nmount(2), NFS: Accept 'ngroups_max + 1' groups in "export" credentials

There is no technical reason to limit that to NGROUPS_MAX, which is off
by one and just our minimum maximum value.

Reviewed b

nmount(2), NFS: Accept 'ngroups_max + 1' groups in "export" credentials

There is no technical reason to limit that to NGROUPS_MAX, which is off
by one and just our minimum maximum value.

Reviewed by: rmacklem
Approved by: markj (mentor)
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47013

show more ...

vfs_domount_update(): postpone setting MNT_UNION until VFS_MOUNT() is done

The file system that handles updating the mount point might do lookups
during the update, in which case it could find the f

vfs_domount_update(): postpone setting MNT_UNION until VFS_MOUNT() is done

The file system that handles updating the mount point might do lookups
during the update, in which case it could find the flag MNT_UNION set on
the mp while mount point is still not updated. In particular, the
rootvp->v_mount->mnt_vnodecovered is not yet set.

Delay setting MNT_UNION until the mount is performed.

PR: 265311
Reported by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: mckusick, olce
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D45208

show more ...

vfs_domount_update(): style, use space instead of tab

Noted by: mckusick
Sponsored by: The FreeBSD Foundation
MFC after: 3 days

Abstract UIO allocation and deallocation.

Introduce the allocuio() and freeuio() functions to allocate and
deallocate struct uio. This hides the actual allocator interface, so it
is easier to modify

Abstract UIO allocation and deallocation.

Introduce the allocuio() and freeuio() functions to allocate and
deallocate struct uio. This hides the actual allocator interface, so it
is easier to modify the sub-allocation layout of struct uio and the
corresponding iovec array.

Obtained from: CheriBSD
Reviewed by: kib, markj
MFC after: 2 weeks
Sponsored by: CHaOS, EPSRC grant EP/V000292/1
Differential Revision: https://reviews.freebsd.org/D43711

show more ...

nmount: Ignore errors when copying out an error string

In general we copy error strings as part of reporting an error from
lower layers, so if the copyout() fails there's nothing to do since we'd
pr

nmount: Ignore errors when copying out an error string

In general we copy error strings as part of reporting an error from
lower layers, so if the copyout() fails there's nothing to do since we'd
prefer to preserve the original error.

This is in preparation for annotating copyin() and related functions
with __result_use_check.

Reviewed by: olce, kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43147

show more ...

vfs_domount_update(): correct fsidcmp() usage

MFC after: 3 days

sys: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remov

sys: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/

Sponsored by: Netflix

show more ...

nfsd: Fix NFS access to .zfs/snapshot snapshots

When a process attempts to access a snapshot under
/<dataset>/.zfs/snapshot, the snapshot is automounted.
However, without this patch, the automount d

nfsd: Fix NFS access to .zfs/snapshot snapshots

When a process attempts to access a snapshot under
/<dataset>/.zfs/snapshot, the snapshot is automounted.
However, without this patch, the automount does not
set mnt_exjail, which results in the snapshot not being
accessible over NFS.

This patch defines a new function called vfs_exjail_clone()
which sets mnt_exjail from another mount point and
then uses that function to set mnt_exjail in the snapshot
automount. A separate patch that is currently a pull request
for OpenZFS, calls this function to fix the problem.

PR: 275200
Reviewed by: markj
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D42672

show more ...

vfs mount: Consistently use ENODEV internally for an invalid fstype

Change vfs_byname_kld to always return an error value of ENODEV to
indicate an unsupported fstype leaving ENOENT to indicate error

vfs mount: Consistently use ENODEV internally for an invalid fstype

Change vfs_byname_kld to always return an error value of ENODEV to
indicate an unsupported fstype leaving ENOENT to indicate errors such
as a missing mount point or invalid path. This allows nmount(2) to
better distinguish these cases and avoid treating a missing device
node as an invalid fstype after commit 6e8272f317b8.

While here, change mount(2) to return EINVAL instead of ENODEV for an
invalid fstype to match nmount(2).

PR: 274600
Reviewed by: pstef, markj
Differential Revision: https://reviews.freebsd.org/D42327

show more ...

vfs_domount_update(): ensure that 'goto end' works

We need to vfs_op_enter()/vn_seqc_write_start() before jumping to
cleanup.

PR: 274992
Reported by: trasz
Sponsored by: The FreeBSD Foundation
MFC

vfs_domount_update(): ensure that 'goto end' works

We need to vfs_op_enter()/vn_seqc_write_start() before jumping to
cleanup.

PR: 274992
Reported by: trasz
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Fixes: 9ef7a491a4236810e50f0a2ee8d52f5c4bb02c64

show more ...

nmount(MNT_UPDATE): add optional generid fsid parameter

to check looked up path against specific mounted filesystem.

Reviewed by: mjg
Tested by: Andrew Gierth <andrew@tao146.riddles.org.uk>
Sponsor

nmount(MNT_UPDATE): add optional generid fsid parameter

to check looked up path against specific mounted filesystem.

Reviewed by: mjg
Tested by: Andrew Gierth <andrew@tao146.riddles.org.uk>
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D42023

show more ...

vfs_remount_ro(): mnt_lockref should be only accessed after vfs_op_enter()

PR: 273953
Sponsored by: The FreeBSD Foundation
MFC after: 1 week

sys: Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

vfs: Rename vfs_emptydir() to vn_dir_check_empty()

No functional change. While here, adapt comments to style(9).

Reviewed by: kib
MFC after: 1 week

vn_lock_pair(): allow to request shared locking

If either of vnodes is shared locked, lock must not be recursed.

Requested by: rmacklem
Reviewed by: markj, rmacklem
Tested by: pho
Sponsored by: The

vn_lock_pair(): allow to request shared locking

If either of vnodes is shared locked, lock must not be recursed.

Requested by: rmacklem
Reviewed by: markj, rmacklem
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D39444

show more ...

vfs_mount.c: Allow mountd(8) to do exports in a vnet prison

To run mountd in a vnet prison, three checks in vfs_domount()
and vfs_domount_update() related to doing exports needed
to be changed, so t

vfs_mount.c: Allow mountd(8) to do exports in a vnet prison

To run mountd in a vnet prison, three checks in vfs_domount()
and vfs_domount_update() related to doing exports needed
to be changed, so that a file system visible within the
prison but mounted outside the prison can be exported.

I did all three in a minimal way, only changing the checks for
the specific case of a process (typically mountd) doing exports
within a vnet prison and not updating the mount point in other
ways. The changes are:
- Ignore the error return from vfs_suser(), since the file
system being mounted outside the prison will cause it to fail.
- Use the priv_check(PRIV_NFS_DAEMON) for this specific case
within a prison.
- Skip the call to VFS_MOUNT(), since it will return an error,
due to the "from" argument not being set correctly. VFS_MOUNT()
does not appear to do anything for the case of doing exports only.

Reviewed by: markj
MFC after: 3 months
Differential Revision: https://reviews.freebsd.org/D37741

show more ...

vfs_export: Add mnt_exjail to control exports done in prisons

If there are multiple instances of mountd(8) (in different
prisons), there will be confusion if they manipulate the
exports of the same

vfs_export: Add mnt_exjail to control exports done in prisons

If there are multiple instances of mountd(8) (in different
prisons), there will be confusion if they manipulate the
exports of the same file system. This patch adds mnt_exjail
to "struct mount" so that the credentials (and, therefore,
the prison) that did the exports for that file system can
be recorded. If another prison has already exported the
file system, vfs_export() will fail with an error.
If mnt_exjail == NULL, the file system has not been exported.
mnt_exjail is checked by the NFS server, so that exports done
from within a different prison will not be used.

The patch also implements vfs_exjail_destroy(), which is
called from prison_cleanup() to release all the mnt_exjail
credential references, so that the prison can be removed.
Mainly to avoid doing a scan of the mountlist for the case
where there were no exports done from within the prison,
a count of how many file systems have been exported from
within the prison is kept in pr_exportcnt.

Reviewed by: markj
Discussed with: jamie
Differential Revision: https://reviews.freebsd.org/D38371
MFC after: 3 months

show more ...

vfs_mount.c: Free exports structures in vfs_destroy_mount()

During testing of exporting file systems in jails, I
noticed that the export structures on a mount
were not being free'd when the mount is

vfs_mount.c: Free exports structures in vfs_destroy_mount()

During testing of exporting file systems in jails, I
noticed that the export structures on a mount
were not being free'd when the mount is dismounted.

This bug appears to have been in the system for a
very long time. It would have resulted in a slow memory
leak when exported file systems were dismounted.

Prior to r362158, freeing the structures during dismount
would not have been safe, since VFS_CHECKEXP() returned
a pointer into an export structure, which might still have been
used by the NFS server for an in-progress RPC when the file system
is dismounted. r362158 fixed this, so it should now be safe
to free the structures in vfs_mount_destroy(), which is what
this patch does.

Reviewed by: kib
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D38385

show more ...

Don't allow stacking of file mounts

Reviewed by: mjg, kib
Tested by: pho

Allow realpath to work for file mounts

For file mounts, the directory vnode is not available from namei and this
prevents the use of vn_fullpath_hardlink. In this case, we can use the
vnode which wa

Allow realpath to work for file mounts

For file mounts, the directory vnode is not available from namei and this
prevents the use of vn_fullpath_hardlink. In this case, we can use the
vnode which was covered by the file mount with vn_fullpath.

This also disallows file mounts over files with link counts greater than
one to ensure a deterministic path to the mount point.

Reviewed by: mjg, kib
Tested by: pho

show more ...

Add support for mounting single files in nullfs

The main use-case for this is to support mounting config files and
secrets into OCI containers. My current workaround copies the files into
the contai

Add support for mounting single files in nullfs

The main use-case for this is to support mounting config files and
secrets into OCI containers. My current workaround copies the files into
the container which is messy and risks secrets leaking into container
images if the cleanup fails.

This adds a VFCF flag to indicate whether the filesystem supports file
mounts and allows fspath to be either a directory or a file if the flag
is set.

Test Plan:
$ sudo mkdir -p /mnt
$ sudo touch /mnt/foo
$ sudo mount -t nullfs /COPYRIGHT /mnt/foo

Reviewed by: mjg, kib
Tested by: pho

show more ...

vfs_mount.c: fix vfs_domount() for PRIV_VFS_MOUNT_EXPORTED

It appears that, prior to r158857 vfs_domount() checked
suser() when MNT_EXPORTED was specified.

r158857 appears to have broken this, sinc

vfs_mount.c: fix vfs_domount() for PRIV_VFS_MOUNT_EXPORTED

It appears that, prior to r158857 vfs_domount() checked
suser() when MNT_EXPORTED was specified.

r158857 appears to have broken this, since MNT_EXPORTED
was no longer set when mountd.c was converted to use nmount(2).
r164033 replaced the suser() check with
priv_check(td, PRIV_VFS_MOUNT_EXPORTED), which does the
same thing (ie. checks for effective uid == 0 assuming suses_enabled
is set).

This patch restores this check by setting MNT_EXPORTED when the
"export" mount option is specified to nmount().

I think this is reasonable since only mountd(8) should be setting
exports and I doubt any non-root mounted file system would
be setting its own exports.

Reviewed by: kib, markj
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D37718

show more ...

vfs_domount(): ensure that v_mountedhere and VIRF_MOUNTPOINT are set under the vnode lock

Fixes: f7833196bd6ba9bfc060a41b353422b15d6aa95b
Reported and tested by: pho
Reviewed by: jah, markj (previou

vfs_domount(): ensure that v_mountedhere and VIRF_MOUNTPOINT are set under the vnode lock

Fixes: f7833196bd6ba9bfc060a41b353422b15d6aa95b
Reported and tested by: pho
Reviewed by: jah, markj (previous version)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D37198

show more ...

vfs: stop using the V_MNTREF flag

Reviewed by: kib, mckusick
Differential Revision: https://reviews.freebsd.org/D36521

vfs_mount.c: convert explicit panics and KASSERTs to MPASSERT/MPPASS

Reviewed by: imp, mjg
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://review

vfs_mount.c: convert explicit panics and KASSERTs to MPASSERT/MPPASS

Reviewed by: imp, mjg
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D35652

show more ...