| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1225488166.7600.5.camel@mingming-laptop>
Date: Fri, 31 Oct 2008 14:22:46 -0700
From: Mingming Cao <cmm@...ibm.com>
To: Jan Kara <jack@...e.cz>
Cc: linux-ext4 <linux-ext4@...r.kernel.org>, tytso <tytso@....edu>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>
Subject: Re: [RFC PATCH 1/3] quota: Add reservation support for delayed
block allocation
在 2008-10-31五的 09:15 +0100,Jan Kara写道:
> Hi Mingming,
>
> I had a quick look at your patches and they look fine. I'm now leaving
> on vacation for two weeks so I won't be responding for a while.
>
Thanks for the note. I will send version2 of the patches (mostly fix a
bug in the ext4 patch) and add to ext4 patch queue for more testing.
Overall the patches on top of yours does what's expected: keep quota
blocks consistent with file blocks before/after crash for delayed
allocation.
cheers,
Mingming
> Honza
>
> On Wed 29-10-08 17:59:15, Mingming Cao wrote:
> > Delayed allocation defers the block allocation at the dirty pages
> > flush-out time, doing quota charge/check at that time is too late.
> > But we can't charge the quota blocks until blocks are really allocated,
> > otherwise users could get overcharged after reboot from system crash.
> >
> > This patch adds quota reservation for delayed llocation. Quota blocks
> > are reserved in memory, inode and quota won't gets dirtied until later
> > block allocation time.
> >
> > Signed-off-by: Mingming Cao <cmm@...ibm.com>
> >
> > ---
> > fs/dquot.c | 113 ++++++++++++++++++++++++++++++++++-------------
> > include/linux/quota.h | 2
> > include/linux/quotaops.h | 30 ++++++++++++
> > 3 files changed, 115 insertions(+), 30 deletions(-)
> >
> > Index: linux-2.6.28-rc2/fs/dquot.c
> > ===================================================================
> > --- linux-2.6.28-rc2.orig/fs/dquot.c 2008-10-28 16:01:44.000000000 -0700
> > +++ linux-2.6.28-rc2/fs/dquot.c 2008-10-28 16:34:36.000000000 -0700
> > @@ -841,6 +841,11 @@ static inline void dquot_incr_space(stru
> > dquot->dq_dqb.dqb_curspace += number;
> > }
> >
> > +static inline void dquot_resv_space(struct dquot *dquot, qsize_t number)
> > +{
> > + dquot->dq_dqb.dqb_rsvspace += number;
> > +}
> > +
> > static inline void dquot_decr_inodes(struct dquot *dquot, qsize_t number)
> > {
> > if (dquot->dq_dqb.dqb_curinodes > number)
> > @@ -1069,13 +1074,18 @@ static int check_idq(struct dquot *dquot
> > /* needs dq_data_lock */
> > static int check_bdq(struct dquot *dquot, qsize_t space, int prealloc, char *warntype)
> > {
> > + qsize_t tspace;
> > +
> > *warntype = QUOTA_NL_NOWARN;
> > if (!sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_type) ||
> > test_bit(DQ_FAKE_B, &dquot->dq_flags))
> > return QUOTA_OK;
> >
> > + tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace
> > + + space;
> > +
> > if (dquot->dq_dqb.dqb_bhardlimit &&
> > - dquot->dq_dqb.dqb_curspace + space > dquot->dq_dqb.dqb_bhardlimit &&
> > + tspace > dquot->dq_dqb.dqb_bhardlimit &&
> > !ignore_hardlimit(dquot)) {
> > if (!prealloc)
> > *warntype = QUOTA_NL_BHARDWARN;
> > @@ -1083,7 +1093,7 @@ static int check_bdq(struct dquot *dquot
> > }
> >
> > if (dquot->dq_dqb.dqb_bsoftlimit &&
> > - dquot->dq_dqb.dqb_curspace + space > dquot->dq_dqb.dqb_bsoftlimit &&
> > + tspace > dquot->dq_dqb.dqb_bsoftlimit &&
> > dquot->dq_dqb.dqb_btime && get_seconds() >= dquot->dq_dqb.dqb_btime &&
> > !ignore_hardlimit(dquot)) {
> > if (!prealloc)
> > @@ -1092,7 +1102,7 @@ static int check_bdq(struct dquot *dquot
> > }
> >
> > if (dquot->dq_dqb.dqb_bsoftlimit &&
> > - dquot->dq_dqb.dqb_curspace + space > dquot->dq_dqb.dqb_bsoftlimit &&
> > + tspace > dquot->dq_dqb.dqb_bsoftlimit &&
> > dquot->dq_dqb.dqb_btime == 0) {
> > if (!prealloc) {
> > *warntype = QUOTA_NL_BSOFTWARN;
> > @@ -1227,48 +1237,90 @@ void vfs_dq_drop(struct inode *inode)
> > /*
> > * This operation can block, but only after everything is updated
> > */
> > -int dquot_alloc_space(struct inode *inode, qsize_t number, int warn)
> > +int __dquot_alloc_space(struct inode *inode, qsize_t number,
> > + int warn, int reserve)
> > {
> > - int cnt, ret = NO_QUOTA;
> > + int cnt, ret = QUOTA_OK;
> > char warntype[MAXQUOTAS];
> >
> > - /* First test before acquiring mutex - solves deadlocks when we
> > - * re-enter the quota code and are already holding the mutex */
> > - if (IS_NOQUOTA(inode)) {
> > -out_add:
> > - inode_add_bytes(inode, number);
> > - return QUOTA_OK;
> > - }
> > for (cnt = 0; cnt < MAXQUOTAS; cnt++)
> > warntype[cnt] = QUOTA_NL_NOWARN;
> >
> > - down_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
> > - if (IS_NOQUOTA(inode)) { /* Now we can do reliable test... */
> > - up_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
> > - goto out_add;
> > - }
> > spin_lock(&dq_data_lock);
> > for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
> > if (inode->i_dquot[cnt] == NODQUOT)
> > continue;
> > - if (check_bdq(inode->i_dquot[cnt], number, warn, warntype+cnt) == NO_QUOTA)
> > - goto warn_put_all;
> > + if (check_bdq(inode->i_dquot[cnt], number, warn, warntype+cnt)
> > + == NO_QUOTA) {
> > + ret = NO_QUOTA;
> > + goto out_unlock;
> > + }
> > }
> > for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
> > if (inode->i_dquot[cnt] == NODQUOT)
> > continue;
> > - dquot_incr_space(inode->i_dquot[cnt], number);
> > + if (reserve)
> > + dquot_resv_space(inode->i_dquot[cnt], number);
> > + else
> > + dquot_incr_space(inode->i_dquot[cnt], number);
> > }
> > - inode_add_bytes(inode, number);
> > - ret = QUOTA_OK;
> > -warn_put_all:
> > - spin_unlock(&dq_data_lock);
> > - if (ret == QUOTA_OK)
> > - /* Dirtify all the dquots - this can block when journalling */
> > - for (cnt = 0; cnt < MAXQUOTAS; cnt++)
> > - if (inode->i_dquot[cnt])
> > - mark_dquot_dirty(inode->i_dquot[cnt]);
> > +out_unlock:
> > flush_warnings(inode->i_dquot, warntype);
> > + spin_unlock(&dq_data_lock);
> > + return ret;
> > +}
> > +
> > +int dquot_alloc_space(struct inode *inode, qsize_t number, int warn)
> > +{
> > + int cnt, ret = QUOTA_OK;
> > +
> > + /*
> > + * First test before acquiring mutex - solves deadlocks when we
> > + * re-enter the quota code and are already holding the mutex
> > + */
> > + if (IS_NOQUOTA(inode)) {
> > + inode_add_bytes(inode, number);
> > + return ret;
> > + }
> > +
> > + down_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
> > + if (IS_NOQUOTA(inode)) {
> > + /* Now we can do reliable test... */
> > + up_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
> > + inode_add_bytes(inode, number);
> > + return ret;
> > + }
> > +
> > + ret = __dquot_alloc_space(inode, number, warn, 0);
> > + if (ret == NO_QUOTA) {
> > + up_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
> > + return ret;
> > + }
> > +
> > + /* Dirtify all the dquots - this can block when journalling */
> > + for (cnt = 0; cnt < MAXQUOTAS; cnt++)
> > + if (inode->i_dquot[cnt])
> > + mark_dquot_dirty(inode->i_dquot[cnt]);
> > + up_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
> > + inode_add_bytes(inode, number);
> > + return ret;
> > +}
> > +
> > +int dquot_reserve_space(struct inode *inode, qsize_t number, int warn)
> > +{
> > + int ret = QUOTA_OK;
> > +
> > + if (IS_NOQUOTA(inode))
> > + return ret;
> > +
> > + down_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
> > + if (IS_NOQUOTA(inode)) {
> > + /* Now we can do reliable test... */
> > + up_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
> > + return ret;
> > + }
> > +
> > + ret = __dquot_alloc_space(inode, number, warn, 1);
> > up_read(&sb_dqopt(inode->i_sb)->dqptr_sem);
> > return ret;
> > }
> > @@ -1958,7 +2010,7 @@ static void do_get_dqblk(struct dquot *d
> > spin_lock(&dq_data_lock);
> > di->dqb_bhardlimit = stoqb(dm->dqb_bhardlimit);
> > di->dqb_bsoftlimit = stoqb(dm->dqb_bsoftlimit);
> > - di->dqb_curspace = dm->dqb_curspace;
> > + di->dqb_curspace = dm->dqb_curspace + dm->dqb_rsvspace;
> > di->dqb_ihardlimit = dm->dqb_ihardlimit;
> > di->dqb_isoftlimit = dm->dqb_isoftlimit;
> > di->dqb_curinodes = dm->dqb_curinodes;
> > @@ -2297,6 +2349,7 @@ EXPORT_SYMBOL(dquot_alloc_space);
> > EXPORT_SYMBOL(dquot_alloc_inode);
> > EXPORT_SYMBOL(dquot_free_space);
> > EXPORT_SYMBOL(dquot_free_inode);
> > +EXPORT_SYMBOL (dquot_reserve_space);
> > EXPORT_SYMBOL(dquot_transfer);
> > EXPORT_SYMBOL(vfs_dq_transfer);
> > EXPORT_SYMBOL(vfs_dq_quota_on_remount);
> > Index: linux-2.6.28-rc2/include/linux/quota.h
> > ===================================================================
> > --- linux-2.6.28-rc2.orig/include/linux/quota.h 2008-10-28 16:01:46.000000000 -0700
> > +++ linux-2.6.28-rc2/include/linux/quota.h 2008-10-28 16:36:12.000000000 -0700
> > @@ -186,6 +186,7 @@ struct mem_dqblk {
> > qsize_t dqb_bhardlimit; /* absolute limit on disk blks alloc */
> > qsize_t dqb_bsoftlimit; /* preferred limit on disk blks */
> > qsize_t dqb_curspace; /* current used space */
> > + qsize_t dqb_rsvspace; /* current reserved space for delalloc*/
> > qsize_t dqb_ihardlimit; /* absolute limit on allocated inodes */
> > qsize_t dqb_isoftlimit; /* preferred inode limit */
> > qsize_t dqb_curinodes; /* current # allocated inodes */
> > @@ -291,6 +292,7 @@ struct dquot_operations {
> > int (*release_dquot) (struct dquot *); /* Quota is going to be deleted from disk */
> > int (*mark_dirty) (struct dquot *); /* Dquot is marked dirty */
> > int (*write_info) (struct super_block *, int); /* Write of quota "superblock" */
> > + int (*reserve_space) (struct inode *, qsize_t, int); /* reserve quota for delayed block allocation */
> > };
> >
> > /* Operations handling requests from userspace */
> > Index: linux-2.6.28-rc2/include/linux/quotaops.h
> > ===================================================================
> > --- linux-2.6.28-rc2.orig/include/linux/quotaops.h 2008-10-28 16:01:43.000000000 -0700
> > +++ linux-2.6.28-rc2/include/linux/quotaops.h 2008-10-28 16:39:38.000000000 -0700
> > @@ -176,6 +176,16 @@ static inline int vfs_dq_alloc_space(str
> > return ret;
> > }
> >
> > +static inline int vfs_dq_reserve_space(struct inode *inode, qsize_t nr)
> > +{
> > + if (sb_any_quota_active(inode->i_sb)) {
> > + /* Used space is updated in alloc_space() */
> > + if (inode->i_sb->dq_op->reserve_space(inode, nr, 0) == NO_QUOTA)
> > + return 1;
> > + }
> > + return 0;
> > +}
> > +
> > static inline int vfs_dq_alloc_inode(struct inode *inode)
> > {
> > if (sb_any_quota_active(inode->i_sb)) {
> > @@ -327,6 +337,11 @@ static inline int vfs_dq_alloc_space(str
> > return 0;
> > }
> >
> > +static inline int vfs_dq_reserve_space(struct inode *inode, qsize_t nr)
> > +{
> > + return 0;
> > +}
> > +
> > static inline void vfs_dq_free_space_nodirty(struct inode *inode, qsize_t nr)
> > {
> > inode_sub_bytes(inode, nr);
> > @@ -358,12 +373,19 @@ static inline int vfs_dq_alloc_block_nod
> > nr << inode->i_sb->s_blocksize_bits);
> > }
> >
> > +
> > static inline int vfs_dq_alloc_block(struct inode *inode, qsize_t nr)
> > {
> > return vfs_dq_alloc_space(inode,
> > nr << inode->i_sb->s_blocksize_bits);
> > }
> >
> > +static inline int vfs_dq_reserve_block(struct inode *inode, qsize_t nr)
> > +{
> > + return vfs_dq_reserve_space(inode,
> > + nr << inode->i_sb->s_blocksize_bits);
> > +}
> > +
> > static inline void vfs_dq_free_block_nodirty(struct inode *inode, qsize_t nr)
> > {
> > vfs_dq_free_space_nodirty(inode, nr << inode->i_sb->s_blocksize_bits);
> > @@ -392,6 +414,7 @@ static inline void vfs_dq_free_block(str
> > #define DQUOT_ALLOC_BLOCK_NODIRTY(inode, nr) \
> > vfs_dq_alloc_block_nodirty(inode, nr)
> > #define DQUOT_ALLOC_BLOCK(inode, nr) vfs_dq_alloc_block(inode, nr)
> > +#define DQUOT_RESERVE_BLOCK(inode, nr) vfs_dq_reserve_block(inode, nr)
> > #define DQUOT_ALLOC_INODE(inode) vfs_dq_alloc_inode(inode)
> > #define DQUOT_FREE_SPACE_NODIRTY(inode, nr) \
> > vfs_dq_free_space_nodirty(inode, nr)
> >
> >
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists