From 06963ef0d4ff9a6736f699d1ca8ef5a0c194799b Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" Date: Thu, 12 Nov 2020 16:49:42 -0500 Subject: [PATCH] xfs: widen ondisk quota expiration timestamps to handle y2038+ Source kernel commit: 4ea1ff3b49681af45a4a8c14baf7f0b3d11aa74a Enable the bigtime feature for quota timers. We decrease the accuracy of the timers to ~4s in exchange for being able to set timers up to the bigtime maximum. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig Reviewed-by: Allison Collins Reviewed-by: Dave Chinner Signed-off-by: Eric Sandeen --- NOTE: Again, slightly different macro names due to lack of the quota type/flags split. diff --git a/include/xfs_mount.h b/include/xfs_mount.h index 8651d6a..beb2328 100644 --- a/include/xfs_mount.h +++ b/include/xfs_mount.h @@ -202,4 +202,8 @@ extern xfs_mount_t *libxfs_mount (xfs_mount_t *, xfs_sb_t *, extern void libxfs_umount (xfs_mount_t *); extern void libxfs_rtmount_destroy (xfs_mount_t *); +/* Dummy xfs_dquot so that libxfs compiles. */ +struct xfs_dquot { + int q_type; +}; #endif /* __XFS_MOUNT_H__ */ diff --git a/libxfs/xfs_dquot_buf.c b/libxfs/xfs_dquot_buf.c index 963f8ea..db93dda 100644 --- a/libxfs/xfs_dquot_buf.c +++ b/libxfs/xfs_dquot_buf.c @@ -69,6 +69,13 @@ xfs_dquot_verify( ddq_type != XFS_DQ_GROUP) return __this_address; + if ((ddq->d_flags & XFS_DQ_BIGTIME) && + !xfs_sb_version_hasbigtime(&mp->m_sb)) + return __this_address; + + if ((ddq->d_flags & XFS_DQ_BIGTIME) && !ddq->d_id) + return __this_address; + if (id != -1 && id != be32_to_cpu(ddq->d_id)) return __this_address; @@ -293,7 +300,12 @@ xfs_dquot_from_disk_ts( struct xfs_disk_dquot *ddq, __be32 dtimer) { - return be32_to_cpu(dtimer); + uint32_t t = be32_to_cpu(dtimer); + + if (t != 0 && (ddq->d_flags & XFS_DQ_BIGTIME)) + return xfs_dq_bigtime_to_unix(t); + + return t; } /* Convert an incore timer value into an on-disk timer value. */ @@ -302,5 +314,10 @@ xfs_dquot_to_disk_ts( struct xfs_dquot *dqp, time64_t timer) { - return cpu_to_be32(timer); + uint32_t t = timer; + + if (timer != 0 && (dqp->q_type & XFS_DQ_BIGTIME)) + t = xfs_dq_unix_to_bigtime(timer); + + return cpu_to_be32(t); } diff --git a/libxfs/xfs_format.h b/libxfs/xfs_format.h index b1f6219..9ba65e5 100644 --- a/libxfs/xfs_format.h +++ b/libxfs/xfs_format.h @@ -1263,6 +1263,10 @@ static inline bool xfs_dinode_has_bigtime(const struct xfs_dinode *dip) * ondisk min and max defined here can be used directly to constrain the incore * quota expiration timestamps on a Unix system. * + * When bigtime is enabled, we trade two bits of precision to expand the + * expiration timeout range to match that of big inode timestamps. The min and + * max recorded here are the on-disk limits, not a Unix timestamp. + * * The grace period for each quota type is stored in the root dquot (id = 0) * and is applied to a non-root dquot when it exceeds the soft or hard limits. * The length of quota grace periods are unsigned 32-bit quantities measured in @@ -1281,6 +1285,48 @@ static inline bool xfs_dinode_has_bigtime(const struct xfs_dinode *dip) */ #define XFS_DQ_LEGACY_EXPIRY_MAX ((int64_t)U32_MAX) +/* + * Smallest possible ondisk quota expiration value with bigtime timestamps. + * This corresponds (after conversion to a Unix timestamp) with the incore + * expiration of Jan 1 00:00:04 UTC 1970. + */ +#define XFS_DQ_BIGTIME_EXPIRY_MIN (XFS_DQ_LEGACY_EXPIRY_MIN) + +/* + * Largest supported ondisk quota expiration value with bigtime timestamps. + * This corresponds (after conversion to a Unix timestamp) with an incore + * expiration of Jul 2 20:20:24 UTC 2486. + * + * The ondisk field supports values up to -1U, which corresponds to an incore + * expiration in 2514. This is beyond the maximum the bigtime inode timestamp, + * so we cap the maximum bigtime quota expiration to the max inode timestamp. + */ +#define XFS_DQ_BIGTIME_EXPIRY_MAX ((int64_t)4074815106U) + +/* + * The following conversion factors assist in converting a quota expiration + * timestamp between the incore and ondisk formats. + */ +#define XFS_DQ_BIGTIME_SHIFT (2) +#define XFS_DQ_BIGTIME_SLACK ((int64_t)(1ULL << XFS_DQ_BIGTIME_SHIFT) - 1) + +/* Convert an incore quota expiration timestamp to an ondisk bigtime value. */ +static inline uint32_t xfs_dq_unix_to_bigtime(time64_t unix_seconds) +{ + /* + * Round the expiration timestamp up to the nearest bigtime timestamp + * that we can store, to give users the most time to fix problems. + */ + return ((uint64_t)unix_seconds + XFS_DQ_BIGTIME_SLACK) >> + XFS_DQ_BIGTIME_SHIFT; +} + +/* Convert an ondisk bigtime quota expiration value to an incore timestamp. */ +static inline time64_t xfs_dq_bigtime_to_unix(uint32_t ondisk_seconds) +{ + return (time64_t)ondisk_seconds << XFS_DQ_BIGTIME_SHIFT; +} + /* * Default quota grace periods, ranging from zero (use the compiled defaults) * to ~136 years. These are applied to a non-root dquot that has exceeded diff --git a/libxfs/xfs_quota_defs.h b/libxfs/xfs_quota_defs.h index 2f61cd3..70d89cc 100644 --- a/libxfs/xfs_quota_defs.h +++ b/libxfs/xfs_quota_defs.h @@ -28,17 +28,20 @@ typedef uint16_t xfs_qwarncnt_t; #define XFS_DQ_GROUP 0x0004 /* a group quota */ #define XFS_DQ_DIRTY 0x0008 /* dquot is dirty */ #define XFS_DQ_FREEING 0x0010 /* dquot is being torn down */ +#define XFS_DQ_BIGTIME 0x0080 /* large expiry timestamps */ #define XFS_DQ_ALLTYPES (XFS_DQ_USER|XFS_DQ_PROJ|XFS_DQ_GROUP) -#define XFS_DQTYPE_ANY (XFS_DQ_ALLTYPES) +#define XFS_DQTYPE_ANY (XFS_DQ_ALLTYPES | \ + XFS_DQ_BIGTIME) #define XFS_DQ_FLAGS \ { XFS_DQ_USER, "USER" }, \ { XFS_DQ_PROJ, "PROJ" }, \ { XFS_DQ_GROUP, "GROUP" }, \ { XFS_DQ_DIRTY, "DIRTY" }, \ - { XFS_DQ_FREEING, "FREEING" } + { XFS_DQ_FREEING, "FREEING" }, \ + { XFS_DQ_BIGTIME, "BIGTIME" } /* * We have the possibility of all three quota types being active at once, and