>  
>  	spin_lock(&dq_data_lock);
>  	if (di->dqb_valid & QIF_SPACE) {
> -		dm->dqb_curspace = di->dqb_curspace;
> +		dm->dqb_curspace = di->dqb_curspace - dm->dqb_rsvspace;
>  		check_blim = 1;
>  		__set_bit(DQ_LASTSET_B + QIF_SPACE_B, &dquot->dq_flags);
>  	}
> Index: linux-2.6.28-git7/include/linux/quota.h
> ===================================================================
> --- linux-2.6.28-git7.orig/include/linux/quota.h	2009-01-05 17:09:37.000000000 -0800
> +++ linux-2.6.28-git7/include/linux/quota.h	2009-01-05 20:07:08.000000000 -0800
> @@ -198,6 +198,7 @@ struct mem_dqblk {
>  	qsize_t dqb_bhardlimit;	/* absolute limit on disk blks alloc */
>  	qsize_t dqb_bsoftlimit;	/* preferred limit on disk blks */
>  	qsize_t dqb_curspace;	/* current used space */
> +	qsize_t dqb_rsvspace;   /* current reserved space for delalloc*/
>  	qsize_t dqb_ihardlimit;	/* absolute limit on allocated inodes */
>  	qsize_t dqb_isoftlimit;	/* preferred inode limit */
>  	qsize_t dqb_curinodes;	/* current # allocated inodes */
> @@ -308,6 +309,8 @@ struct dquot_operations {
>  	int (*release_dquot) (struct dquot *);		/* Quota is going to be deleted from disk */
>  	int (*mark_dirty) (struct dquot *);		/* Dquot is marked dirty */
>  	int (*write_info) (struct super_block *, int);	/* Write of quota "superblock" */
> +	/* reserve quota for delayed block allocation */
> +	int (*reserve_space) (struct inode *, qsize_t, int);
>  };
>  
>  /* Operations handling requests from userspace */
> Index: linux-2.6.28-git7/include/linux/quotaops.h
> ===================================================================
> --- linux-2.6.28-git7.orig/include/linux/quotaops.h	2009-01-05 17:09:37.000000000 -0800
> +++ linux-2.6.28-git7/include/linux/quotaops.h	2009-01-05 20:07:08.000000000 -0800
> @@ -185,6 +185,16 @@ static inline int vfs_dq_alloc_space(str
>  	return ret;
>  }
>  
> +static inline int vfs_dq_reserve_space(struct inode *inode, qsize_t nr)
> +{
> +	if (sb_any_quota_active(inode->i_sb)) {
> +		/* Used space is updated in alloc_space() */
> +		if (inode->i_sb->dq_op->reserve_space(inode, nr, 0) == NO_QUOTA)
> +			return 1;
> +	}
> +	return 0;
> +}
> +
>  static inline int vfs_dq_alloc_inode(struct inode *inode)
>  {
>  	if (sb_any_quota_active(inode->i_sb)) {
> @@ -341,6 +351,11 @@ static inline int vfs_dq_alloc_space(str
>  	return 0;
>  }
>  
> +static inline int vfs_dq_reserve_space(struct inode *inode, qsize_t nr)
> +{
> +	return 0;
> +}
> +
>  static inline void vfs_dq_free_space_nodirty(struct inode *inode, qsize_t nr)
>  {
>  	inode_sub_bytes(inode, nr);
> @@ -372,12 +387,19 @@ static inline int vfs_dq_alloc_block_nod
>  			nr << inode->i_sb->s_blocksize_bits);
>  }
>  
> +
  ^^ This empty line was added by accident I guess...



>  static inline int vfs_dq_alloc_block(struct inode *inode, qsize_t nr)
>  {
>  	return vfs_dq_alloc_space(inode,
>  			nr << inode->i_sb->s_blocksize_bits);
>  }
>  
> +static inline int vfs_dq_reserve_block(struct inode *inode, qsize_t nr)
> +{
> +	return vfs_dq_reserve_space(inode,
> +			nr << inode->i_blkbits);
> +}
> +
>  static inline void vfs_dq_free_block_nodirty(struct inode *inode, qsize_t nr)
>  {
>  	vfs_dq_free_space_nodirty(inode, nr << inode->i_sb->s_blocksize_bits);
> 
> 
-- 
Jan Kara <jack@...e.cz>
SUSE Labs, CR
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ