On Tue 25-07-23 16:45:07, cem@xxxxxxxxxx wrote: > From: Carlos Maiolino <cem@xxxxxxxxxx> > > Add new shmem quota format, its quota_format_ops together with > dquot_operations > > Signed-off-by: Lukas Czerner <lczerner@xxxxxxxxxx> > Signed-off-by: Carlos Maiolino <cmaiolino@xxxxxxxxxx> Looks good to me. Feel free to add: Reviewed-by: Jan Kara <jack@xxxxxxx> Honza > --- > fs/Kconfig | 12 ++ > include/linux/shmem_fs.h | 12 ++ > include/uapi/linux/quota.h | 1 + > mm/Makefile | 2 +- > mm/shmem_quota.c | 318 +++++++++++++++++++++++++++++++++++++ > 5 files changed, 344 insertions(+), 1 deletion(-) > create mode 100644 mm/shmem_quota.c > > diff --git a/fs/Kconfig b/fs/Kconfig > index 18d034ec7953..8218a71933f9 100644 > --- a/fs/Kconfig > +++ b/fs/Kconfig > @@ -233,6 +233,18 @@ config TMPFS_INODE64 > > If unsure, say N. > > +config TMPFS_QUOTA > + bool "Tmpfs quota support" > + depends on TMPFS > + select QUOTA > + help > + Quota support allows to set per user and group limits for tmpfs > + usage. Say Y to enable quota support. Once enabled you can control > + user and group quota enforcement with quota, usrquota and grpquota > + mount options. > + > + If unsure, say N. > + > config ARCH_SUPPORTS_HUGETLBFS > def_bool n > > diff --git a/include/linux/shmem_fs.h b/include/linux/shmem_fs.h > index 9029abd29b1c..7abfaf70b58a 100644 > --- a/include/linux/shmem_fs.h > +++ b/include/linux/shmem_fs.h > @@ -13,6 +13,10 @@ > > /* inode in-kernel data */ > > +#ifdef CONFIG_TMPFS_QUOTA > +#define SHMEM_MAXQUOTAS 2 > +#endif > + > struct shmem_inode_info { > spinlock_t lock; > unsigned int seals; /* shmem seals */ > @@ -172,4 +176,12 @@ extern int shmem_mfill_atomic_pte(pmd_t *dst_pmd, > #endif /* CONFIG_SHMEM */ > #endif /* CONFIG_USERFAULTFD */ > > +/* > + * Used space is stored as unsigned 64-bit value in bytes but > + * quota core supports only signed 64-bit values so use that > + * as a limit > + */ > +#define SHMEM_QUOTA_MAX_SPC_LIMIT 0x7fffffffffffffffLL /* 2^63-1 */ > +#define SHMEM_QUOTA_MAX_INO_LIMIT 0x7fffffffffffffffLL > + > #endif > diff --git a/include/uapi/linux/quota.h b/include/uapi/linux/quota.h > index f17c9636a859..52090105b828 100644 > --- a/include/uapi/linux/quota.h > +++ b/include/uapi/linux/quota.h > @@ -77,6 +77,7 @@ > #define QFMT_VFS_V0 2 > #define QFMT_OCFS2 3 > #define QFMT_VFS_V1 4 > +#define QFMT_SHMEM 5 > > /* Size of block in which space limits are passed through the quota > * interface */ > diff --git a/mm/Makefile b/mm/Makefile > index 678530a07326..d4ee20988dd1 100644 > --- a/mm/Makefile > +++ b/mm/Makefile > @@ -51,7 +51,7 @@ obj-y := filemap.o mempool.o oom_kill.o fadvise.o \ > readahead.o swap.o truncate.o vmscan.o shmem.o \ > util.o mmzone.o vmstat.o backing-dev.o \ > mm_init.o percpu.o slab_common.o \ > - compaction.o show_mem.o\ > + compaction.o show_mem.o shmem_quota.o\ > interval_tree.o list_lru.o workingset.o \ > debug.o gup.o mmap_lock.o $(mmu-y) > > diff --git a/mm/shmem_quota.c b/mm/shmem_quota.c > new file mode 100644 > index 000000000000..e92b8ece9880 > --- /dev/null > +++ b/mm/shmem_quota.c > @@ -0,0 +1,318 @@ > +// SPDX-License-Identifier: GPL-2.0-only > +/* > + * In memory quota format relies on quota infrastructure to store dquot > + * information for us. While conventional quota formats for file systems > + * with persistent storage can load quota information into dquot from the > + * storage on-demand and hence quota dquot shrinker can free any dquot > + * that is not currently being used, it must be avoided here. Otherwise we > + * can lose valuable information, user provided limits, because there is > + * no persistent storage to load the information from afterwards. > + * > + * One information that in-memory quota format needs to keep track of is > + * a sorted list of ids for each quota type. This is done by utilizing > + * an rb tree which root is stored in mem_dqinfo->dqi_priv for each quota > + * type. > + * > + * This format can be used to support quota on file system without persistent > + * storage such as tmpfs. > + * > + * Author: Lukas Czerner <lczerner@xxxxxxxxxx> > + * Carlos Maiolino <cmaiolino@xxxxxxxxxx> > + * > + * Copyright (C) 2023 Red Hat, Inc. > + */ > +#include <linux/errno.h> > +#include <linux/fs.h> > +#include <linux/mount.h> > +#include <linux/kernel.h> > +#include <linux/init.h> > +#include <linux/module.h> > +#include <linux/slab.h> > +#include <linux/rbtree.h> > +#include <linux/shmem_fs.h> > + > +#include <linux/quotaops.h> > +#include <linux/quota.h> > + > +#ifdef CONFIG_TMPFS_QUOTA > + > +/* > + * The following constants define the amount of time given a user > + * before the soft limits are treated as hard limits (usually resulting > + * in an allocation failure). The timer is started when the user crosses > + * their soft limit, it is reset when they go below their soft limit. > + */ > +#define SHMEM_MAX_IQ_TIME 604800 /* (7*24*60*60) 1 week */ > +#define SHMEM_MAX_DQ_TIME 604800 /* (7*24*60*60) 1 week */ > + > +struct quota_id { > + struct rb_node node; > + qid_t id; > + qsize_t bhardlimit; > + qsize_t bsoftlimit; > + qsize_t ihardlimit; > + qsize_t isoftlimit; > +}; > + > +static int shmem_check_quota_file(struct super_block *sb, int type) > +{ > + /* There is no real quota file, nothing to do */ > + return 1; > +} > + > +/* > + * There is no real quota file. Just allocate rb_root for quota ids and > + * set limits > + */ > +static int shmem_read_file_info(struct super_block *sb, int type) > +{ > + struct quota_info *dqopt = sb_dqopt(sb); > + struct mem_dqinfo *info = &dqopt->info[type]; > + > + info->dqi_priv = kzalloc(sizeof(struct rb_root), GFP_NOFS); > + if (!info->dqi_priv) > + return -ENOMEM; > + > + info->dqi_max_spc_limit = SHMEM_QUOTA_MAX_SPC_LIMIT; > + info->dqi_max_ino_limit = SHMEM_QUOTA_MAX_INO_LIMIT; > + > + info->dqi_bgrace = SHMEM_MAX_DQ_TIME; > + info->dqi_igrace = SHMEM_MAX_IQ_TIME; > + info->dqi_flags = 0; > + > + return 0; > +} > + > +static int shmem_write_file_info(struct super_block *sb, int type) > +{ > + /* There is no real quota file, nothing to do */ > + return 0; > +} > + > +/* > + * Free all the quota_id entries in the rb tree and rb_root. > + */ > +static int shmem_free_file_info(struct super_block *sb, int type) > +{ > + struct mem_dqinfo *info = &sb_dqopt(sb)->info[type]; > + struct rb_root *root = info->dqi_priv; > + struct quota_id *entry; > + struct rb_node *node; > + > + info->dqi_priv = NULL; > + node = rb_first(root); > + while (node) { > + entry = rb_entry(node, struct quota_id, node); > + node = rb_next(&entry->node); > + > + rb_erase(&entry->node, root); > + kfree(entry); > + } > + > + kfree(root); > + return 0; > +} > + > +static int shmem_get_next_id(struct super_block *sb, struct kqid *qid) > +{ > + struct mem_dqinfo *info = sb_dqinfo(sb, qid->type); > + struct rb_node *node = ((struct rb_root *)info->dqi_priv)->rb_node; > + qid_t id = from_kqid(&init_user_ns, *qid); > + struct quota_info *dqopt = sb_dqopt(sb); > + struct quota_id *entry = NULL; > + int ret = 0; > + > + if (!sb_has_quota_active(sb, qid->type)) > + return -ESRCH; > + > + down_read(&dqopt->dqio_sem); > + while (node) { > + entry = rb_entry(node, struct quota_id, node); > + > + if (id < entry->id) > + node = node->rb_left; > + else if (id > entry->id) > + node = node->rb_right; > + else > + goto got_next_id; > + } > + > + if (!entry) { > + ret = -ENOENT; > + goto out_unlock; > + } > + > + if (id > entry->id) { > + node = rb_next(&entry->node); > + if (!node) { > + ret = -ENOENT; > + goto out_unlock; > + } > + entry = rb_entry(node, struct quota_id, node); > + } > + > +got_next_id: > + *qid = make_kqid(&init_user_ns, qid->type, entry->id); > +out_unlock: > + up_read(&dqopt->dqio_sem); > + return ret; > +} > + > +/* > + * Load dquot with limits from existing entry, or create the new entry if > + * it does not exist. > + */ > +static int shmem_acquire_dquot(struct dquot *dquot) > +{ > + struct mem_dqinfo *info = sb_dqinfo(dquot->dq_sb, dquot->dq_id.type); > + struct rb_node **n = &((struct rb_root *)info->dqi_priv)->rb_node; > + struct rb_node *parent = NULL, *new_node = NULL; > + struct quota_id *new_entry, *entry; > + qid_t id = from_kqid(&init_user_ns, dquot->dq_id); > + struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); > + int ret = 0; > + > + mutex_lock(&dquot->dq_lock); > + > + down_write(&dqopt->dqio_sem); > + while (*n) { > + parent = *n; > + entry = rb_entry(parent, struct quota_id, node); > + > + if (id < entry->id) > + n = &(*n)->rb_left; > + else if (id > entry->id) > + n = &(*n)->rb_right; > + else > + goto found; > + } > + > + /* We don't have entry for this id yet, create it */ > + new_entry = kzalloc(sizeof(struct quota_id), GFP_NOFS); > + if (!new_entry) { > + ret = -ENOMEM; > + goto out_unlock; > + } > + > + new_entry->id = id; > + new_node = &new_entry->node; > + rb_link_node(new_node, parent, n); > + rb_insert_color(new_node, (struct rb_root *)info->dqi_priv); > + entry = new_entry; > + > +found: > + /* Load the stored limits from the tree */ > + spin_lock(&dquot->dq_dqb_lock); > + dquot->dq_dqb.dqb_bhardlimit = entry->bhardlimit; > + dquot->dq_dqb.dqb_bsoftlimit = entry->bsoftlimit; > + dquot->dq_dqb.dqb_ihardlimit = entry->ihardlimit; > + dquot->dq_dqb.dqb_isoftlimit = entry->isoftlimit; > + > + if (!dquot->dq_dqb.dqb_bhardlimit && > + !dquot->dq_dqb.dqb_bsoftlimit && > + !dquot->dq_dqb.dqb_ihardlimit && > + !dquot->dq_dqb.dqb_isoftlimit) > + set_bit(DQ_FAKE_B, &dquot->dq_flags); > + spin_unlock(&dquot->dq_dqb_lock); > + > + /* Make sure flags update is visible after dquot has been filled */ > + smp_mb__before_atomic(); > + set_bit(DQ_ACTIVE_B, &dquot->dq_flags); > +out_unlock: > + up_write(&dqopt->dqio_sem); > + mutex_unlock(&dquot->dq_lock); > + return ret; > +} > + > +/* > + * Store limits from dquot in the tree unless it's fake. If it is fake > + * remove the id from the tree since there is no useful information in > + * there. > + */ > +static int shmem_release_dquot(struct dquot *dquot) > +{ > + struct mem_dqinfo *info = sb_dqinfo(dquot->dq_sb, dquot->dq_id.type); > + struct rb_node *node = ((struct rb_root *)info->dqi_priv)->rb_node; > + qid_t id = from_kqid(&init_user_ns, dquot->dq_id); > + struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); > + struct quota_id *entry = NULL; > + > + mutex_lock(&dquot->dq_lock); > + /* Check whether we are not racing with some other dqget() */ > + if (dquot_is_busy(dquot)) > + goto out_dqlock; > + > + down_write(&dqopt->dqio_sem); > + while (node) { > + entry = rb_entry(node, struct quota_id, node); > + > + if (id < entry->id) > + node = node->rb_left; > + else if (id > entry->id) > + node = node->rb_right; > + else > + goto found; > + } > + > + /* We should always find the entry in the rb tree */ > + WARN_ONCE(1, "quota id %u from dquot %p, not in rb tree!\n", id, dquot); > + up_write(&dqopt->dqio_sem); > + mutex_unlock(&dquot->dq_lock); > + return -ENOENT; > + > +found: > + if (test_bit(DQ_FAKE_B, &dquot->dq_flags)) { > + /* Remove entry from the tree */ > + rb_erase(&entry->node, info->dqi_priv); > + kfree(entry); > + } else { > + /* Store the limits in the tree */ > + spin_lock(&dquot->dq_dqb_lock); > + entry->bhardlimit = dquot->dq_dqb.dqb_bhardlimit; > + entry->bsoftlimit = dquot->dq_dqb.dqb_bsoftlimit; > + entry->ihardlimit = dquot->dq_dqb.dqb_ihardlimit; > + entry->isoftlimit = dquot->dq_dqb.dqb_isoftlimit; > + spin_unlock(&dquot->dq_dqb_lock); > + } > + > + clear_bit(DQ_ACTIVE_B, &dquot->dq_flags); > + up_write(&dqopt->dqio_sem); > + > +out_dqlock: > + mutex_unlock(&dquot->dq_lock); > + return 0; > +} > + > +static int shmem_mark_dquot_dirty(struct dquot *dquot) > +{ > + return 0; > +} > + > +static int shmem_dquot_write_info(struct super_block *sb, int type) > +{ > + return 0; > +} > + > +static const struct quota_format_ops shmem_format_ops = { > + .check_quota_file = shmem_check_quota_file, > + .read_file_info = shmem_read_file_info, > + .write_file_info = shmem_write_file_info, > + .free_file_info = shmem_free_file_info, > +}; > + > +struct quota_format_type shmem_quota_format = { > + .qf_fmt_id = QFMT_SHMEM, > + .qf_ops = &shmem_format_ops, > + .qf_owner = THIS_MODULE > +}; > + > +const struct dquot_operations shmem_quota_operations = { > + .acquire_dquot = shmem_acquire_dquot, > + .release_dquot = shmem_release_dquot, > + .alloc_dquot = dquot_alloc, > + .destroy_dquot = dquot_destroy, > + .write_info = shmem_dquot_write_info, > + .mark_dirty = shmem_mark_dquot_dirty, > + .get_next_id = shmem_get_next_id, > +}; > +#endif /* CONFIG_TMPFS_QUOTA */ > -- > 2.39.2 > -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR