xfs: shut down the filesystem if we screw up quota reservation

If we ever screw up the quota reservations enough to trip the
assertions, something's wrong with the quota code.  Shut down the
filesystem when this happens, because this is corruption.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Brian Foster <bfoster@redhat.com>

diff --git a/fs/xfs/xfs_trans_dquot.c b/fs/xfs/xfs_trans_dquot.c
index a1a72b7900c5a0cfd9a85332d339b1218163a9d8..48e09ea30ee53999e20d4640f9f9ad7b6698bce3 100644 (file)
--- a/fs/xfs/xfs_trans_dquot.c
+++ b/fs/xfs/xfs_trans_dquot.c
@@ -16,6 +16,7 @@
 #include "xfs_quota.h"
 #include "xfs_qm.h"
 #include "xfs_trace.h"
+#include "xfs_error.h"
 
 STATIC void    xfs_trans_alloc_dqinfo(xfs_trans_t *);
 
@@ -691,9 +692,11 @@ xfs_trans_dqresv(
                                    nblks);
                xfs_trans_mod_dquot(tp, dqp, XFS_TRANS_DQ_RES_INOS, ninos);
        }
-       ASSERT(dqp->q_blk.reserved >= dqp->q_blk.count);
-       ASSERT(dqp->q_rtb.reserved >= dqp->q_rtb.count);
-       ASSERT(dqp->q_ino.reserved >= dqp->q_ino.count);
+
+       if (XFS_IS_CORRUPT(mp, dqp->q_blk.reserved < dqp->q_blk.count) ||
+           XFS_IS_CORRUPT(mp, dqp->q_rtb.reserved < dqp->q_rtb.count) ||
+           XFS_IS_CORRUPT(mp, dqp->q_ino.reserved < dqp->q_ino.count))
+               goto error_corrupt;
 
        xfs_dqunlock(dqp);
        return 0;
@@ -703,6 +706,10 @@ error_return:
        if (xfs_dquot_type(dqp) == XFS_DQTYPE_PROJ)
                return -ENOSPC;
        return -EDQUOT;
+error_corrupt:
+       xfs_dqunlock(dqp);
+       xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE);
+       return -EFSCORRUPTED;
 }