1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1999-2004 Poul-Henning Kamp
5 * Copyright (c) 1999 Michael Smith
6 * Copyright (c) 1989, 1993
7 * The Regents of the University of California. All rights reserved.
8 * (c) UNIX System Laboratories, Inc.
9 * All or some portions of this file are derived from material licensed
10 * to the University of California by American Telephone and Telegraph
11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
12 * the permission of UNIX System Laboratories, Inc.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
16 * are met:
17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in the
21 * documentation and/or other materials provided with the distribution.
22 * 3. Neither the name of the University nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 */
38
39 #include <sys/param.h>
40 #include <sys/conf.h>
41 #include <sys/smp.h>
42 #include <sys/devctl.h>
43 #include <sys/eventhandler.h>
44 #include <sys/fcntl.h>
45 #include <sys/jail.h>
46 #include <sys/kernel.h>
47 #include <sys/ktr.h>
48 #include <sys/libkern.h>
49 #include <sys/limits.h>
50 #include <sys/malloc.h>
51 #include <sys/mount.h>
52 #include <sys/mutex.h>
53 #include <sys/namei.h>
54 #include <sys/priv.h>
55 #include <sys/proc.h>
56 #include <sys/filedesc.h>
57 #include <sys/reboot.h>
58 #include <sys/sbuf.h>
59 #include <sys/stdarg.h>
60 #include <sys/syscallsubr.h>
61 #include <sys/sysproto.h>
62 #include <sys/sx.h>
63 #include <sys/sysctl.h>
64 #include <sys/systm.h>
65 #include <sys/taskqueue.h>
66 #include <sys/vnode.h>
67 #include <vm/uma.h>
68
69 #include <geom/geom.h>
70
71 #include <security/audit/audit.h>
72 #include <security/mac/mac_framework.h>
73
74 #define VFS_MOUNTARG_SIZE_MAX (1024 * 64)
75
76 static int vfs_domount(struct thread *td, const char *fstype, char *fspath,
77 uint64_t fsflags, bool only_export, bool jail_export,
78 struct vfsoptlist **optlist);
79 static void free_mntarg(struct mntarg *ma);
80
81 static int usermount = 0;
82 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0,
83 "Unprivileged users may mount and unmount file systems");
84
85 static bool default_autoro = false;
86 SYSCTL_BOOL(_vfs, OID_AUTO, default_autoro, CTLFLAG_RW, &default_autoro, 0,
87 "Retry failed r/w mount as r/o if no explicit ro/rw option is specified");
88
89 static bool recursive_forced_unmount = false;
90 SYSCTL_BOOL(_vfs, OID_AUTO, recursive_forced_unmount, CTLFLAG_RW,
91 &recursive_forced_unmount, 0, "Recursively unmount stacked upper mounts"
92 " when a file system is forcibly unmounted");
93
94 static SYSCTL_NODE(_vfs, OID_AUTO, deferred_unmount,
95 CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "deferred unmount controls");
96
97 static unsigned int deferred_unmount_retry_limit = 10;
98 SYSCTL_UINT(_vfs_deferred_unmount, OID_AUTO, retry_limit, CTLFLAG_RW,
99 &deferred_unmount_retry_limit, 0,
100 "Maximum number of retries for deferred unmount failure");
101
102 static int deferred_unmount_retry_delay_hz;
103 SYSCTL_INT(_vfs_deferred_unmount, OID_AUTO, retry_delay_hz, CTLFLAG_RW,
104 &deferred_unmount_retry_delay_hz, 0,
105 "Delay in units of [1/kern.hz]s when retrying a failed deferred unmount");
106
107 static int deferred_unmount_total_retries = 0;
108 SYSCTL_INT(_vfs_deferred_unmount, OID_AUTO, total_retries, CTLFLAG_RD,
109 &deferred_unmount_total_retries, 0,
110 "Total number of retried deferred unmounts");
111
112 MALLOC_DEFINE(M_MOUNT, "mount", "vfs mount structure");
113 MALLOC_DEFINE(M_STATFS, "statfs", "statfs structure");
114 static uma_zone_t mount_zone;
115
116 /* List of mounted filesystems. */
117 struct mntlist mountlist = TAILQ_HEAD_INITIALIZER(mountlist);
118
119 /* For any iteration/modification of mountlist */
120 struct mtx_padalign __exclusive_cache_line mountlist_mtx;
121
122 EVENTHANDLER_LIST_DEFINE(vfs_mounted);
123 EVENTHANDLER_LIST_DEFINE(vfs_unmounted);
124
125 static void vfs_deferred_unmount(void *arg, int pending);
126 static struct timeout_task deferred_unmount_task;
127 static struct mtx deferred_unmount_lock;
128 MTX_SYSINIT(deferred_unmount, &deferred_unmount_lock, "deferred_unmount",
129 MTX_DEF);
130 static STAILQ_HEAD(, mount) deferred_unmount_list =
131 STAILQ_HEAD_INITIALIZER(deferred_unmount_list);
132 TASKQUEUE_DEFINE_THREAD(deferred_unmount);
133
134 static void mount_devctl_event(const char *type, struct mount *mp, bool donew);
135
136 /*
137 * Global opts, taken by all filesystems
138 */
139 static const char *global_opts[] = {
140 "errmsg",
141 "fstype",
142 "fspath",
143 "ro",
144 "rw",
145 "nosuid",
146 "noexec",
147 NULL
148 };
149
150 static int
mount_init(void * mem,int size,int flags)151 mount_init(void *mem, int size, int flags)
152 {
153 struct mount *mp;
154
155 mp = (struct mount *)mem;
156 mtx_init(&mp->mnt_mtx, "struct mount mtx", NULL, MTX_DEF);
157 mtx_init(&mp->mnt_listmtx, "struct mount vlist mtx", NULL, MTX_DEF);
158 lockinit(&mp->mnt_explock, PVFS, "explock", 0, 0);
159 lockinit(&mp->mnt_renamelock, PVFS, "rename", 0, 0);
160 mp->mnt_pcpu = uma_zalloc_pcpu(pcpu_zone_16, M_WAITOK | M_ZERO);
161 mp->mnt_ref = 0;
162 mp->mnt_vfs_ops = 1;
163 mp->mnt_rootvnode = NULL;
164 return (0);
165 }
166
167 static void
mount_fini(void * mem,int size)168 mount_fini(void *mem, int size)
169 {
170 struct mount *mp;
171
172 mp = (struct mount *)mem;
173 uma_zfree_pcpu(pcpu_zone_16, mp->mnt_pcpu);
174 lockdestroy(&mp->mnt_renamelock);
175 lockdestroy(&mp->mnt_explock);
176 mtx_destroy(&mp->mnt_listmtx);
177 mtx_destroy(&mp->mnt_mtx);
178 }
179
180 static void
vfs_mount_init(void * dummy __unused)181 vfs_mount_init(void *dummy __unused)
182 {
183 TIMEOUT_TASK_INIT(taskqueue_deferred_unmount, &deferred_unmount_task,
184 0, vfs_deferred_unmount, NULL);
185 deferred_unmount_retry_delay_hz = hz;
186 mount_zone = uma_zcreate("Mountpoints", sizeof(struct mount), NULL,
187 NULL, mount_init, mount_fini, UMA_ALIGN_CACHE, UMA_ZONE_NOFREE);
188 mtx_init(&mountlist_mtx, "mountlist", NULL, MTX_DEF);
189 }
190 SYSINIT(vfs_mount, SI_SUB_VFS, SI_ORDER_ANY, vfs_mount_init, NULL);
191
192 /*
193 * ---------------------------------------------------------------------
194 * Functions for building and sanitizing the mount options
195 */
196
197 /* Remove one mount option. */
198 static void
vfs_freeopt(struct vfsoptlist * opts,struct vfsopt * opt)199 vfs_freeopt(struct vfsoptlist *opts, struct vfsopt *opt)
200 {
201
202 TAILQ_REMOVE(opts, opt, link);
203 free(opt->name, M_MOUNT);
204 if (opt->value != NULL)
205 free(opt->value, M_MOUNT);
206 free(opt, M_MOUNT);
207 }
208
209 /* Release all resources related to the mount options. */
210 void
vfs_freeopts(struct vfsoptlist * opts)211 vfs_freeopts(struct vfsoptlist *opts)
212 {
213 struct vfsopt *opt;
214
215 while (!TAILQ_EMPTY(opts)) {
216 opt = TAILQ_FIRST(opts);
217 vfs_freeopt(opts, opt);
218 }
219 free(opts, M_MOUNT);
220 }
221
222 void
vfs_deleteopt(struct vfsoptlist * opts,const char * name)223 vfs_deleteopt(struct vfsoptlist *opts, const char *name)
224 {
225 struct vfsopt *opt, *temp;
226
227 if (opts == NULL)
228 return;
229 TAILQ_FOREACH_SAFE(opt, opts, link, temp) {
230 if (strcmp(opt->name, name) == 0)
231 vfs_freeopt(opts, opt);
232 }
233 }
234
235 static int
vfs_isopt_ro(const char * opt)236 vfs_isopt_ro(const char *opt)
237 {
238
239 if (strcmp(opt, "ro") == 0 || strcmp(opt, "rdonly") == 0 ||
240 strcmp(opt, "norw") == 0)
241 return (1);
242 return (0);
243 }
244
245 static int
vfs_isopt_rw(const char * opt)246 vfs_isopt_rw(const char *opt)
247 {
248
249 if (strcmp(opt, "rw") == 0 || strcmp(opt, "noro") == 0)
250 return (1);
251 return (0);
252 }
253
254 /*
255 * Check if options are equal (with or without the "no" prefix).
256 */
257 static int
vfs_equalopts(const char * opt1,const char * opt2)258 vfs_equalopts(const char *opt1, const char *opt2)
259 {
260 char *p;
261
262 /* "opt" vs. "opt" or "noopt" vs. "noopt" */
263 if (strcmp(opt1, opt2) == 0)
264 return (1);
265 /* "noopt" vs. "opt" */
266 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0)
267 return (1);
268 /* "opt" vs. "noopt" */
269 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0)
270 return (1);
271 while ((p = strchr(opt1, '.')) != NULL &&
272 !strncmp(opt1, opt2, ++p - opt1)) {
273 opt2 += p - opt1;
274 opt1 = p;
275 /* "foo.noopt" vs. "foo.opt" */
276 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0)
277 return (1);
278 /* "foo.opt" vs. "foo.noopt" */
279 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0)
280 return (1);
281 }
282 /* "ro" / "rdonly" / "norw" / "rw" / "noro" */
283 if ((vfs_isopt_ro(opt1) || vfs_isopt_rw(opt1)) &&
284 (vfs_isopt_ro(opt2) || vfs_isopt_rw(opt2)))
285 return (1);
286 return (0);
287 }
288
289 /*
290 * If a mount option is specified several times,
291 * (with or without the "no" prefix) only keep
292 * the last occurrence of it.
293 */
294 static void
vfs_sanitizeopts(struct vfsoptlist * opts)295 vfs_sanitizeopts(struct vfsoptlist *opts)
296 {
297 struct vfsopt *opt, *opt2, *tmp;
298
299 TAILQ_FOREACH_REVERSE(opt, opts, vfsoptlist, link) {
300 opt2 = TAILQ_PREV(opt, vfsoptlist, link);
301 while (opt2 != NULL) {
302 if (vfs_equalopts(opt->name, opt2->name)) {
303 tmp = TAILQ_PREV(opt2, vfsoptlist, link);
304 vfs_freeopt(opts, opt2);
305 opt2 = tmp;
306 } else {
307 opt2 = TAILQ_PREV(opt2, vfsoptlist, link);
308 }
309 }
310 }
311 }
312
313 /*
314 * Build a linked list of mount options from a struct uio.
315 */
316 int
vfs_buildopts(struct uio * auio,struct vfsoptlist ** options)317 vfs_buildopts(struct uio *auio, struct vfsoptlist **options)
318 {
319 struct vfsoptlist *opts;
320 struct vfsopt *opt;
321 size_t memused, namelen, optlen;
322 unsigned int i, iovcnt;
323 int error;
324
325 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK);
326 TAILQ_INIT(opts);
327 memused = 0;
328 iovcnt = auio->uio_iovcnt;
329 for (i = 0; i < iovcnt; i += 2) {
330 namelen = auio->uio_iov[i].iov_len;
331 optlen = auio->uio_iov[i + 1].iov_len;
332 memused += sizeof(struct vfsopt) + optlen + namelen;
333 /*
334 * Avoid consuming too much memory, and attempts to overflow
335 * memused.
336 */
337 if (memused > VFS_MOUNTARG_SIZE_MAX ||
338 optlen > VFS_MOUNTARG_SIZE_MAX ||
339 namelen > VFS_MOUNTARG_SIZE_MAX) {
340 error = EINVAL;
341 goto bad;
342 }
343
344 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK);
345 opt->name = malloc(namelen, M_MOUNT, M_WAITOK);
346 opt->value = NULL;
347 opt->len = 0;
348 opt->pos = i / 2;
349 opt->seen = 0;
350
351 /*
352 * Do this early, so jumps to "bad" will free the current
353 * option.
354 */
355 TAILQ_INSERT_TAIL(opts, opt, link);
356
357 if (auio->uio_segflg == UIO_SYSSPACE) {
358 bcopy(auio->uio_iov[i].iov_base, opt->name, namelen);
359 } else {
360 error = copyin(auio->uio_iov[i].iov_base, opt->name,
361 namelen);
362 if (error)
363 goto bad;
364 }
365 /* Ensure names are null-terminated strings. */
366 if (namelen == 0 || opt->name[namelen - 1] != '\0') {
367 error = EINVAL;
368 goto bad;
369 }
370 if (optlen != 0) {
371 opt->len = optlen;
372 opt->value = malloc(optlen, M_MOUNT, M_WAITOK);
373 if (auio->uio_segflg == UIO_SYSSPACE) {
374 bcopy(auio->uio_iov[i + 1].iov_base, opt->value,
375 optlen);
376 } else {
377 error = copyin(auio->uio_iov[i + 1].iov_base,
378 opt->value, optlen);
379 if (error)
380 goto bad;
381 }
382 }
383 }
384 vfs_sanitizeopts(opts);
385 *options = opts;
386 return (0);
387 bad:
388 vfs_freeopts(opts);
389 return (error);
390 }
391
392 /*
393 * Merge the old mount options with the new ones passed
394 * in the MNT_UPDATE case.
395 *
396 * XXX: This function will keep a "nofoo" option in the new
397 * options. E.g, if the option's canonical name is "foo",
398 * "nofoo" ends up in the mount point's active options.
399 */
400 static void
vfs_mergeopts(struct vfsoptlist * toopts,struct vfsoptlist * oldopts)401 vfs_mergeopts(struct vfsoptlist *toopts, struct vfsoptlist *oldopts)
402 {
403 struct vfsopt *opt, *new;
404
405 TAILQ_FOREACH(opt, oldopts, link) {
406 new = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK);
407 new->name = strdup(opt->name, M_MOUNT);
408 if (opt->len != 0) {
409 new->value = malloc(opt->len, M_MOUNT, M_WAITOK);
410 bcopy(opt->value, new->value, opt->len);
411 } else
412 new->value = NULL;
413 new->len = opt->len;
414 new->seen = opt->seen;
415 TAILQ_INSERT_HEAD(toopts, new, link);
416 }
417 vfs_sanitizeopts(toopts);
418 }
419
420 /*
421 * Mount a filesystem.
422 */
423 #ifndef _SYS_SYSPROTO_H_
424 struct nmount_args {
425 struct iovec *iovp;
426 unsigned int iovcnt;
427 int flags;
428 };
429 #endif
430 int
sys_nmount(struct thread * td,struct nmount_args * uap)431 sys_nmount(struct thread *td, struct nmount_args *uap)
432 {
433 struct uio *auio;
434 int error;
435 u_int iovcnt;
436 uint64_t flags;
437
438 /*
439 * Mount flags are now 64-bits. On 32-bit archtectures only
440 * 32-bits are passed in, but from here on everything handles
441 * 64-bit flags correctly.
442 */
443 flags = uap->flags;
444
445 AUDIT_ARG_FFLAGS(flags);
446 CTR4(KTR_VFS, "%s: iovp %p with iovcnt %d and flags %d", __func__,
447 uap->iovp, uap->iovcnt, flags);
448
449 /*
450 * Filter out MNT_ROOTFS. We do not want clients of nmount() in
451 * userspace to set this flag, but we must filter it out if we want
452 * MNT_UPDATE on the root file system to work.
453 * MNT_ROOTFS should only be set by the kernel when mounting its
454 * root file system.
455 */
456 flags &= ~MNT_ROOTFS;
457
458 iovcnt = uap->iovcnt;
459 /*
460 * Check that we have an even number of iovec's
461 * and that we have at least two options.
462 */
463 if ((iovcnt & 1) || (iovcnt < 4)) {
464 CTR2(KTR_VFS, "%s: failed for invalid iovcnt %d", __func__,
465 uap->iovcnt);
466 return (EINVAL);
467 }
468
469 error = copyinuio(uap->iovp, iovcnt, &auio);
470 if (error) {
471 CTR2(KTR_VFS, "%s: failed for invalid uio op with %d errno",
472 __func__, error);
473 return (error);
474 }
475 error = vfs_donmount(td, flags, auio);
476
477 freeuio(auio);
478 return (error);
479 }
480
481 /*
482 * ---------------------------------------------------------------------
483 * Various utility functions
484 */
485
486 /*
487 * Get a reference on a mount point from a vnode.
488 *
489 * The vnode is allowed to be passed unlocked and race against dooming. Note in
490 * such case there are no guarantees the referenced mount point will still be
491 * associated with it after the function returns.
492 */
493 struct mount *
vfs_ref_from_vp(struct vnode * vp)494 vfs_ref_from_vp(struct vnode *vp)
495 {
496 struct mount *mp;
497 struct mount_pcpu *mpcpu;
498
499 mp = atomic_load_ptr(&vp->v_mount);
500 if (__predict_false(mp == NULL)) {
501 return (mp);
502 }
503 if (vfs_op_thread_enter(mp, &mpcpu)) {
504 if (__predict_true(mp == vp->v_mount)) {
505 vfs_mp_count_add_pcpu(mpcpu, ref, 1);
506 vfs_op_thread_exit(mp, mpcpu);
507 } else {
508 vfs_op_thread_exit(mp, mpcpu);
509 mp = NULL;
510 }
511 } else {
512 MNT_ILOCK(mp);
513 if (mp == vp->v_mount) {
514 MNT_REF(mp);
515 MNT_IUNLOCK(mp);
516 } else {
517 MNT_IUNLOCK(mp);
518 mp = NULL;
519 }
520 }
521 return (mp);
522 }
523
524 void
vfs_ref(struct mount * mp)525 vfs_ref(struct mount *mp)
526 {
527 struct mount_pcpu *mpcpu;
528
529 CTR2(KTR_VFS, "%s: mp %p", __func__, mp);
530 if (vfs_op_thread_enter(mp, &mpcpu)) {
531 vfs_mp_count_add_pcpu(mpcpu, ref, 1);
532 vfs_op_thread_exit(mp, mpcpu);
533 return;
534 }
535
536 MNT_ILOCK(mp);
537 MNT_REF(mp);
538 MNT_IUNLOCK(mp);
539 }
540
541 /*
542 * Register ump as an upper mount of the mount associated with
543 * vnode vp. This registration will be tracked through
544 * mount_upper_node upper, which should be allocated by the
545 * caller and stored in per-mount data associated with mp.
546 *
547 * If successful, this function will return the mount associated
548 * with vp, and will ensure that it cannot be unmounted until
549 * ump has been unregistered as one of its upper mounts.
550 *
551 * Upon failure this function will return NULL.
552 */
553 struct mount *
vfs_register_upper_from_vp(struct vnode * vp,struct mount * ump,struct mount_upper_node * upper)554 vfs_register_upper_from_vp(struct vnode *vp, struct mount *ump,
555 struct mount_upper_node *upper)
556 {
557 struct mount *mp;
558
559 mp = atomic_load_ptr(&vp->v_mount);
560 if (mp == NULL)
561 return (NULL);
562 MNT_ILOCK(mp);
563 if (mp != vp->v_mount ||
564 ((mp->mnt_kern_flag & (MNTK_UNMOUNT | MNTK_RECURSE)) != 0)) {
565 MNT_IUNLOCK(mp);
566 return (NULL);
567 }
568 KASSERT(ump != mp, ("upper and lower mounts are identical"));
569 upper->mp = ump;
570 MNT_REF(mp);
571 TAILQ_INSERT_TAIL(&mp->mnt_uppers, upper, mnt_upper_link);
572 MNT_IUNLOCK(mp);
573 return (mp);
574 }
575
576 /*
577 * Register upper mount ump to receive vnode unlink/reclaim
578 * notifications from lower mount mp. This registration will
579 * be tracked through mount_upper_node upper, which should be
580 * allocated by the caller and stored in per-mount data
581 * associated with mp.
582 *
583 * ump must already be registered as an upper mount of mp
584 * through a call to vfs_register_upper_from_vp().
585 */
586 void
vfs_register_for_notification(struct mount * mp,struct mount * ump,struct mount_upper_node * upper)587 vfs_register_for_notification(struct mount *mp, struct mount *ump,
588 struct mount_upper_node *upper)
589 {
590 upper->mp = ump;
591 MNT_ILOCK(mp);
592 TAILQ_INSERT_TAIL(&mp->mnt_notify, upper, mnt_upper_link);
593 MNT_IUNLOCK(mp);
594 }
595
596 static void
vfs_drain_upper_locked(struct mount * mp)597 vfs_drain_upper_locked(struct mount *mp)
598 {
599 mtx_assert(MNT_MTX(mp), MA_OWNED);
600 while (mp->mnt_upper_pending != 0) {
601 mp->mnt_kern_flag |= MNTK_UPPER_WAITER;
602 msleep(&mp->mnt_uppers, MNT_MTX(mp), 0, "mntupw", 0);
603 }
604 }
605
606 /*
607 * Undo a previous call to vfs_register_for_notification().
608 * The mount represented by upper must be currently registered
609 * as an upper mount for mp.
610 */
611 void
vfs_unregister_for_notification(struct mount * mp,struct mount_upper_node * upper)612 vfs_unregister_for_notification(struct mount *mp,
613 struct mount_upper_node *upper)
614 {
615 MNT_ILOCK(mp);
616 vfs_drain_upper_locked(mp);
617 TAILQ_REMOVE(&mp->mnt_notify, upper, mnt_upper_link);
618 MNT_IUNLOCK(mp);
619 }
620
621 /*
622 * Undo a previous call to vfs_register_upper_from_vp().
623 * This must be done before mp can be unmounted.
624 */
625 void
vfs_unregister_upper(struct mount * mp,struct mount_upper_node * upper)626 vfs_unregister_upper(struct mount *mp, struct mount_upper_node *upper)
627 {
628 MNT_ILOCK(mp);
629 KASSERT((mp->mnt_kern_flag & MNTK_UNMOUNT) == 0,
630 ("registered upper with pending unmount"));
631 vfs_drain_upper_locked(mp);
632 TAILQ_REMOVE(&mp->mnt_uppers, upper, mnt_upper_link);
633 if ((mp->mnt_kern_flag & MNTK_TASKQUEUE_WAITER) != 0 &&
634 TAILQ_EMPTY(&mp->mnt_uppers)) {
635 mp->mnt_kern_flag &= ~MNTK_TASKQUEUE_WAITER;
636 wakeup(&mp->mnt_taskqueue_link);
637 }
638 MNT_REL(mp);
639 MNT_IUNLOCK(mp);
640 }
641
642 void
vfs_rel(struct mount * mp)643 vfs_rel(struct mount *mp)
644 {
645 struct mount_pcpu *mpcpu;
646
647 CTR2(KTR_VFS, "%s: mp %p", __func__, mp);
648 if (vfs_op_thread_enter(mp, &mpcpu)) {
649 vfs_mp_count_sub_pcpu(mpcpu, ref, 1);
650 vfs_op_thread_exit(mp, mpcpu);
651 return;
652 }
653
654 MNT_ILOCK(mp);
655 MNT_REL(mp);
656 MNT_IUNLOCK(mp);
657 }
658
659 /*
660 * Allocate and initialize the mount point struct.
661 */
662 struct mount *
vfs_mount_alloc(struct vnode * vp,struct vfsconf * vfsp,const char * fspath,struct ucred * cred)663 vfs_mount_alloc(struct vnode *vp, struct vfsconf *vfsp, const char *fspath,
664 struct ucred *cred)
665 {
666 struct mount *mp;
667
668 mp = uma_zalloc(mount_zone, M_WAITOK);
669 bzero(&mp->mnt_startzero,
670 __rangeof(struct mount, mnt_startzero, mnt_endzero));
671 mp->mnt_kern_flag = 0;
672 mp->mnt_flag = 0;
673 mp->mnt_rootvnode = NULL;
674 mp->mnt_vnodecovered = NULL;
675 mp->mnt_op = NULL;
676 mp->mnt_vfc = NULL;
677 TAILQ_INIT(&mp->mnt_nvnodelist);
678 mp->mnt_nvnodelistsize = 0;
679 TAILQ_INIT(&mp->mnt_lazyvnodelist);
680 mp->mnt_lazyvnodelistsize = 0;
681 MPPASS(mp->mnt_ref == 0 && mp->mnt_lockref == 0 &&
682 mp->mnt_writeopcount == 0, mp);
683 MPASSERT(mp->mnt_vfs_ops == 1, mp,
684 ("vfs_ops should be 1 but %d found", mp->mnt_vfs_ops));
685 (void) vfs_busy(mp, MBF_NOWAIT);
686 mp->mnt_op = vfsp->vfc_vfsops;
687 mp->mnt_vfc = vfsp;
688 mp->mnt_stat.f_type = vfsp->vfc_typenum;
689 mp->mnt_gen++;
690 strlcpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN);
691 mp->mnt_vnodecovered = vp;
692 mp->mnt_cred = crdup(cred);
693 mp->mnt_stat.f_owner = cred->cr_uid;
694 strlcpy(mp->mnt_stat.f_mntonname, fspath, MNAMELEN);
695 mp->mnt_iosize_max = DFLTPHYS;
696 #ifdef MAC
697 mac_mount_init(mp);
698 mac_mount_create(cred, mp);
699 #endif
700 arc4rand(&mp->mnt_hashseed, sizeof mp->mnt_hashseed, 0);
701 mp->mnt_upper_pending = 0;
702 TAILQ_INIT(&mp->mnt_uppers);
703 TAILQ_INIT(&mp->mnt_notify);
704 mp->mnt_taskqueue_flags = 0;
705 mp->mnt_unmount_retries = 0;
706 return (mp);
707 }
708
709 /*
710 * Destroy the mount struct previously allocated by vfs_mount_alloc().
711 */
712 void
vfs_mount_destroy(struct mount * mp)713 vfs_mount_destroy(struct mount *mp)
714 {
715
716 MPPASS(mp->mnt_vfs_ops != 0, mp);
717
718 vfs_assert_mount_counters(mp);
719
720 MNT_ILOCK(mp);
721 mp->mnt_kern_flag |= MNTK_REFEXPIRE;
722 if (mp->mnt_kern_flag & MNTK_MWAIT) {
723 mp->mnt_kern_flag &= ~MNTK_MWAIT;
724 wakeup(mp);
725 }
726 while (mp->mnt_ref)
727 msleep(mp, MNT_MTX(mp), PVFS, "mntref", 0);
728 KASSERT(mp->mnt_ref == 0,
729 ("%s: invalid refcount in the drain path @ %s:%d", __func__,
730 __FILE__, __LINE__));
731 MPPASS(mp->mnt_writeopcount == 0, mp);
732 MPPASS(mp->mnt_secondary_writes == 0, mp);
733 if (!TAILQ_EMPTY(&mp->mnt_nvnodelist)) {
734 struct vnode *vp;
735
736 TAILQ_FOREACH(vp, &mp->mnt_nvnodelist, v_nmntvnodes)
737 vn_printf(vp, "dangling vnode ");
738 panic("unmount: dangling vnode");
739 }
740 KASSERT(mp->mnt_upper_pending == 0, ("mnt_upper_pending"));
741 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers"));
742 KASSERT(TAILQ_EMPTY(&mp->mnt_notify), ("mnt_notify"));
743 MPPASS(mp->mnt_nvnodelistsize == 0, mp);
744 MPPASS(mp->mnt_lazyvnodelistsize == 0, mp);
745 MPPASS(mp->mnt_lockref == 0, mp);
746 MNT_IUNLOCK(mp);
747
748 MPASSERT(mp->mnt_vfs_ops == 1, mp,
749 ("vfs_ops should be 1 but %d found", mp->mnt_vfs_ops));
750
751 MPASSERT(mp->mnt_rootvnode == NULL, mp,
752 ("mount point still has a root vnode %p", mp->mnt_rootvnode));
753
754 if (mp->mnt_vnodecovered != NULL)
755 vrele(mp->mnt_vnodecovered);
756 #ifdef MAC
757 mac_mount_destroy(mp);
758 #endif
759 if (mp->mnt_opt != NULL)
760 vfs_freeopts(mp->mnt_opt);
761 if (mp->mnt_exjail != NULL) {
762 atomic_subtract_int(&mp->mnt_exjail->cr_prison->pr_exportcnt,
763 1);
764 crfree(mp->mnt_exjail);
765 }
766 if (mp->mnt_export != NULL) {
767 vfs_free_addrlist(mp->mnt_export);
768 free(mp->mnt_export, M_MOUNT);
769 }
770 vfsconf_lock();
771 mp->mnt_vfc->vfc_refcount--;
772 vfsconf_unlock();
773 crfree(mp->mnt_cred);
774 uma_zfree(mount_zone, mp);
775 }
776
777 static bool
vfs_should_downgrade_to_ro_mount(uint64_t fsflags,int error)778 vfs_should_downgrade_to_ro_mount(uint64_t fsflags, int error)
779 {
780 /* This is an upgrade of an exisiting mount. */
781 if ((fsflags & MNT_UPDATE) != 0)
782 return (false);
783 /* This is already an R/O mount. */
784 if ((fsflags & MNT_RDONLY) != 0)
785 return (false);
786
787 switch (error) {
788 case ENODEV: /* generic, geom, ... */
789 case EACCES: /* cam/scsi, ... */
790 case EROFS: /* md, mmcsd, ... */
791 /*
792 * These errors can be returned by the storage layer to signal
793 * that the media is read-only. No harm in the R/O mount
794 * attempt if the error was returned for some other reason.
795 */
796 return (true);
797 default:
798 return (false);
799 }
800 }
801
802 int
vfs_donmount(struct thread * td,uint64_t fsflags,struct uio * fsoptions)803 vfs_donmount(struct thread *td, uint64_t fsflags, struct uio *fsoptions)
804 {
805 struct vfsoptlist *optlist;
806 struct vfsopt *opt, *tmp_opt;
807 char *fstype, *fspath, *errmsg;
808 int error, fstypelen, fspathlen, errmsg_len, errmsg_pos;
809 bool autoro, has_nonexport, only_export, jail_export;
810
811 errmsg = fspath = NULL;
812 errmsg_len = fspathlen = 0;
813 errmsg_pos = -1;
814 autoro = default_autoro;
815
816 error = vfs_buildopts(fsoptions, &optlist);
817 if (error)
818 return (error);
819
820 if (vfs_getopt(optlist, "errmsg", (void **)&errmsg, &errmsg_len) == 0)
821 errmsg_pos = vfs_getopt_pos(optlist, "errmsg");
822
823 /*
824 * We need these two options before the others,
825 * and they are mandatory for any filesystem.
826 * Ensure they are NUL terminated as well.
827 */
828 fstypelen = 0;
829 error = vfs_getopt(optlist, "fstype", (void **)&fstype, &fstypelen);
830 if (error || fstypelen <= 0 || fstype[fstypelen - 1] != '\0') {
831 error = EINVAL;
832 if (errmsg != NULL)
833 strncpy(errmsg, "Invalid fstype", errmsg_len);
834 goto bail;
835 }
836 fspathlen = 0;
837 error = vfs_getopt(optlist, "fspath", (void **)&fspath, &fspathlen);
838 if (error || fspathlen <= 0 || fspath[fspathlen - 1] != '\0') {
839 error = EINVAL;
840 if (errmsg != NULL)
841 strncpy(errmsg, "Invalid fspath", errmsg_len);
842 goto bail;
843 }
844
845 /*
846 * Check to see that "export" is only used with the "update", "fstype",
847 * "fspath", "from" and "errmsg" options when in a vnet jail.
848 * These are the ones used to set/update exports by mountd(8).
849 * If only the above options are set in a jail that can run mountd(8),
850 * then the jail_export argument of vfs_domount() will be true.
851 * When jail_export is true, the vfs_suser() check does not cause
852 * failure, but limits the update to exports only.
853 * This allows mountd(8) running within the vnet jail
854 * to export file systems visible within the jail, but
855 * mounted outside of the jail.
856 */
857 /*
858 * We need to see if we have the "update" option
859 * before we call vfs_domount(), since vfs_domount() has special
860 * logic based on MNT_UPDATE. This is very important
861 * when we want to update the root filesystem.
862 */
863 has_nonexport = false;
864 only_export = false;
865 TAILQ_FOREACH_SAFE(opt, optlist, link, tmp_opt) {
866 int do_freeopt = 0;
867
868 if (strcmp(opt->name, "export") != 0 &&
869 strcmp(opt->name, "update") != 0 &&
870 strcmp(opt->name, "fstype") != 0 &&
871 strcmp(opt->name, "fspath") != 0 &&
872 strcmp(opt->name, "from") != 0 &&
873 strcmp(opt->name, "errmsg") != 0)
874 has_nonexport = true;
875 if (strcmp(opt->name, "update") == 0) {
876 fsflags |= MNT_UPDATE;
877 do_freeopt = 1;
878 }
879 else if (strcmp(opt->name, "async") == 0)
880 fsflags |= MNT_ASYNC;
881 else if (strcmp(opt->name, "force") == 0) {
882 fsflags |= MNT_FORCE;
883 do_freeopt = 1;
884 }
885 else if (strcmp(opt->name, "reload") == 0) {
886 fsflags |= MNT_RELOAD;
887 do_freeopt = 1;
888 }
889 else if (strcmp(opt->name, "multilabel") == 0)
890 fsflags |= MNT_MULTILABEL;
891 else if (strcmp(opt->name, "noasync") == 0)
892 fsflags &= ~MNT_ASYNC;
893 else if (strcmp(opt->name, "noatime") == 0)
894 fsflags |= MNT_NOATIME;
895 else if (strcmp(opt->name, "atime") == 0) {
896 free(opt->name, M_MOUNT);
897 opt->name = strdup("nonoatime", M_MOUNT);
898 }
899 else if (strcmp(opt->name, "noclusterr") == 0)
900 fsflags |= MNT_NOCLUSTERR;
901 else if (strcmp(opt->name, "clusterr") == 0) {
902 free(opt->name, M_MOUNT);
903 opt->name = strdup("nonoclusterr", M_MOUNT);
904 }
905 else if (strcmp(opt->name, "noclusterw") == 0)
906 fsflags |= MNT_NOCLUSTERW;
907 else if (strcmp(opt->name, "clusterw") == 0) {
908 free(opt->name, M_MOUNT);
909 opt->name = strdup("nonoclusterw", M_MOUNT);
910 }
911 else if (strcmp(opt->name, "noexec") == 0)
912 fsflags |= MNT_NOEXEC;
913 else if (strcmp(opt->name, "exec") == 0) {
914 free(opt->name, M_MOUNT);
915 opt->name = strdup("nonoexec", M_MOUNT);
916 }
917 else if (strcmp(opt->name, "nosuid") == 0)
918 fsflags |= MNT_NOSUID;
919 else if (strcmp(opt->name, "suid") == 0) {
920 free(opt->name, M_MOUNT);
921 opt->name = strdup("nonosuid", M_MOUNT);
922 }
923 else if (strcmp(opt->name, "nosymfollow") == 0)
924 fsflags |= MNT_NOSYMFOLLOW;
925 else if (strcmp(opt->name, "symfollow") == 0) {
926 free(opt->name, M_MOUNT);
927 opt->name = strdup("nonosymfollow", M_MOUNT);
928 }
929 else if (strcmp(opt->name, "noro") == 0) {
930 fsflags &= ~MNT_RDONLY;
931 autoro = false;
932 }
933 else if (strcmp(opt->name, "rw") == 0) {
934 fsflags &= ~MNT_RDONLY;
935 autoro = false;
936 }
937 else if (strcmp(opt->name, "ro") == 0) {
938 fsflags |= MNT_RDONLY;
939 autoro = false;
940 }
941 else if (strcmp(opt->name, "rdonly") == 0) {
942 free(opt->name, M_MOUNT);
943 opt->name = strdup("ro", M_MOUNT);
944 fsflags |= MNT_RDONLY;
945 autoro = false;
946 }
947 else if (strcmp(opt->name, "autoro") == 0) {
948 do_freeopt = 1;
949 autoro = true;
950 }
951 else if (strcmp(opt->name, "suiddir") == 0)
952 fsflags |= MNT_SUIDDIR;
953 else if (strcmp(opt->name, "sync") == 0)
954 fsflags |= MNT_SYNCHRONOUS;
955 else if (strcmp(opt->name, "union") == 0)
956 fsflags |= MNT_UNION;
957 else if (strcmp(opt->name, "export") == 0) {
958 fsflags |= MNT_EXPORTED;
959 only_export = true;
960 } else if (strcmp(opt->name, "automounted") == 0) {
961 fsflags |= MNT_AUTOMOUNTED;
962 do_freeopt = 1;
963 } else if (strcmp(opt->name, "nocover") == 0) {
964 fsflags |= MNT_NOCOVER;
965 do_freeopt = 1;
966 } else if (strcmp(opt->name, "cover") == 0) {
967 fsflags &= ~MNT_NOCOVER;
968 do_freeopt = 1;
969 } else if (strcmp(opt->name, "emptydir") == 0) {
970 fsflags |= MNT_EMPTYDIR;
971 do_freeopt = 1;
972 } else if (strcmp(opt->name, "noemptydir") == 0) {
973 fsflags &= ~MNT_EMPTYDIR;
974 do_freeopt = 1;
975 }
976 if (do_freeopt)
977 vfs_freeopt(optlist, opt);
978 }
979
980 /*
981 * Be ultra-paranoid about making sure the type and fspath
982 * variables will fit in our mp buffers, including the
983 * terminating NUL.
984 */
985 if (fstypelen > MFSNAMELEN || fspathlen > MNAMELEN) {
986 error = ENAMETOOLONG;
987 goto bail;
988 }
989
990 /*
991 * only_export is set to true only if exports are being
992 * updated and nothing else is being updated.
993 */
994 if (has_nonexport)
995 only_export = false;
996 /*
997 * If only_export is true and the caller is running within a
998 * vnet prison that can run mountd(8), set jail_export true.
999 */
1000 jail_export = false;
1001 if (only_export && jailed(td->td_ucred) &&
1002 prison_check_nfsd(td->td_ucred))
1003 jail_export = true;
1004
1005 error = vfs_domount(td, fstype, fspath, fsflags, only_export,
1006 jail_export, &optlist);
1007 if (error == ENODEV) {
1008 error = EINVAL;
1009 if (errmsg != NULL)
1010 strncpy(errmsg, "Invalid fstype", errmsg_len);
1011 goto bail;
1012 }
1013
1014 /*
1015 * See if we can mount in the read-only mode if the error code suggests
1016 * that it could be possible and the mount options allow for that.
1017 * Never try it if "[no]{ro|rw}" has been explicitly requested and not
1018 * overridden by "autoro".
1019 */
1020 if (autoro && vfs_should_downgrade_to_ro_mount(fsflags, error)) {
1021 printf("%s: R/W mount failed, possibly R/O media,"
1022 " trying R/O mount\n", __func__);
1023 fsflags |= MNT_RDONLY;
1024 error = vfs_domount(td, fstype, fspath, fsflags, only_export,
1025 jail_export, &optlist);
1026 }
1027 bail:
1028 /* copyout the errmsg */
1029 if (errmsg_pos != -1 && ((2 * errmsg_pos + 1) < fsoptions->uio_iovcnt)
1030 && errmsg_len > 0 && errmsg != NULL) {
1031 if (fsoptions->uio_segflg == UIO_SYSSPACE) {
1032 bcopy(errmsg,
1033 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base,
1034 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len);
1035 } else {
1036 (void)copyout(errmsg,
1037 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base,
1038 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len);
1039 }
1040 }
1041
1042 if (optlist != NULL)
1043 vfs_freeopts(optlist);
1044 return (error);
1045 }
1046
1047 /*
1048 * Old mount API.
1049 */
1050 #ifndef _SYS_SYSPROTO_H_
1051 struct mount_args {
1052 char *type;
1053 char *path;
1054 int flags;
1055 caddr_t data;
1056 };
1057 #endif
1058 /* ARGSUSED */
1059 int
sys_mount(struct thread * td,struct mount_args * uap)1060 sys_mount(struct thread *td, struct mount_args *uap)
1061 {
1062 char *fstype;
1063 struct vfsconf *vfsp = NULL;
1064 struct mntarg *ma = NULL;
1065 uint64_t flags;
1066 int error;
1067
1068 /*
1069 * Mount flags are now 64-bits. On 32-bit architectures only
1070 * 32-bits are passed in, but from here on everything handles
1071 * 64-bit flags correctly.
1072 */
1073 flags = uap->flags;
1074
1075 AUDIT_ARG_FFLAGS(flags);
1076
1077 /*
1078 * Filter out MNT_ROOTFS. We do not want clients of mount() in
1079 * userspace to set this flag, but we must filter it out if we want
1080 * MNT_UPDATE on the root file system to work.
1081 * MNT_ROOTFS should only be set by the kernel when mounting its
1082 * root file system.
1083 */
1084 flags &= ~MNT_ROOTFS;
1085
1086 fstype = malloc(MFSNAMELEN, M_TEMP, M_WAITOK);
1087 error = copyinstr(uap->type, fstype, MFSNAMELEN, NULL);
1088 if (error) {
1089 free(fstype, M_TEMP);
1090 return (error);
1091 }
1092
1093 AUDIT_ARG_TEXT(fstype);
1094 vfsp = vfs_byname_kld(fstype, td, &error);
1095 free(fstype, M_TEMP);
1096 if (vfsp == NULL)
1097 return (EINVAL);
1098 if (((vfsp->vfc_flags & VFCF_SBDRY) != 0 &&
1099 vfsp->vfc_vfsops_sd->vfs_cmount == NULL) ||
1100 ((vfsp->vfc_flags & VFCF_SBDRY) == 0 &&
1101 vfsp->vfc_vfsops->vfs_cmount == NULL))
1102 return (EOPNOTSUPP);
1103
1104 ma = mount_argsu(ma, "fstype", uap->type, MFSNAMELEN);
1105 ma = mount_argsu(ma, "fspath", uap->path, MNAMELEN);
1106 ma = mount_argb(ma, flags & MNT_RDONLY, "noro");
1107 ma = mount_argb(ma, !(flags & MNT_NOSUID), "nosuid");
1108 ma = mount_argb(ma, !(flags & MNT_NOEXEC), "noexec");
1109
1110 if ((vfsp->vfc_flags & VFCF_SBDRY) != 0)
1111 return (vfsp->vfc_vfsops_sd->vfs_cmount(ma, uap->data, flags));
1112 return (vfsp->vfc_vfsops->vfs_cmount(ma, uap->data, flags));
1113 }
1114
1115 /*
1116 * vfs_domount_first(): first file system mount (not update)
1117 */
1118 static int
vfs_domount_first(struct thread * td,struct vfsconf * vfsp,char * fspath,struct vnode * vp,uint64_t fsflags,struct vfsoptlist ** optlist)1119 vfs_domount_first(
1120 struct thread *td, /* Calling thread. */
1121 struct vfsconf *vfsp, /* File system type. */
1122 char *fspath, /* Mount path. */
1123 struct vnode *vp, /* Vnode to be covered. */
1124 uint64_t fsflags, /* Flags common to all filesystems. */
1125 struct vfsoptlist **optlist /* Options local to the filesystem. */
1126 )
1127 {
1128 struct vattr va;
1129 struct mount *mp;
1130 struct vnode *newdp, *rootvp;
1131 int error, error1;
1132 bool unmounted;
1133
1134 ASSERT_VOP_ELOCKED(vp, __func__);
1135 KASSERT((fsflags & MNT_UPDATE) == 0, ("MNT_UPDATE shouldn't be here"));
1136
1137 /*
1138 * If the jail of the calling thread lacks permission for this type of
1139 * file system, or is trying to cover its own root, deny immediately.
1140 */
1141 if (jailed(td->td_ucred) && (!prison_allow(td->td_ucred,
1142 vfsp->vfc_prison_flag) || vp == td->td_ucred->cr_prison->pr_root)) {
1143 vput(vp);
1144 vfs_unref_vfsconf(vfsp);
1145 return (EPERM);
1146 }
1147
1148 /*
1149 * If the user is not root, ensure that they own the directory
1150 * onto which we are attempting to mount.
1151 */
1152 error = VOP_GETATTR(vp, &va, td->td_ucred);
1153 if (error == 0 && va.va_uid != td->td_ucred->cr_uid)
1154 error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN);
1155 #ifdef MAC
1156 /*
1157 * XXX XNU also has a check_mount_late variant, which takes the
1158 * struct mount instead and gives MAC visibility into, e.g.,
1159 * f_mntfromname and other facts.
1160 */
1161 if (error == 0) {
1162 error = mac_mount_check_mount(td->td_ucred, vp, vfsp,
1163 optlist, fsflags);
1164 }
1165 #endif
1166 if (error == 0)
1167 error = vinvalbuf(vp, V_SAVE, 0, 0);
1168 if (vfsp->vfc_flags & VFCF_FILEMOUNT) {
1169 if (error == 0 && vp->v_type != VDIR && vp->v_type != VREG)
1170 error = EINVAL;
1171 /*
1172 * For file mounts, ensure that there is only one hardlink to the file.
1173 */
1174 if (error == 0 && vp->v_type == VREG && va.va_nlink != 1)
1175 error = EINVAL;
1176 } else {
1177 if (error == 0 && vp->v_type != VDIR)
1178 error = ENOTDIR;
1179 }
1180 if (error == 0 && (fsflags & MNT_EMPTYDIR) != 0)
1181 error = vn_dir_check_empty(vp);
1182 if (error == 0) {
1183 VI_LOCK(vp);
1184 if ((vp->v_iflag & VI_MOUNT) == 0 && vp->v_mountedhere == NULL)
1185 vp->v_iflag |= VI_MOUNT;
1186 else
1187 error = EBUSY;
1188 VI_UNLOCK(vp);
1189 }
1190 if (error != 0) {
1191 vput(vp);
1192 vfs_unref_vfsconf(vfsp);
1193 return (error);
1194 }
1195 vn_seqc_write_begin(vp);
1196 VOP_UNLOCK(vp);
1197
1198 /* Allocate and initialize the filesystem. */
1199 mp = vfs_mount_alloc(vp, vfsp, fspath, td->td_ucred);
1200 /* XXXMAC: pass to vfs_mount_alloc? */
1201 mp->mnt_optnew = *optlist;
1202 /* Set the mount level flags. */
1203 mp->mnt_flag = (fsflags &
1204 (MNT_UPDATEMASK | MNT_ROOTFS | MNT_RDONLY | MNT_FORCE));
1205
1206 /*
1207 * Mount the filesystem.
1208 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they
1209 * get. No freeing of cn_pnbuf.
1210 */
1211 error1 = 0;
1212 unmounted = true;
1213 if ((error = VFS_MOUNT(mp)) != 0 ||
1214 (error1 = VFS_STATFS(mp, &mp->mnt_stat)) != 0 ||
1215 (error1 = VFS_ROOT(mp, LK_EXCLUSIVE, &newdp)) != 0) {
1216 rootvp = NULL;
1217 if (error1 != 0) {
1218 MPASS(error == 0);
1219 rootvp = vfs_cache_root_clear(mp);
1220 if (rootvp != NULL) {
1221 vhold(rootvp);
1222 vrele(rootvp);
1223 }
1224 (void)vn_start_write(NULL, &mp, V_WAIT);
1225 MNT_ILOCK(mp);
1226 mp->mnt_kern_flag |= MNTK_UNMOUNT | MNTK_UNMOUNTF;
1227 MNT_IUNLOCK(mp);
1228 VFS_PURGE(mp);
1229 error = VFS_UNMOUNT(mp, 0);
1230 vn_finished_write(mp);
1231 if (error != 0) {
1232 printf(
1233 "failed post-mount (%d): rollback unmount returned %d\n",
1234 error1, error);
1235 unmounted = false;
1236 }
1237 error = error1;
1238 }
1239 vfs_unbusy(mp);
1240 mp->mnt_vnodecovered = NULL;
1241 if (unmounted) {
1242 /* XXXKIB wait for mnt_lockref drain? */
1243 vfs_mount_destroy(mp);
1244 }
1245 VI_LOCK(vp);
1246 vp->v_iflag &= ~VI_MOUNT;
1247 VI_UNLOCK(vp);
1248 if (rootvp != NULL) {
1249 vn_seqc_write_end(rootvp);
1250 vdrop(rootvp);
1251 }
1252 vn_seqc_write_end(vp);
1253 vrele(vp);
1254 return (error);
1255 }
1256 vn_seqc_write_begin(newdp);
1257 VOP_UNLOCK(newdp);
1258
1259 if (mp->mnt_opt != NULL)
1260 vfs_freeopts(mp->mnt_opt);
1261 mp->mnt_opt = mp->mnt_optnew;
1262 *optlist = NULL;
1263
1264 /*
1265 * Prevent external consumers of mount options from reading mnt_optnew.
1266 */
1267 mp->mnt_optnew = NULL;
1268
1269 MNT_ILOCK(mp);
1270 if ((mp->mnt_flag & MNT_ASYNC) != 0 &&
1271 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0)
1272 mp->mnt_kern_flag |= MNTK_ASYNC;
1273 else
1274 mp->mnt_kern_flag &= ~MNTK_ASYNC;
1275 MNT_IUNLOCK(mp);
1276
1277 /*
1278 * VIRF_MOUNTPOINT and v_mountedhere need to be set under the
1279 * vp lock to satisfy vfs_lookup() requirements.
1280 */
1281 VOP_LOCK(vp, LK_EXCLUSIVE | LK_RETRY);
1282 VI_LOCK(vp);
1283 vn_irflag_set_locked(vp, VIRF_MOUNTPOINT);
1284 vp->v_mountedhere = mp;
1285 VI_UNLOCK(vp);
1286 VOP_UNLOCK(vp);
1287 cache_purge(vp);
1288
1289 /*
1290 * We need to lock both vnodes.
1291 *
1292 * Use vn_lock_pair to avoid establishing an ordering between vnodes
1293 * from different filesystems.
1294 */
1295 error1 = vn_lock_pair(vp, false, LK_EXCLUSIVE, newdp, false,
1296 LK_EXCLUSIVE);
1297
1298 VI_LOCK(vp);
1299 vp->v_iflag &= ~VI_MOUNT;
1300 VI_UNLOCK(vp);
1301 /* Place the new filesystem at the end of the mount list. */
1302 mtx_lock(&mountlist_mtx);
1303 TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list);
1304 mtx_unlock(&mountlist_mtx);
1305 vfs_event_signal(NULL, VQ_MOUNT, 0);
1306 if (error1 == 0)
1307 VOP_UNLOCK(vp);
1308 else
1309 MPASS(error1 == EDEADLK);
1310 EVENTHANDLER_DIRECT_INVOKE(vfs_mounted, mp, newdp, td);
1311 VOP_UNLOCK(newdp);
1312 mount_devctl_event("MOUNT", mp, false);
1313 mountcheckdirs(vp, newdp);
1314 vn_seqc_write_end(vp);
1315 vn_seqc_write_end(newdp);
1316 vrele(newdp);
1317 if ((mp->mnt_flag & MNT_RDONLY) == 0)
1318 vfs_allocate_syncvnode(mp);
1319 vfs_op_exit(mp);
1320 vfs_unbusy(mp);
1321 return (0);
1322 }
1323
1324 /*
1325 * vfs_domount_update(): update of mounted file system
1326 */
1327 static int
vfs_domount_update(struct thread * td,struct vnode * vp,uint64_t fsflags,bool only_export,bool jail_export,struct vfsoptlist ** optlist)1328 vfs_domount_update(
1329 struct thread *td, /* Calling thread. */
1330 struct vnode *vp, /* Mount point vnode. */
1331 uint64_t fsflags, /* Flags common to all filesystems. */
1332 bool only_export, /* Got export option. */
1333 bool jail_export, /* Got export option in vnet prison. */
1334 struct vfsoptlist **optlist /* Options local to the filesystem. */
1335 )
1336 {
1337 struct export_args export;
1338 struct o2export_args o2export;
1339 struct vnode *rootvp;
1340 void *bufp;
1341 struct mount *mp;
1342 int error, export_error, i, len, fsid_up_len;
1343 uint64_t flag, mnt_union;
1344 gid_t *grps;
1345 fsid_t *fsid_up;
1346 bool vfs_suser_failed;
1347
1348 ASSERT_VOP_ELOCKED(vp, __func__);
1349 KASSERT((fsflags & MNT_UPDATE) != 0, ("MNT_UPDATE should be here"));
1350 mp = vp->v_mount;
1351
1352 if ((vp->v_vflag & VV_ROOT) == 0) {
1353 if (vfs_copyopt(*optlist, "export", &export, sizeof(export))
1354 == 0)
1355 error = EXDEV;
1356 else
1357 error = EINVAL;
1358 vput(vp);
1359 return (error);
1360 }
1361
1362 /*
1363 * We only allow the filesystem to be reloaded if it
1364 * is currently mounted read-only.
1365 */
1366 flag = mp->mnt_flag;
1367 if ((fsflags & MNT_RELOAD) != 0 && (flag & MNT_RDONLY) == 0) {
1368 vput(vp);
1369 return (EOPNOTSUPP); /* Needs translation */
1370 }
1371 /*
1372 * Only privileged root, or (if MNT_USER is set) the user that
1373 * did the original mount is permitted to update it.
1374 */
1375 /*
1376 * For the case of mountd(8) doing exports in a jail, the vfs_suser()
1377 * call does not cause failure. vfs_domount() has already checked
1378 * that "root" is doing this and vfs_suser() will fail when
1379 * the file system has been mounted outside the jail.
1380 * jail_export set true indicates that "export" is not mixed
1381 * with other options that change mount behaviour.
1382 */
1383 vfs_suser_failed = false;
1384 error = vfs_suser(mp, td);
1385 if (jail_export && error != 0) {
1386 error = 0;
1387 vfs_suser_failed = true;
1388 }
1389 #ifdef MAC
1390 if (error == 0) {
1391 error = mac_mount_check_update(td->td_ucred, mp, optlist,
1392 fsflags);
1393 }
1394 #endif
1395 if (error != 0) {
1396 vput(vp);
1397 return (error);
1398 }
1399 if (vfs_busy(mp, MBF_NOWAIT)) {
1400 vput(vp);
1401 return (EBUSY);
1402 }
1403 VI_LOCK(vp);
1404 if ((vp->v_iflag & VI_MOUNT) != 0 || vp->v_mountedhere != NULL) {
1405 VI_UNLOCK(vp);
1406 vfs_unbusy(mp);
1407 vput(vp);
1408 return (EBUSY);
1409 }
1410 vp->v_iflag |= VI_MOUNT;
1411 VI_UNLOCK(vp);
1412 VOP_UNLOCK(vp);
1413
1414 rootvp = NULL;
1415 vfs_op_enter(mp);
1416 vn_seqc_write_begin(vp);
1417
1418 if (vfs_getopt(*optlist, "fsid", (void **)&fsid_up,
1419 &fsid_up_len) == 0) {
1420 if (fsid_up_len != sizeof(*fsid_up)) {
1421 error = EINVAL;
1422 goto end;
1423 }
1424 if (fsidcmp(fsid_up, &mp->mnt_stat.f_fsid) != 0) {
1425 error = ENOENT;
1426 goto end;
1427 }
1428 vfs_deleteopt(*optlist, "fsid");
1429 }
1430
1431 mnt_union = 0;
1432 MNT_ILOCK(mp);
1433 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0) {
1434 MNT_IUNLOCK(mp);
1435 error = EBUSY;
1436 goto end;
1437 }
1438 if (vfs_suser_failed) {
1439 KASSERT((fsflags & (MNT_EXPORTED | MNT_UPDATE)) ==
1440 (MNT_EXPORTED | MNT_UPDATE),
1441 ("%s: jailed export did not set expected fsflags",
1442 __func__));
1443 /*
1444 * For this case, only MNT_UPDATE and
1445 * MNT_EXPORTED have been set in fsflags
1446 * by the options. Only set MNT_UPDATE,
1447 * since that is the one that would be set
1448 * when set in fsflags, below.
1449 */
1450 mp->mnt_flag |= MNT_UPDATE;
1451 } else {
1452 mp->mnt_flag &= ~MNT_UPDATEMASK;
1453 if ((mp->mnt_flag & MNT_UNION) == 0 &&
1454 (fsflags & MNT_UNION) != 0) {
1455 fsflags &= ~MNT_UNION;
1456 mnt_union = MNT_UNION;
1457 }
1458 mp->mnt_flag |= fsflags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE |
1459 MNT_SNAPSHOT | MNT_ROOTFS | MNT_UPDATEMASK | MNT_RDONLY);
1460 if ((mp->mnt_flag & MNT_ASYNC) == 0)
1461 mp->mnt_kern_flag &= ~MNTK_ASYNC;
1462 }
1463 rootvp = vfs_cache_root_clear(mp);
1464 MNT_IUNLOCK(mp);
1465 mp->mnt_optnew = *optlist;
1466 vfs_mergeopts(mp->mnt_optnew, mp->mnt_opt);
1467
1468 /*
1469 * Mount the filesystem.
1470 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they
1471 * get. No freeing of cn_pnbuf.
1472 */
1473 /*
1474 * When only updating mount exports, VFS_MOUNT() does not need to
1475 * be called, as indicated by only_export being set true.
1476 * For the case of mountd(8) doing exports from within a vnet jail,
1477 * "from" is typically not set correctly such that VFS_MOUNT() will
1478 * return ENOENT. For ZFS, there is a locking bug which can result in
1479 * deadlock if VFS_MOUNT() is called when extended attributes are
1480 * being updated.
1481 */
1482 error = 0;
1483 if (!only_export)
1484 error = VFS_MOUNT(mp);
1485
1486 export_error = 0;
1487 /* Process the export option. */
1488 if (error == 0 && vfs_getopt(mp->mnt_optnew, "export", &bufp,
1489 &len) == 0) {
1490 /* Assume that there is only 1 ABI for each length. */
1491 switch (len) {
1492 case (sizeof(struct oexport_args)):
1493 bzero(&o2export, sizeof(o2export));
1494 /* FALLTHROUGH */
1495 case (sizeof(o2export)):
1496 bcopy(bufp, &o2export, len);
1497 export.ex_flags = (uint64_t)o2export.ex_flags;
1498 export.ex_root = o2export.ex_root;
1499 export.ex_uid = o2export.ex_anon.cr_uid;
1500 export.ex_groups = NULL;
1501 export.ex_ngroups = o2export.ex_anon.cr_ngroups;
1502 if (export.ex_ngroups > 0) {
1503 if (export.ex_ngroups <= XU_NGROUPS) {
1504 export.ex_groups = malloc(
1505 export.ex_ngroups * sizeof(gid_t),
1506 M_TEMP, M_WAITOK);
1507 for (i = 0; i < export.ex_ngroups; i++)
1508 export.ex_groups[i] =
1509 o2export.ex_anon.cr_groups[i];
1510 } else
1511 export_error = EINVAL;
1512 } else if (export.ex_ngroups < 0)
1513 export_error = EINVAL;
1514 export.ex_addr = o2export.ex_addr;
1515 export.ex_addrlen = o2export.ex_addrlen;
1516 export.ex_mask = o2export.ex_mask;
1517 export.ex_masklen = o2export.ex_masklen;
1518 export.ex_indexfile = o2export.ex_indexfile;
1519 export.ex_numsecflavors = o2export.ex_numsecflavors;
1520 if (export.ex_numsecflavors < MAXSECFLAVORS) {
1521 for (i = 0; i < export.ex_numsecflavors; i++)
1522 export.ex_secflavors[i] =
1523 o2export.ex_secflavors[i];
1524 } else
1525 export_error = EINVAL;
1526 if (export_error == 0)
1527 export_error = vfs_export(mp, &export, true);
1528 free(export.ex_groups, M_TEMP);
1529 break;
1530 case (sizeof(export)):
1531 bcopy(bufp, &export, len);
1532 grps = NULL;
1533 if (export.ex_ngroups > 0) {
1534 if (export.ex_ngroups <= ngroups_max + 1) {
1535 grps = malloc(export.ex_ngroups *
1536 sizeof(gid_t), M_TEMP, M_WAITOK);
1537 export_error = copyin(export.ex_groups,
1538 grps, export.ex_ngroups *
1539 sizeof(gid_t));
1540 if (export_error == 0)
1541 export.ex_groups = grps;
1542 } else
1543 export_error = EINVAL;
1544 } else if (export.ex_ngroups == 0)
1545 export.ex_groups = NULL;
1546 else
1547 export_error = EINVAL;
1548 if (export_error == 0)
1549 export_error = vfs_export(mp, &export, true);
1550 free(grps, M_TEMP);
1551 break;
1552 default:
1553 export_error = EINVAL;
1554 break;
1555 }
1556 }
1557
1558 MNT_ILOCK(mp);
1559 if (error == 0) {
1560 mp->mnt_flag &= ~(MNT_UPDATE | MNT_RELOAD | MNT_FORCE |
1561 MNT_SNAPSHOT);
1562 mp->mnt_flag |= mnt_union;
1563 } else {
1564 /*
1565 * If we fail, restore old mount flags. MNT_QUOTA is special,
1566 * because it is not part of MNT_UPDATEMASK, but it could have
1567 * changed in the meantime if quotactl(2) was called.
1568 * All in all we want current value of MNT_QUOTA, not the old
1569 * one.
1570 */
1571 mp->mnt_flag = (mp->mnt_flag & MNT_QUOTA) | (flag & ~MNT_QUOTA);
1572 }
1573 if ((mp->mnt_flag & MNT_ASYNC) != 0 &&
1574 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0)
1575 mp->mnt_kern_flag |= MNTK_ASYNC;
1576 else
1577 mp->mnt_kern_flag &= ~MNTK_ASYNC;
1578 MNT_IUNLOCK(mp);
1579
1580 if (error != 0)
1581 goto end;
1582
1583 mount_devctl_event("REMOUNT", mp, true);
1584 if (mp->mnt_opt != NULL)
1585 vfs_freeopts(mp->mnt_opt);
1586 mp->mnt_opt = mp->mnt_optnew;
1587 *optlist = NULL;
1588 (void)VFS_STATFS(mp, &mp->mnt_stat);
1589 /*
1590 * Prevent external consumers of mount options from reading
1591 * mnt_optnew.
1592 */
1593 mp->mnt_optnew = NULL;
1594
1595 if ((mp->mnt_flag & MNT_RDONLY) == 0)
1596 vfs_allocate_syncvnode(mp);
1597 else
1598 vfs_deallocate_syncvnode(mp);
1599 end:
1600 vfs_op_exit(mp);
1601 if (rootvp != NULL) {
1602 vn_seqc_write_end(rootvp);
1603 vrele(rootvp);
1604 }
1605 vn_seqc_write_end(vp);
1606 vfs_unbusy(mp);
1607 VI_LOCK(vp);
1608 vp->v_iflag &= ~VI_MOUNT;
1609 VI_UNLOCK(vp);
1610 vrele(vp);
1611 return (error != 0 ? error : export_error);
1612 }
1613
1614 /*
1615 * vfs_domount(): actually attempt a filesystem mount.
1616 */
1617 static int
vfs_domount(struct thread * td,const char * fstype,char * fspath,uint64_t fsflags,bool only_export,bool jail_export,struct vfsoptlist ** optlist)1618 vfs_domount(
1619 struct thread *td, /* Calling thread. */
1620 const char *fstype, /* Filesystem type. */
1621 char *fspath, /* Mount path. */
1622 uint64_t fsflags, /* Flags common to all filesystems. */
1623 bool only_export, /* Got export option. */
1624 bool jail_export, /* Got export option in vnet prison. */
1625 struct vfsoptlist **optlist /* Options local to the filesystem. */
1626 )
1627 {
1628 struct vfsconf *vfsp;
1629 struct nameidata nd;
1630 struct vnode *vp;
1631 char *pathbuf;
1632 int error;
1633
1634 /*
1635 * Be ultra-paranoid about making sure the type and fspath
1636 * variables will fit in our mp buffers, including the
1637 * terminating NUL.
1638 */
1639 if (strlen(fstype) >= MFSNAMELEN || strlen(fspath) >= MNAMELEN)
1640 return (ENAMETOOLONG);
1641
1642 if (jail_export) {
1643 error = priv_check(td, PRIV_NFS_DAEMON);
1644 if (error)
1645 return (error);
1646 } else if (jailed(td->td_ucred) || usermount == 0) {
1647 if ((error = priv_check(td, PRIV_VFS_MOUNT)) != 0)
1648 return (error);
1649 }
1650
1651 /*
1652 * Do not allow NFS export or MNT_SUIDDIR by unprivileged users.
1653 */
1654 if (fsflags & MNT_EXPORTED) {
1655 error = priv_check(td, PRIV_VFS_MOUNT_EXPORTED);
1656 if (error)
1657 return (error);
1658 }
1659 if (fsflags & MNT_SUIDDIR) {
1660 error = priv_check(td, PRIV_VFS_MOUNT_SUIDDIR);
1661 if (error)
1662 return (error);
1663 }
1664 /*
1665 * Silently enforce MNT_NOSUID and MNT_USER for unprivileged users.
1666 */
1667 if ((fsflags & (MNT_NOSUID | MNT_USER)) != (MNT_NOSUID | MNT_USER)) {
1668 if (priv_check(td, PRIV_VFS_MOUNT_NONUSER) != 0)
1669 fsflags |= MNT_NOSUID | MNT_USER;
1670 }
1671
1672 /* Load KLDs before we lock the covered vnode to avoid reversals. */
1673 vfsp = NULL;
1674 if ((fsflags & MNT_UPDATE) == 0) {
1675 /* Don't try to load KLDs if we're mounting the root. */
1676 if (fsflags & MNT_ROOTFS) {
1677 if ((vfsp = vfs_byname(fstype)) == NULL)
1678 return (ENODEV);
1679 } else {
1680 if ((vfsp = vfs_byname_kld(fstype, td, &error)) == NULL)
1681 return (error);
1682 }
1683 }
1684
1685 /*
1686 * Get vnode to be covered or mount point's vnode in case of MNT_UPDATE.
1687 */
1688 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1 | WANTPARENT,
1689 UIO_SYSSPACE, fspath);
1690 error = namei(&nd);
1691 if (error != 0)
1692 return (error);
1693 vp = nd.ni_vp;
1694 /*
1695 * Don't allow stacking file mounts to work around problems with the way
1696 * that namei sets nd.ni_dvp to vp_crossmp for these.
1697 */
1698 if (vp->v_type == VREG)
1699 fsflags |= MNT_NOCOVER;
1700 if ((fsflags & MNT_UPDATE) == 0) {
1701 if ((vp->v_vflag & VV_ROOT) != 0 &&
1702 (fsflags & MNT_NOCOVER) != 0) {
1703 vput(vp);
1704 error = EBUSY;
1705 goto out;
1706 }
1707 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK);
1708 strcpy(pathbuf, fspath);
1709 /*
1710 * Note: we allow any vnode type here. If the path sanity check
1711 * succeeds, the type will be validated in vfs_domount_first
1712 * above.
1713 */
1714 if (vp->v_type == VDIR)
1715 error = vn_path_to_global_path(td, vp, pathbuf,
1716 MNAMELEN);
1717 else
1718 error = vn_path_to_global_path_hardlink(td, vp,
1719 nd.ni_dvp, pathbuf, MNAMELEN,
1720 nd.ni_cnd.cn_nameptr, nd.ni_cnd.cn_namelen);
1721 if (error == 0) {
1722 error = vfs_domount_first(td, vfsp, pathbuf, vp,
1723 fsflags, optlist);
1724 }
1725 free(pathbuf, M_TEMP);
1726 } else
1727 error = vfs_domount_update(td, vp, fsflags, only_export,
1728 jail_export, optlist);
1729
1730 out:
1731 NDFREE_PNBUF(&nd);
1732 vrele(nd.ni_dvp);
1733
1734 return (error);
1735 }
1736
1737 /*
1738 * Unmount a filesystem.
1739 *
1740 * Note: unmount takes a path to the vnode mounted on as argument, not
1741 * special file (as before).
1742 */
1743 #ifndef _SYS_SYSPROTO_H_
1744 struct unmount_args {
1745 char *path;
1746 int flags;
1747 };
1748 #endif
1749 /* ARGSUSED */
1750 int
sys_unmount(struct thread * td,struct unmount_args * uap)1751 sys_unmount(struct thread *td, struct unmount_args *uap)
1752 {
1753
1754 return (kern_unmount(td, uap->path, (unsigned)uap->flags));
1755 }
1756
1757 int
kern_unmount(struct thread * td,const char * path,uint64_t flags)1758 kern_unmount(struct thread *td, const char *path, uint64_t flags)
1759 {
1760 struct nameidata nd;
1761 struct mount *mp;
1762 char *fsidbuf, *pathbuf;
1763 fsid_t fsid;
1764 int error;
1765
1766 AUDIT_ARG_VALUE(flags);
1767 if ((flags & (MNT_DEFERRED | MNT_RECURSE)) != 0)
1768 return (EINVAL);
1769 if (jailed(td->td_ucred) || usermount == 0) {
1770 error = priv_check(td, PRIV_VFS_UNMOUNT);
1771 if (error)
1772 return (error);
1773 }
1774 if (flags & MNT_BYFSID) {
1775 fsidbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK);
1776 error = copyinstr(path, fsidbuf, MNAMELEN, NULL);
1777 if (error) {
1778 free(fsidbuf, M_TEMP);
1779 return (error);
1780 }
1781
1782 AUDIT_ARG_TEXT(fsidbuf);
1783 /* Decode the filesystem ID. */
1784 if (sscanf(fsidbuf, "FSID:%d:%d", &fsid.val[0], &fsid.val[1]) != 2) {
1785 free(fsidbuf, M_TEMP);
1786 return (EINVAL);
1787 }
1788
1789 mp = vfs_getvfs(&fsid);
1790 free(fsidbuf, M_TEMP);
1791 if (mp == NULL) {
1792 return (ENOENT);
1793 }
1794 } else {
1795 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK);
1796 error = copyinstr(path, pathbuf, MNAMELEN, NULL);
1797 if (error) {
1798 free(pathbuf, M_TEMP);
1799 return (error);
1800 }
1801
1802 /*
1803 * Try to find global path for path argument.
1804 */
1805 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1,
1806 UIO_SYSSPACE, pathbuf);
1807 if (namei(&nd) == 0) {
1808 NDFREE_PNBUF(&nd);
1809 error = vn_path_to_global_path(td, nd.ni_vp, pathbuf,
1810 MNAMELEN);
1811 if (error == 0)
1812 vput(nd.ni_vp);
1813 }
1814 mtx_lock(&mountlist_mtx);
1815 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) {
1816 if (strcmp(mp->mnt_stat.f_mntonname, pathbuf) == 0) {
1817 vfs_ref(mp);
1818 break;
1819 }
1820 }
1821 mtx_unlock(&mountlist_mtx);
1822 free(pathbuf, M_TEMP);
1823 if (mp == NULL) {
1824 /*
1825 * Previously we returned ENOENT for a nonexistent path and
1826 * EINVAL for a non-mountpoint. We cannot tell these apart
1827 * now, so in the !MNT_BYFSID case return the more likely
1828 * EINVAL for compatibility.
1829 */
1830 return (EINVAL);
1831 }
1832 }
1833
1834 /*
1835 * Don't allow unmounting the root filesystem.
1836 */
1837 if (mp->mnt_flag & MNT_ROOTFS) {
1838 vfs_rel(mp);
1839 return (EINVAL);
1840 }
1841 #ifdef MAC
1842 error = mac_mount_check_unmount(td->td_ucred, mp, flags);
1843 if (error != 0) {
1844 vfs_rel(mp);
1845 return (error);
1846 }
1847 #endif
1848 error = dounmount(mp, flags, td);
1849 return (error);
1850 }
1851
1852 /*
1853 * Return error if any of the vnodes, ignoring the root vnode
1854 * and the syncer vnode, have non-zero usecount.
1855 *
1856 * This function is purely advisory - it can return false positives
1857 * and negatives.
1858 */
1859 static int
vfs_check_usecounts(struct mount * mp)1860 vfs_check_usecounts(struct mount *mp)
1861 {
1862 struct vnode *vp, *mvp;
1863
1864 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) {
1865 if ((vp->v_vflag & VV_ROOT) == 0 && vp->v_type != VNON &&
1866 vp->v_usecount != 0) {
1867 VI_UNLOCK(vp);
1868 MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp);
1869 return (EBUSY);
1870 }
1871 VI_UNLOCK(vp);
1872 }
1873
1874 return (0);
1875 }
1876
1877 static void
dounmount_cleanup(struct mount * mp,struct vnode * coveredvp,int mntkflags)1878 dounmount_cleanup(struct mount *mp, struct vnode *coveredvp, int mntkflags)
1879 {
1880
1881 mtx_assert(MNT_MTX(mp), MA_OWNED);
1882 mp->mnt_kern_flag &= ~mntkflags;
1883 if ((mp->mnt_kern_flag & MNTK_MWAIT) != 0) {
1884 mp->mnt_kern_flag &= ~MNTK_MWAIT;
1885 wakeup(mp);
1886 }
1887 vfs_op_exit_locked(mp);
1888 MNT_IUNLOCK(mp);
1889 if (coveredvp != NULL) {
1890 VOP_UNLOCK(coveredvp);
1891 vdrop(coveredvp);
1892 }
1893 vn_finished_write(mp);
1894 vfs_rel(mp);
1895 }
1896
1897 /*
1898 * There are various reference counters associated with the mount point.
1899 * Normally it is permitted to modify them without taking the mnt ilock,
1900 * but this behavior can be temporarily disabled if stable value is needed
1901 * or callers are expected to block (e.g. to not allow new users during
1902 * forced unmount).
1903 */
1904 void
vfs_op_enter(struct mount * mp)1905 vfs_op_enter(struct mount *mp)
1906 {
1907 struct mount_pcpu *mpcpu;
1908 int cpu;
1909
1910 MNT_ILOCK(mp);
1911 mp->mnt_vfs_ops++;
1912 if (mp->mnt_vfs_ops > 1) {
1913 MNT_IUNLOCK(mp);
1914 return;
1915 }
1916 vfs_op_barrier_wait(mp);
1917 CPU_FOREACH(cpu) {
1918 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
1919
1920 mp->mnt_ref += mpcpu->mntp_ref;
1921 mpcpu->mntp_ref = 0;
1922
1923 mp->mnt_lockref += mpcpu->mntp_lockref;
1924 mpcpu->mntp_lockref = 0;
1925
1926 mp->mnt_writeopcount += mpcpu->mntp_writeopcount;
1927 mpcpu->mntp_writeopcount = 0;
1928 }
1929 MPASSERT(mp->mnt_ref > 0 && mp->mnt_lockref >= 0 &&
1930 mp->mnt_writeopcount >= 0, mp,
1931 ("invalid count(s): ref %d lockref %d writeopcount %d",
1932 mp->mnt_ref, mp->mnt_lockref, mp->mnt_writeopcount));
1933 MNT_IUNLOCK(mp);
1934 vfs_assert_mount_counters(mp);
1935 }
1936
1937 void
vfs_op_exit_locked(struct mount * mp)1938 vfs_op_exit_locked(struct mount *mp)
1939 {
1940
1941 mtx_assert(MNT_MTX(mp), MA_OWNED);
1942
1943 MPASSERT(mp->mnt_vfs_ops > 0, mp,
1944 ("invalid vfs_ops count %d", mp->mnt_vfs_ops));
1945 MPASSERT(mp->mnt_vfs_ops > 1 ||
1946 (mp->mnt_kern_flag & (MNTK_UNMOUNT | MNTK_SUSPEND)) == 0, mp,
1947 ("vfs_ops too low %d in unmount or suspend", mp->mnt_vfs_ops));
1948 mp->mnt_vfs_ops--;
1949 }
1950
1951 void
vfs_op_exit(struct mount * mp)1952 vfs_op_exit(struct mount *mp)
1953 {
1954
1955 MNT_ILOCK(mp);
1956 vfs_op_exit_locked(mp);
1957 MNT_IUNLOCK(mp);
1958 }
1959
1960 struct vfs_op_barrier_ipi {
1961 struct mount *mp;
1962 struct smp_rendezvous_cpus_retry_arg srcra;
1963 };
1964
1965 static void
vfs_op_action_func(void * arg)1966 vfs_op_action_func(void *arg)
1967 {
1968 struct vfs_op_barrier_ipi *vfsopipi;
1969 struct mount *mp;
1970
1971 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra);
1972 mp = vfsopipi->mp;
1973
1974 if (!vfs_op_thread_entered(mp))
1975 smp_rendezvous_cpus_done(arg);
1976 }
1977
1978 static void
vfs_op_wait_func(void * arg,int cpu)1979 vfs_op_wait_func(void *arg, int cpu)
1980 {
1981 struct vfs_op_barrier_ipi *vfsopipi;
1982 struct mount *mp;
1983 struct mount_pcpu *mpcpu;
1984
1985 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra);
1986 mp = vfsopipi->mp;
1987
1988 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
1989 while (atomic_load_int(&mpcpu->mntp_thread_in_ops))
1990 cpu_spinwait();
1991 }
1992
1993 void
vfs_op_barrier_wait(struct mount * mp)1994 vfs_op_barrier_wait(struct mount *mp)
1995 {
1996 struct vfs_op_barrier_ipi vfsopipi;
1997
1998 vfsopipi.mp = mp;
1999
2000 smp_rendezvous_cpus_retry(all_cpus,
2001 smp_no_rendezvous_barrier,
2002 vfs_op_action_func,
2003 smp_no_rendezvous_barrier,
2004 vfs_op_wait_func,
2005 &vfsopipi.srcra);
2006 }
2007
2008 #ifdef DIAGNOSTIC
2009 void
vfs_assert_mount_counters(struct mount * mp)2010 vfs_assert_mount_counters(struct mount *mp)
2011 {
2012 struct mount_pcpu *mpcpu;
2013 int cpu;
2014
2015 if (mp->mnt_vfs_ops == 0)
2016 return;
2017
2018 CPU_FOREACH(cpu) {
2019 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
2020 if (mpcpu->mntp_ref != 0 ||
2021 mpcpu->mntp_lockref != 0 ||
2022 mpcpu->mntp_writeopcount != 0)
2023 vfs_dump_mount_counters(mp);
2024 }
2025 }
2026
2027 void
vfs_dump_mount_counters(struct mount * mp)2028 vfs_dump_mount_counters(struct mount *mp)
2029 {
2030 struct mount_pcpu *mpcpu;
2031 int ref, lockref, writeopcount;
2032 int cpu;
2033
2034 printf("%s: mp %p vfs_ops %d\n", __func__, mp, mp->mnt_vfs_ops);
2035
2036 printf(" ref : ");
2037 ref = mp->mnt_ref;
2038 CPU_FOREACH(cpu) {
2039 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
2040 printf("%d ", mpcpu->mntp_ref);
2041 ref += mpcpu->mntp_ref;
2042 }
2043 printf("\n");
2044 printf(" lockref : ");
2045 lockref = mp->mnt_lockref;
2046 CPU_FOREACH(cpu) {
2047 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
2048 printf("%d ", mpcpu->mntp_lockref);
2049 lockref += mpcpu->mntp_lockref;
2050 }
2051 printf("\n");
2052 printf("writeopcount: ");
2053 writeopcount = mp->mnt_writeopcount;
2054 CPU_FOREACH(cpu) {
2055 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
2056 printf("%d ", mpcpu->mntp_writeopcount);
2057 writeopcount += mpcpu->mntp_writeopcount;
2058 }
2059 printf("\n");
2060
2061 printf("counter struct total\n");
2062 printf("ref %-5d %-5d\n", mp->mnt_ref, ref);
2063 printf("lockref %-5d %-5d\n", mp->mnt_lockref, lockref);
2064 printf("writeopcount %-5d %-5d\n", mp->mnt_writeopcount, writeopcount);
2065
2066 panic("invalid counts on struct mount");
2067 }
2068 #endif
2069
2070 int
vfs_mount_fetch_counter(struct mount * mp,enum mount_counter which)2071 vfs_mount_fetch_counter(struct mount *mp, enum mount_counter which)
2072 {
2073 struct mount_pcpu *mpcpu;
2074 int cpu, sum;
2075
2076 switch (which) {
2077 case MNT_COUNT_REF:
2078 sum = mp->mnt_ref;
2079 break;
2080 case MNT_COUNT_LOCKREF:
2081 sum = mp->mnt_lockref;
2082 break;
2083 case MNT_COUNT_WRITEOPCOUNT:
2084 sum = mp->mnt_writeopcount;
2085 break;
2086 }
2087
2088 CPU_FOREACH(cpu) {
2089 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
2090 switch (which) {
2091 case MNT_COUNT_REF:
2092 sum += mpcpu->mntp_ref;
2093 break;
2094 case MNT_COUNT_LOCKREF:
2095 sum += mpcpu->mntp_lockref;
2096 break;
2097 case MNT_COUNT_WRITEOPCOUNT:
2098 sum += mpcpu->mntp_writeopcount;
2099 break;
2100 }
2101 }
2102 return (sum);
2103 }
2104
2105 static bool
deferred_unmount_enqueue(struct mount * mp,uint64_t flags,bool requeue,int timeout_ticks)2106 deferred_unmount_enqueue(struct mount *mp, uint64_t flags, bool requeue,
2107 int timeout_ticks)
2108 {
2109 bool enqueued;
2110
2111 enqueued = false;
2112 mtx_lock(&deferred_unmount_lock);
2113 if ((mp->mnt_taskqueue_flags & MNT_DEFERRED) == 0 || requeue) {
2114 mp->mnt_taskqueue_flags = flags | MNT_DEFERRED;
2115 STAILQ_INSERT_TAIL(&deferred_unmount_list, mp,
2116 mnt_taskqueue_link);
2117 enqueued = true;
2118 }
2119 mtx_unlock(&deferred_unmount_lock);
2120
2121 if (enqueued) {
2122 taskqueue_enqueue_timeout(taskqueue_deferred_unmount,
2123 &deferred_unmount_task, timeout_ticks);
2124 }
2125
2126 return (enqueued);
2127 }
2128
2129 /*
2130 * Taskqueue handler for processing async/recursive unmounts
2131 */
2132 static void
vfs_deferred_unmount(void * argi __unused,int pending __unused)2133 vfs_deferred_unmount(void *argi __unused, int pending __unused)
2134 {
2135 STAILQ_HEAD(, mount) local_unmounts;
2136 uint64_t flags;
2137 struct mount *mp, *tmp;
2138 int error;
2139 unsigned int retries;
2140 bool unmounted;
2141
2142 STAILQ_INIT(&local_unmounts);
2143 mtx_lock(&deferred_unmount_lock);
2144 STAILQ_CONCAT(&local_unmounts, &deferred_unmount_list);
2145 mtx_unlock(&deferred_unmount_lock);
2146
2147 STAILQ_FOREACH_SAFE(mp, &local_unmounts, mnt_taskqueue_link, tmp) {
2148 flags = mp->mnt_taskqueue_flags;
2149 KASSERT((flags & MNT_DEFERRED) != 0,
2150 ("taskqueue unmount without MNT_DEFERRED"));
2151 error = dounmount(mp, flags, curthread);
2152 if (error != 0) {
2153 MNT_ILOCK(mp);
2154 unmounted = ((mp->mnt_kern_flag & MNTK_REFEXPIRE) != 0);
2155 MNT_IUNLOCK(mp);
2156
2157 /*
2158 * The deferred unmount thread is the only thread that
2159 * modifies the retry counts, so locking/atomics aren't
2160 * needed here.
2161 */
2162 retries = (mp->mnt_unmount_retries)++;
2163 deferred_unmount_total_retries++;
2164 if (!unmounted && retries < deferred_unmount_retry_limit) {
2165 deferred_unmount_enqueue(mp, flags, true,
2166 -deferred_unmount_retry_delay_hz);
2167 } else {
2168 if (retries >= deferred_unmount_retry_limit) {
2169 printf("giving up on deferred unmount "
2170 "of %s after %d retries, error %d\n",
2171 mp->mnt_stat.f_mntonname, retries, error);
2172 }
2173 vfs_rel(mp);
2174 }
2175 }
2176 }
2177 }
2178
2179 /*
2180 * Do the actual filesystem unmount.
2181 */
2182 int
dounmount(struct mount * mp,uint64_t flags,struct thread * td)2183 dounmount(struct mount *mp, uint64_t flags, struct thread *td)
2184 {
2185 struct mount_upper_node *upper;
2186 struct vnode *coveredvp, *rootvp;
2187 int error;
2188 uint64_t async_flag;
2189 int mnt_gen_r;
2190 unsigned int retries;
2191
2192 KASSERT((flags & MNT_DEFERRED) == 0 ||
2193 (flags & (MNT_RECURSE | MNT_FORCE)) == (MNT_RECURSE | MNT_FORCE),
2194 ("MNT_DEFERRED requires MNT_RECURSE | MNT_FORCE"));
2195
2196 /*
2197 * If the caller has explicitly requested the unmount to be handled by
2198 * the taskqueue and we're not already in taskqueue context, queue
2199 * up the unmount request and exit. This is done prior to any
2200 * credential checks; MNT_DEFERRED should be used only for kernel-
2201 * initiated unmounts and will therefore be processed with the
2202 * (kernel) credentials of the taskqueue thread. Still, callers
2203 * should be sure this is the behavior they want.
2204 */
2205 if ((flags & MNT_DEFERRED) != 0 &&
2206 taskqueue_member(taskqueue_deferred_unmount, curthread) == 0) {
2207 if (!deferred_unmount_enqueue(mp, flags, false, 0))
2208 vfs_rel(mp);
2209 return (EINPROGRESS);
2210 }
2211
2212 /*
2213 * Only privileged root, or (if MNT_USER is set) the user that did the
2214 * original mount is permitted to unmount this filesystem.
2215 * This check should be made prior to queueing up any recursive
2216 * unmounts of upper filesystems. Those unmounts will be executed
2217 * with kernel thread credentials and are expected to succeed, so
2218 * we must at least ensure the originating context has sufficient
2219 * privilege to unmount the base filesystem before proceeding with
2220 * the uppers.
2221 */
2222 error = vfs_suser(mp, td);
2223 if (error != 0) {
2224 KASSERT((flags & MNT_DEFERRED) == 0,
2225 ("taskqueue unmount with insufficient privilege"));
2226 vfs_rel(mp);
2227 return (error);
2228 }
2229
2230 if (recursive_forced_unmount && ((flags & MNT_FORCE) != 0))
2231 flags |= MNT_RECURSE;
2232
2233 if ((flags & MNT_RECURSE) != 0) {
2234 KASSERT((flags & MNT_FORCE) != 0,
2235 ("MNT_RECURSE requires MNT_FORCE"));
2236
2237 MNT_ILOCK(mp);
2238 /*
2239 * Set MNTK_RECURSE to prevent new upper mounts from being
2240 * added, and note that an operation on the uppers list is in
2241 * progress. This will ensure that unregistration from the
2242 * uppers list, and therefore any pending unmount of the upper
2243 * FS, can't complete until after we finish walking the list.
2244 */
2245 mp->mnt_kern_flag |= MNTK_RECURSE;
2246 mp->mnt_upper_pending++;
2247 TAILQ_FOREACH(upper, &mp->mnt_uppers, mnt_upper_link) {
2248 retries = upper->mp->mnt_unmount_retries;
2249 if (retries > deferred_unmount_retry_limit) {
2250 error = EBUSY;
2251 continue;
2252 }
2253 MNT_IUNLOCK(mp);
2254
2255 vfs_ref(upper->mp);
2256 if (!deferred_unmount_enqueue(upper->mp, flags,
2257 false, 0))
2258 vfs_rel(upper->mp);
2259 MNT_ILOCK(mp);
2260 }
2261 mp->mnt_upper_pending--;
2262 if ((mp->mnt_kern_flag & MNTK_UPPER_WAITER) != 0 &&
2263 mp->mnt_upper_pending == 0) {
2264 mp->mnt_kern_flag &= ~MNTK_UPPER_WAITER;
2265 wakeup(&mp->mnt_uppers);
2266 }
2267
2268 /*
2269 * If we're not on the taskqueue, wait until the uppers list
2270 * is drained before proceeding with unmount. Otherwise, if
2271 * we are on the taskqueue and there are still pending uppers,
2272 * just re-enqueue on the end of the taskqueue.
2273 */
2274 if ((flags & MNT_DEFERRED) == 0) {
2275 while (error == 0 && !TAILQ_EMPTY(&mp->mnt_uppers)) {
2276 mp->mnt_kern_flag |= MNTK_TASKQUEUE_WAITER;
2277 error = msleep(&mp->mnt_taskqueue_link,
2278 MNT_MTX(mp), PCATCH, "umntqw", 0);
2279 }
2280 if (error != 0) {
2281 MNT_REL(mp);
2282 MNT_IUNLOCK(mp);
2283 return (error);
2284 }
2285 } else if (!TAILQ_EMPTY(&mp->mnt_uppers)) {
2286 MNT_IUNLOCK(mp);
2287 if (error == 0)
2288 deferred_unmount_enqueue(mp, flags, true, 0);
2289 return (error);
2290 }
2291 MNT_IUNLOCK(mp);
2292 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers not empty"));
2293 }
2294
2295 /* Allow the taskqueue to safely re-enqueue on failure */
2296 if ((flags & MNT_DEFERRED) != 0)
2297 vfs_ref(mp);
2298
2299 if ((coveredvp = mp->mnt_vnodecovered) != NULL) {
2300 mnt_gen_r = mp->mnt_gen;
2301 VI_LOCK(coveredvp);
2302 vholdl(coveredvp);
2303 vn_lock(coveredvp, LK_EXCLUSIVE | LK_INTERLOCK | LK_RETRY);
2304 /*
2305 * Check for mp being unmounted while waiting for the
2306 * covered vnode lock.
2307 */
2308 if (coveredvp->v_mountedhere != mp ||
2309 coveredvp->v_mountedhere->mnt_gen != mnt_gen_r) {
2310 VOP_UNLOCK(coveredvp);
2311 vdrop(coveredvp);
2312 vfs_rel(mp);
2313 return (EBUSY);
2314 }
2315 }
2316
2317 vfs_op_enter(mp);
2318
2319 vn_start_write(NULL, &mp, V_WAIT);
2320 MNT_ILOCK(mp);
2321 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0 ||
2322 (mp->mnt_flag & MNT_UPDATE) != 0 ||
2323 !TAILQ_EMPTY(&mp->mnt_uppers)) {
2324 dounmount_cleanup(mp, coveredvp, 0);
2325 return (EBUSY);
2326 }
2327 mp->mnt_kern_flag |= MNTK_UNMOUNT;
2328 rootvp = vfs_cache_root_clear(mp);
2329 if (coveredvp != NULL)
2330 vn_seqc_write_begin(coveredvp);
2331 if (flags & MNT_NONBUSY) {
2332 MNT_IUNLOCK(mp);
2333 error = vfs_check_usecounts(mp);
2334 MNT_ILOCK(mp);
2335 if (error != 0) {
2336 vn_seqc_write_end(coveredvp);
2337 dounmount_cleanup(mp, coveredvp, MNTK_UNMOUNT);
2338 if (rootvp != NULL) {
2339 vn_seqc_write_end(rootvp);
2340 vrele(rootvp);
2341 }
2342 return (error);
2343 }
2344 }
2345 /* Allow filesystems to detect that a forced unmount is in progress. */
2346 if (flags & MNT_FORCE) {
2347 mp->mnt_kern_flag |= MNTK_UNMOUNTF;
2348 MNT_IUNLOCK(mp);
2349 /*
2350 * Must be done after setting MNTK_UNMOUNTF and before
2351 * waiting for mnt_lockref to become 0.
2352 */
2353 VFS_PURGE(mp);
2354 MNT_ILOCK(mp);
2355 }
2356 error = 0;
2357 if (mp->mnt_lockref) {
2358 mp->mnt_kern_flag |= MNTK_DRAINING;
2359 error = msleep(&mp->mnt_lockref, MNT_MTX(mp), PVFS,
2360 "mount drain", 0);
2361 }
2362 MNT_IUNLOCK(mp);
2363 KASSERT(mp->mnt_lockref == 0,
2364 ("%s: invalid lock refcount in the drain path @ %s:%d",
2365 __func__, __FILE__, __LINE__));
2366 KASSERT(error == 0,
2367 ("%s: invalid return value for msleep in the drain path @ %s:%d",
2368 __func__, __FILE__, __LINE__));
2369
2370 /*
2371 * We want to keep the vnode around so that we can vn_seqc_write_end
2372 * after we are done with unmount. Downgrade our reference to a mere
2373 * hold count so that we don't interefere with anything.
2374 */
2375 if (rootvp != NULL) {
2376 vhold(rootvp);
2377 vrele(rootvp);
2378 }
2379
2380 if (mp->mnt_flag & MNT_EXPUBLIC)
2381 vfs_setpublicfs(NULL, NULL, NULL);
2382
2383 vfs_periodic(mp, MNT_WAIT);
2384 MNT_ILOCK(mp);
2385 async_flag = mp->mnt_flag & MNT_ASYNC;
2386 mp->mnt_flag &= ~MNT_ASYNC;
2387 mp->mnt_kern_flag &= ~MNTK_ASYNC;
2388 MNT_IUNLOCK(mp);
2389 vfs_deallocate_syncvnode(mp);
2390 error = VFS_UNMOUNT(mp, flags);
2391 vn_finished_write(mp);
2392 vfs_rel(mp);
2393 /*
2394 * If we failed to flush the dirty blocks for this mount point,
2395 * undo all the cdir/rdir and rootvnode changes we made above.
2396 * Unless we failed to do so because the device is reporting that
2397 * it doesn't exist anymore.
2398 */
2399 if (error && error != ENXIO) {
2400 MNT_ILOCK(mp);
2401 if ((mp->mnt_flag & MNT_RDONLY) == 0) {
2402 MNT_IUNLOCK(mp);
2403 vfs_allocate_syncvnode(mp);
2404 MNT_ILOCK(mp);
2405 }
2406 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
2407 mp->mnt_flag |= async_flag;
2408 if ((mp->mnt_flag & MNT_ASYNC) != 0 &&
2409 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0)
2410 mp->mnt_kern_flag |= MNTK_ASYNC;
2411 if (mp->mnt_kern_flag & MNTK_MWAIT) {
2412 mp->mnt_kern_flag &= ~MNTK_MWAIT;
2413 wakeup(mp);
2414 }
2415 vfs_op_exit_locked(mp);
2416 MNT_IUNLOCK(mp);
2417 if (coveredvp) {
2418 vn_seqc_write_end(coveredvp);
2419 VOP_UNLOCK(coveredvp);
2420 vdrop(coveredvp);
2421 }
2422 if (rootvp != NULL) {
2423 vn_seqc_write_end(rootvp);
2424 vdrop(rootvp);
2425 }
2426 return (error);
2427 }
2428
2429 mtx_lock(&mountlist_mtx);
2430 TAILQ_REMOVE(&mountlist, mp, mnt_list);
2431 mtx_unlock(&mountlist_mtx);
2432 EVENTHANDLER_DIRECT_INVOKE(vfs_unmounted, mp, td);
2433 if (coveredvp != NULL) {
2434 VI_LOCK(coveredvp);
2435 vn_irflag_unset_locked(coveredvp, VIRF_MOUNTPOINT);
2436 coveredvp->v_mountedhere = NULL;
2437 vn_seqc_write_end_locked(coveredvp);
2438 VI_UNLOCK(coveredvp);
2439 VOP_UNLOCK(coveredvp);
2440 vdrop(coveredvp);
2441 }
2442 mount_devctl_event("UNMOUNT", mp, false);
2443 if (rootvp != NULL) {
2444 vn_seqc_write_end(rootvp);
2445 vdrop(rootvp);
2446 }
2447 vfs_event_signal(NULL, VQ_UNMOUNT, 0);
2448 if (rootvnode != NULL && mp == rootvnode->v_mount) {
2449 vrele(rootvnode);
2450 rootvnode = NULL;
2451 }
2452 if (mp == rootdevmp)
2453 rootdevmp = NULL;
2454 if ((flags & MNT_DEFERRED) != 0)
2455 vfs_rel(mp);
2456 vfs_mount_destroy(mp);
2457 return (0);
2458 }
2459
2460 /*
2461 * Report errors during filesystem mounting.
2462 */
2463 void
vfs_mount_error(struct mount * mp,const char * fmt,...)2464 vfs_mount_error(struct mount *mp, const char *fmt, ...)
2465 {
2466 struct vfsoptlist *moptlist = mp->mnt_optnew;
2467 va_list ap;
2468 int error, len;
2469 char *errmsg;
2470
2471 error = vfs_getopt(moptlist, "errmsg", (void **)&errmsg, &len);
2472 if (error || errmsg == NULL || len <= 0)
2473 return;
2474
2475 va_start(ap, fmt);
2476 vsnprintf(errmsg, (size_t)len, fmt, ap);
2477 va_end(ap);
2478 }
2479
2480 void
vfs_opterror(struct vfsoptlist * opts,const char * fmt,...)2481 vfs_opterror(struct vfsoptlist *opts, const char *fmt, ...)
2482 {
2483 va_list ap;
2484 int error, len;
2485 char *errmsg;
2486
2487 error = vfs_getopt(opts, "errmsg", (void **)&errmsg, &len);
2488 if (error || errmsg == NULL || len <= 0)
2489 return;
2490
2491 va_start(ap, fmt);
2492 vsnprintf(errmsg, (size_t)len, fmt, ap);
2493 va_end(ap);
2494 }
2495
2496 /*
2497 * ---------------------------------------------------------------------
2498 * Functions for querying mount options/arguments from filesystems.
2499 */
2500
2501 /*
2502 * Check that no unknown options are given
2503 */
2504 int
vfs_filteropt(struct vfsoptlist * opts,const char ** legal)2505 vfs_filteropt(struct vfsoptlist *opts, const char **legal)
2506 {
2507 struct vfsopt *opt;
2508 char errmsg[255];
2509 const char **t, *p, *q;
2510 int ret = 0;
2511
2512 TAILQ_FOREACH(opt, opts, link) {
2513 p = opt->name;
2514 q = NULL;
2515 if (p[0] == 'n' && p[1] == 'o')
2516 q = p + 2;
2517 for(t = global_opts; *t != NULL; t++) {
2518 if (strcmp(*t, p) == 0)
2519 break;
2520 if (q != NULL) {
2521 if (strcmp(*t, q) == 0)
2522 break;
2523 }
2524 }
2525 if (*t != NULL)
2526 continue;
2527 for(t = legal; *t != NULL; t++) {
2528 if (strcmp(*t, p) == 0)
2529 break;
2530 if (q != NULL) {
2531 if (strcmp(*t, q) == 0)
2532 break;
2533 }
2534 }
2535 if (*t != NULL)
2536 continue;
2537 snprintf(errmsg, sizeof(errmsg),
2538 "mount option <%s> is unknown", p);
2539 ret = EINVAL;
2540 }
2541 if (ret != 0) {
2542 TAILQ_FOREACH(opt, opts, link) {
2543 if (strcmp(opt->name, "errmsg") == 0) {
2544 strncpy((char *)opt->value, errmsg, opt->len);
2545 break;
2546 }
2547 }
2548 if (opt == NULL)
2549 printf("%s\n", errmsg);
2550 }
2551 return (ret);
2552 }
2553
2554 /*
2555 * Get a mount option by its name.
2556 *
2557 * Return 0 if the option was found, ENOENT otherwise.
2558 * If len is non-NULL it will be filled with the length
2559 * of the option. If buf is non-NULL, it will be filled
2560 * with the address of the option.
2561 */
2562 int
vfs_getopt(struct vfsoptlist * opts,const char * name,void ** buf,int * len)2563 vfs_getopt(struct vfsoptlist *opts, const char *name, void **buf, int *len)
2564 {
2565 struct vfsopt *opt;
2566
2567 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL"));
2568
2569 TAILQ_FOREACH(opt, opts, link) {
2570 if (strcmp(name, opt->name) == 0) {
2571 opt->seen = 1;
2572 if (len != NULL)
2573 *len = opt->len;
2574 if (buf != NULL)
2575 *buf = opt->value;
2576 return (0);
2577 }
2578 }
2579 return (ENOENT);
2580 }
2581
2582 int
vfs_getopt_pos(struct vfsoptlist * opts,const char * name)2583 vfs_getopt_pos(struct vfsoptlist *opts, const char *name)
2584 {
2585 struct vfsopt *opt;
2586
2587 if (opts == NULL)
2588 return (-1);
2589
2590 TAILQ_FOREACH(opt, opts, link) {
2591 if (strcmp(name, opt->name) == 0) {
2592 opt->seen = 1;
2593 return (opt->pos);
2594 }
2595 }
2596 return (-1);
2597 }
2598
2599 int
vfs_getopt_size(struct vfsoptlist * opts,const char * name,off_t * value)2600 vfs_getopt_size(struct vfsoptlist *opts, const char *name, off_t *value)
2601 {
2602 char *opt_value, *vtp;
2603 quad_t iv;
2604 int error, opt_len;
2605
2606 error = vfs_getopt(opts, name, (void **)&opt_value, &opt_len);
2607 if (error != 0)
2608 return (error);
2609 if (opt_len == 0 || opt_value == NULL)
2610 return (EINVAL);
2611 if (opt_value[0] == '\0' || opt_value[opt_len - 1] != '\0')
2612 return (EINVAL);
2613 iv = strtoq(opt_value, &vtp, 0);
2614 if (vtp == opt_value || (vtp[0] != '\0' && vtp[1] != '\0'))
2615 return (EINVAL);
2616 if (iv < 0)
2617 return (EINVAL);
2618 switch (vtp[0]) {
2619 case 't': case 'T':
2620 iv *= 1024;
2621 /* FALLTHROUGH */
2622 case 'g': case 'G':
2623 iv *= 1024;
2624 /* FALLTHROUGH */
2625 case 'm': case 'M':
2626 iv *= 1024;
2627 /* FALLTHROUGH */
2628 case 'k': case 'K':
2629 iv *= 1024;
2630 case '\0':
2631 break;
2632 default:
2633 return (EINVAL);
2634 }
2635 *value = iv;
2636
2637 return (0);
2638 }
2639
2640 char *
vfs_getopts(struct vfsoptlist * opts,const char * name,int * error)2641 vfs_getopts(struct vfsoptlist *opts, const char *name, int *error)
2642 {
2643 struct vfsopt *opt;
2644
2645 *error = 0;
2646 TAILQ_FOREACH(opt, opts, link) {
2647 if (strcmp(name, opt->name) != 0)
2648 continue;
2649 opt->seen = 1;
2650 if (opt->len == 0 ||
2651 ((char *)opt->value)[opt->len - 1] != '\0') {
2652 *error = EINVAL;
2653 return (NULL);
2654 }
2655 return (opt->value);
2656 }
2657 *error = ENOENT;
2658 return (NULL);
2659 }
2660
2661 int
vfs_flagopt(struct vfsoptlist * opts,const char * name,uint64_t * w,uint64_t val)2662 vfs_flagopt(struct vfsoptlist *opts, const char *name, uint64_t *w,
2663 uint64_t val)
2664 {
2665 struct vfsopt *opt;
2666
2667 TAILQ_FOREACH(opt, opts, link) {
2668 if (strcmp(name, opt->name) == 0) {
2669 opt->seen = 1;
2670 if (w != NULL)
2671 *w |= val;
2672 return (1);
2673 }
2674 }
2675 if (w != NULL)
2676 *w &= ~val;
2677 return (0);
2678 }
2679
2680 int
vfs_scanopt(struct vfsoptlist * opts,const char * name,const char * fmt,...)2681 vfs_scanopt(struct vfsoptlist *opts, const char *name, const char *fmt, ...)
2682 {
2683 va_list ap;
2684 struct vfsopt *opt;
2685 int ret;
2686
2687 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL"));
2688
2689 TAILQ_FOREACH(opt, opts, link) {
2690 if (strcmp(name, opt->name) != 0)
2691 continue;
2692 opt->seen = 1;
2693 if (opt->len == 0 || opt->value == NULL)
2694 return (0);
2695 if (((char *)opt->value)[opt->len - 1] != '\0')
2696 return (0);
2697 va_start(ap, fmt);
2698 ret = vsscanf(opt->value, fmt, ap);
2699 va_end(ap);
2700 return (ret);
2701 }
2702 return (0);
2703 }
2704
2705 int
vfs_setopt(struct vfsoptlist * opts,const char * name,void * value,int len)2706 vfs_setopt(struct vfsoptlist *opts, const char *name, void *value, int len)
2707 {
2708 struct vfsopt *opt;
2709
2710 TAILQ_FOREACH(opt, opts, link) {
2711 if (strcmp(name, opt->name) != 0)
2712 continue;
2713 opt->seen = 1;
2714 if (opt->value == NULL)
2715 opt->len = len;
2716 else {
2717 if (opt->len != len)
2718 return (EINVAL);
2719 bcopy(value, opt->value, len);
2720 }
2721 return (0);
2722 }
2723 return (ENOENT);
2724 }
2725
2726 int
vfs_setopt_part(struct vfsoptlist * opts,const char * name,void * value,int len)2727 vfs_setopt_part(struct vfsoptlist *opts, const char *name, void *value, int len)
2728 {
2729 struct vfsopt *opt;
2730
2731 TAILQ_FOREACH(opt, opts, link) {
2732 if (strcmp(name, opt->name) != 0)
2733 continue;
2734 opt->seen = 1;
2735 if (opt->value == NULL)
2736 opt->len = len;
2737 else {
2738 if (opt->len < len)
2739 return (EINVAL);
2740 opt->len = len;
2741 bcopy(value, opt->value, len);
2742 }
2743 return (0);
2744 }
2745 return (ENOENT);
2746 }
2747
2748 int
vfs_setopts(struct vfsoptlist * opts,const char * name,const char * value)2749 vfs_setopts(struct vfsoptlist *opts, const char *name, const char *value)
2750 {
2751 struct vfsopt *opt;
2752
2753 TAILQ_FOREACH(opt, opts, link) {
2754 if (strcmp(name, opt->name) != 0)
2755 continue;
2756 opt->seen = 1;
2757 if (opt->value == NULL)
2758 opt->len = strlen(value) + 1;
2759 else if (strlcpy(opt->value, value, opt->len) >= opt->len)
2760 return (EINVAL);
2761 return (0);
2762 }
2763 return (ENOENT);
2764 }
2765
2766 /*
2767 * Find and copy a mount option.
2768 *
2769 * The size of the buffer has to be specified
2770 * in len, if it is not the same length as the
2771 * mount option, EINVAL is returned.
2772 * Returns ENOENT if the option is not found.
2773 */
2774 int
vfs_copyopt(struct vfsoptlist * opts,const char * name,void * dest,int len)2775 vfs_copyopt(struct vfsoptlist *opts, const char *name, void *dest, int len)
2776 {
2777 struct vfsopt *opt;
2778
2779 KASSERT(opts != NULL, ("vfs_copyopt: caller passed 'opts' as NULL"));
2780
2781 TAILQ_FOREACH(opt, opts, link) {
2782 if (strcmp(name, opt->name) == 0) {
2783 opt->seen = 1;
2784 if (len != opt->len)
2785 return (EINVAL);
2786 bcopy(opt->value, dest, opt->len);
2787 return (0);
2788 }
2789 }
2790 return (ENOENT);
2791 }
2792
2793 int
__vfs_statfs(struct mount * mp,struct statfs * sbp)2794 __vfs_statfs(struct mount *mp, struct statfs *sbp)
2795 {
2796 /*
2797 * Filesystems only fill in part of the structure for updates, we
2798 * have to read the entirety first to get all content.
2799 */
2800 if (sbp != &mp->mnt_stat)
2801 memcpy(sbp, &mp->mnt_stat, sizeof(*sbp));
2802
2803 /*
2804 * Set these in case the underlying filesystem fails to do so.
2805 */
2806 sbp->f_version = STATFS_VERSION;
2807 sbp->f_namemax = NAME_MAX;
2808 sbp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
2809 sbp->f_nvnodelistsize = mp->mnt_nvnodelistsize;
2810
2811 return (mp->mnt_op->vfs_statfs(mp, sbp));
2812 }
2813
2814 void
vfs_mountedfrom(struct mount * mp,const char * from)2815 vfs_mountedfrom(struct mount *mp, const char *from)
2816 {
2817
2818 bzero(mp->mnt_stat.f_mntfromname, sizeof mp->mnt_stat.f_mntfromname);
2819 strlcpy(mp->mnt_stat.f_mntfromname, from,
2820 sizeof mp->mnt_stat.f_mntfromname);
2821 }
2822
2823 /*
2824 * ---------------------------------------------------------------------
2825 * This is the api for building mount args and mounting filesystems from
2826 * inside the kernel.
2827 *
2828 * The API works by accumulation of individual args. First error is
2829 * latched.
2830 *
2831 * XXX: should be documented in new manpage kernel_mount(9)
2832 */
2833
2834 /* A memory allocation which must be freed when we are done */
2835 struct mntaarg {
2836 SLIST_ENTRY(mntaarg) next;
2837 };
2838
2839 /* The header for the mount arguments */
2840 struct mntarg {
2841 struct iovec *v;
2842 int len;
2843 int error;
2844 SLIST_HEAD(, mntaarg) list;
2845 };
2846
2847 /*
2848 * Add a boolean argument.
2849 *
2850 * flag is the boolean value.
2851 * name must start with "no".
2852 */
2853 struct mntarg *
mount_argb(struct mntarg * ma,int flag,const char * name)2854 mount_argb(struct mntarg *ma, int flag, const char *name)
2855 {
2856
2857 KASSERT(name[0] == 'n' && name[1] == 'o',
2858 ("mount_argb(...,%s): name must start with 'no'", name));
2859
2860 return (mount_arg(ma, name + (flag ? 2 : 0), NULL, 0));
2861 }
2862
2863 /*
2864 * Add an argument printf style
2865 */
2866 struct mntarg *
mount_argf(struct mntarg * ma,const char * name,const char * fmt,...)2867 mount_argf(struct mntarg *ma, const char *name, const char *fmt, ...)
2868 {
2869 va_list ap;
2870 struct mntaarg *maa;
2871 struct sbuf *sb;
2872 int len;
2873
2874 if (ma == NULL) {
2875 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO);
2876 SLIST_INIT(&ma->list);
2877 }
2878 if (ma->error)
2879 return (ma);
2880
2881 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2),
2882 M_MOUNT, M_WAITOK);
2883 ma->v[ma->len].iov_base = (void *)(uintptr_t)name;
2884 ma->v[ma->len].iov_len = strlen(name) + 1;
2885 ma->len++;
2886
2887 sb = sbuf_new_auto();
2888 va_start(ap, fmt);
2889 sbuf_vprintf(sb, fmt, ap);
2890 va_end(ap);
2891 sbuf_finish(sb);
2892 len = sbuf_len(sb) + 1;
2893 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO);
2894 SLIST_INSERT_HEAD(&ma->list, maa, next);
2895 bcopy(sbuf_data(sb), maa + 1, len);
2896 sbuf_delete(sb);
2897
2898 ma->v[ma->len].iov_base = maa + 1;
2899 ma->v[ma->len].iov_len = len;
2900 ma->len++;
2901
2902 return (ma);
2903 }
2904
2905 /*
2906 * Add an argument which is a userland string.
2907 */
2908 struct mntarg *
mount_argsu(struct mntarg * ma,const char * name,const void * val,int len)2909 mount_argsu(struct mntarg *ma, const char *name, const void *val, int len)
2910 {
2911 struct mntaarg *maa;
2912 char *tbuf;
2913
2914 if (val == NULL)
2915 return (ma);
2916 if (ma == NULL) {
2917 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO);
2918 SLIST_INIT(&ma->list);
2919 }
2920 if (ma->error)
2921 return (ma);
2922 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO);
2923 SLIST_INSERT_HEAD(&ma->list, maa, next);
2924 tbuf = (void *)(maa + 1);
2925 ma->error = copyinstr(val, tbuf, len, NULL);
2926 return (mount_arg(ma, name, tbuf, -1));
2927 }
2928
2929 /*
2930 * Plain argument.
2931 *
2932 * If length is -1, treat value as a C string.
2933 */
2934 struct mntarg *
mount_arg(struct mntarg * ma,const char * name,const void * val,int len)2935 mount_arg(struct mntarg *ma, const char *name, const void *val, int len)
2936 {
2937
2938 if (ma == NULL) {
2939 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO);
2940 SLIST_INIT(&ma->list);
2941 }
2942 if (ma->error)
2943 return (ma);
2944
2945 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2),
2946 M_MOUNT, M_WAITOK);
2947 ma->v[ma->len].iov_base = (void *)(uintptr_t)name;
2948 ma->v[ma->len].iov_len = strlen(name) + 1;
2949 ma->len++;
2950
2951 ma->v[ma->len].iov_base = (void *)(uintptr_t)val;
2952 if (len < 0)
2953 ma->v[ma->len].iov_len = strlen(val) + 1;
2954 else
2955 ma->v[ma->len].iov_len = len;
2956 ma->len++;
2957 return (ma);
2958 }
2959
2960 /*
2961 * Free a mntarg structure
2962 */
2963 static void
free_mntarg(struct mntarg * ma)2964 free_mntarg(struct mntarg *ma)
2965 {
2966 struct mntaarg *maa;
2967
2968 while (!SLIST_EMPTY(&ma->list)) {
2969 maa = SLIST_FIRST(&ma->list);
2970 SLIST_REMOVE_HEAD(&ma->list, next);
2971 free(maa, M_MOUNT);
2972 }
2973 free(ma->v, M_MOUNT);
2974 free(ma, M_MOUNT);
2975 }
2976
2977 /*
2978 * Mount a filesystem
2979 */
2980 int
kernel_mount(struct mntarg * ma,uint64_t flags)2981 kernel_mount(struct mntarg *ma, uint64_t flags)
2982 {
2983 struct uio auio;
2984 int error;
2985
2986 KASSERT(ma != NULL, ("kernel_mount NULL ma"));
2987 KASSERT(ma->error != 0 || ma->v != NULL, ("kernel_mount NULL ma->v"));
2988 KASSERT(!(ma->len & 1), ("kernel_mount odd ma->len (%d)", ma->len));
2989
2990 error = ma->error;
2991 if (error == 0) {
2992 auio.uio_iov = ma->v;
2993 auio.uio_iovcnt = ma->len;
2994 auio.uio_segflg = UIO_SYSSPACE;
2995 error = vfs_donmount(curthread, flags, &auio);
2996 }
2997 free_mntarg(ma);
2998 return (error);
2999 }
3000
3001 /* Map from mount options to printable formats. */
3002 static struct mntoptnames optnames[] = {
3003 MNTOPT_NAMES
3004 };
3005
3006 #define DEVCTL_LEN 1024
3007 static void
mount_devctl_event(const char * type,struct mount * mp,bool donew)3008 mount_devctl_event(const char *type, struct mount *mp, bool donew)
3009 {
3010 const uint8_t *cp;
3011 struct mntoptnames *fp;
3012 struct sbuf sb;
3013 struct statfs *sfp = &mp->mnt_stat;
3014 char *buf;
3015
3016 buf = malloc(DEVCTL_LEN, M_MOUNT, M_NOWAIT);
3017 if (buf == NULL)
3018 return;
3019 sbuf_new(&sb, buf, DEVCTL_LEN, SBUF_FIXEDLEN);
3020 sbuf_cpy(&sb, "mount-point=\"");
3021 devctl_safe_quote_sb(&sb, sfp->f_mntonname);
3022 sbuf_cat(&sb, "\" mount-dev=\"");
3023 devctl_safe_quote_sb(&sb, sfp->f_mntfromname);
3024 sbuf_cat(&sb, "\" mount-type=\"");
3025 devctl_safe_quote_sb(&sb, sfp->f_fstypename);
3026 sbuf_cat(&sb, "\" fsid=0x");
3027 cp = (const uint8_t *)&sfp->f_fsid.val[0];
3028 for (int i = 0; i < sizeof(sfp->f_fsid); i++)
3029 sbuf_printf(&sb, "%02x", cp[i]);
3030 sbuf_printf(&sb, " owner=%u flags=\"", sfp->f_owner);
3031 for (fp = optnames; fp->o_opt != 0; fp++) {
3032 if ((mp->mnt_flag & fp->o_opt) != 0) {
3033 sbuf_cat(&sb, fp->o_name);
3034 sbuf_putc(&sb, ';');
3035 }
3036 }
3037 sbuf_putc(&sb, '"');
3038 sbuf_finish(&sb);
3039
3040 /*
3041 * Options are not published because the form of the options depends on
3042 * the file system and may include binary data. In addition, they don't
3043 * necessarily provide enough useful information to be actionable when
3044 * devd processes them.
3045 */
3046
3047 if (sbuf_error(&sb) == 0)
3048 devctl_notify("VFS", "FS", type, sbuf_data(&sb));
3049 sbuf_delete(&sb);
3050 free(buf, M_MOUNT);
3051 }
3052
3053 /*
3054 * Force remount specified mount point to read-only. The argument
3055 * must be busied to avoid parallel unmount attempts.
3056 *
3057 * Intended use is to prevent further writes if some metadata
3058 * inconsistency is detected. Note that the function still flushes
3059 * all cached metadata and data for the mount point, which might be
3060 * not always suitable.
3061 */
3062 int
vfs_remount_ro(struct mount * mp)3063 vfs_remount_ro(struct mount *mp)
3064 {
3065 struct vfsoptlist *opts;
3066 struct vfsopt *opt;
3067 struct vnode *vp_covered, *rootvp;
3068 int error;
3069
3070 vfs_op_enter(mp);
3071 KASSERT(mp->mnt_lockref > 0,
3072 ("vfs_remount_ro: mp %p is not busied", mp));
3073 KASSERT((mp->mnt_kern_flag & MNTK_UNMOUNT) == 0,
3074 ("vfs_remount_ro: mp %p is being unmounted (and busy?)", mp));
3075
3076 rootvp = NULL;
3077 vp_covered = mp->mnt_vnodecovered;
3078 error = vget(vp_covered, LK_EXCLUSIVE | LK_NOWAIT);
3079 if (error != 0) {
3080 vfs_op_exit(mp);
3081 return (error);
3082 }
3083 VI_LOCK(vp_covered);
3084 if ((vp_covered->v_iflag & VI_MOUNT) != 0) {
3085 VI_UNLOCK(vp_covered);
3086 vput(vp_covered);
3087 vfs_op_exit(mp);
3088 return (EBUSY);
3089 }
3090 vp_covered->v_iflag |= VI_MOUNT;
3091 VI_UNLOCK(vp_covered);
3092 vn_seqc_write_begin(vp_covered);
3093
3094 MNT_ILOCK(mp);
3095 if ((mp->mnt_flag & MNT_RDONLY) != 0) {
3096 MNT_IUNLOCK(mp);
3097 error = EBUSY;
3098 goto out;
3099 }
3100 mp->mnt_flag |= MNT_UPDATE | MNT_FORCE | MNT_RDONLY;
3101 rootvp = vfs_cache_root_clear(mp);
3102 MNT_IUNLOCK(mp);
3103
3104 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK | M_ZERO);
3105 TAILQ_INIT(opts);
3106 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK | M_ZERO);
3107 opt->name = strdup("ro", M_MOUNT);
3108 opt->value = NULL;
3109 TAILQ_INSERT_TAIL(opts, opt, link);
3110 vfs_mergeopts(opts, mp->mnt_opt);
3111 mp->mnt_optnew = opts;
3112
3113 error = VFS_MOUNT(mp);
3114
3115 if (error == 0) {
3116 MNT_ILOCK(mp);
3117 mp->mnt_flag &= ~(MNT_UPDATE | MNT_FORCE);
3118 MNT_IUNLOCK(mp);
3119 vfs_deallocate_syncvnode(mp);
3120 if (mp->mnt_opt != NULL)
3121 vfs_freeopts(mp->mnt_opt);
3122 mp->mnt_opt = mp->mnt_optnew;
3123 } else {
3124 MNT_ILOCK(mp);
3125 mp->mnt_flag &= ~(MNT_UPDATE | MNT_FORCE | MNT_RDONLY);
3126 MNT_IUNLOCK(mp);
3127 vfs_freeopts(mp->mnt_optnew);
3128 }
3129 mp->mnt_optnew = NULL;
3130
3131 out:
3132 vfs_op_exit(mp);
3133 VI_LOCK(vp_covered);
3134 vp_covered->v_iflag &= ~VI_MOUNT;
3135 VI_UNLOCK(vp_covered);
3136 vput(vp_covered);
3137 vn_seqc_write_end(vp_covered);
3138 if (rootvp != NULL) {
3139 vn_seqc_write_end(rootvp);
3140 vrele(rootvp);
3141 }
3142 return (error);
3143 }
3144
3145 /*
3146 * Suspend write operations on all local writeable filesystems. Does
3147 * full sync of them in the process.
3148 *
3149 * Iterate over the mount points in reverse order, suspending most
3150 * recently mounted filesystems first. It handles a case where a
3151 * filesystem mounted from a md(4) vnode-backed device should be
3152 * suspended before the filesystem that owns the vnode.
3153 */
3154 void
suspend_all_fs(void)3155 suspend_all_fs(void)
3156 {
3157 struct mount *mp;
3158 int error;
3159
3160 mtx_lock(&mountlist_mtx);
3161 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) {
3162 error = vfs_busy(mp, MBF_MNTLSTLOCK | MBF_NOWAIT);
3163 if (error != 0)
3164 continue;
3165 if ((mp->mnt_flag & (MNT_RDONLY | MNT_LOCAL)) != MNT_LOCAL ||
3166 (mp->mnt_kern_flag & MNTK_SUSPEND) != 0) {
3167 mtx_lock(&mountlist_mtx);
3168 vfs_unbusy(mp);
3169 continue;
3170 }
3171 error = vfs_write_suspend(mp, 0);
3172 if (error == 0) {
3173 MNT_ILOCK(mp);
3174 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0);
3175 mp->mnt_kern_flag |= MNTK_SUSPEND_ALL;
3176 MNT_IUNLOCK(mp);
3177 mtx_lock(&mountlist_mtx);
3178 } else {
3179 printf("suspend of %s failed, error %d\n",
3180 mp->mnt_stat.f_mntonname, error);
3181 mtx_lock(&mountlist_mtx);
3182 vfs_unbusy(mp);
3183 }
3184 }
3185 mtx_unlock(&mountlist_mtx);
3186 }
3187
3188 /*
3189 * Clone the mnt_exjail field to a new mount point.
3190 */
3191 void
vfs_exjail_clone(struct mount * inmp,struct mount * outmp)3192 vfs_exjail_clone(struct mount *inmp, struct mount *outmp)
3193 {
3194 struct ucred *cr;
3195 struct prison *pr;
3196
3197 MNT_ILOCK(inmp);
3198 cr = inmp->mnt_exjail;
3199 if (cr != NULL) {
3200 crhold(cr);
3201 MNT_IUNLOCK(inmp);
3202 pr = cr->cr_prison;
3203 sx_slock(&allprison_lock);
3204 if (!prison_isalive(pr)) {
3205 sx_sunlock(&allprison_lock);
3206 crfree(cr);
3207 return;
3208 }
3209 MNT_ILOCK(outmp);
3210 if (outmp->mnt_exjail == NULL) {
3211 outmp->mnt_exjail = cr;
3212 atomic_add_int(&pr->pr_exportcnt, 1);
3213 cr = NULL;
3214 }
3215 MNT_IUNLOCK(outmp);
3216 sx_sunlock(&allprison_lock);
3217 if (cr != NULL)
3218 crfree(cr);
3219 } else
3220 MNT_IUNLOCK(inmp);
3221 }
3222
3223 void
resume_all_fs(void)3224 resume_all_fs(void)
3225 {
3226 struct mount *mp;
3227
3228 mtx_lock(&mountlist_mtx);
3229 TAILQ_FOREACH(mp, &mountlist, mnt_list) {
3230 if ((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0)
3231 continue;
3232 mtx_unlock(&mountlist_mtx);
3233 MNT_ILOCK(mp);
3234 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND) != 0);
3235 mp->mnt_kern_flag &= ~MNTK_SUSPEND_ALL;
3236 MNT_IUNLOCK(mp);
3237 vfs_write_resume(mp, 0);
3238 mtx_lock(&mountlist_mtx);
3239 vfs_unbusy(mp);
3240 }
3241 mtx_unlock(&mountlist_mtx);
3242 }
3243