1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1994, 1995 The Regents of the University of California. 5 * Copyright (c) 1994, 1995 Jan-Simon Pendry. 6 * Copyright (c) 2005, 2006, 2012 Masanori Ozawa <ozawa@ongs.co.jp>, ONGS Inc. 7 * Copyright (c) 2006, 2012 Daichi Goto <daichi@freebsd.org> 8 * All rights reserved. 9 * 10 * This code is derived from software donated to Berkeley by 11 * Jan-Simon Pendry. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. Neither the name of the University nor the names of its contributors 22 * may be used to endorse or promote products derived from this software 23 * without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 */ 37 38 #include <sys/param.h> 39 #include <sys/systm.h> 40 #include <sys/kdb.h> 41 #include <sys/fcntl.h> 42 #include <sys/kernel.h> 43 #include <sys/lock.h> 44 #include <sys/malloc.h> 45 #include <sys/mount.h> 46 #include <sys/namei.h> 47 #include <sys/proc.h> 48 #include <sys/vnode.h> 49 #include <sys/stat.h> 50 51 #include <fs/unionfs/union.h> 52 53 static MALLOC_DEFINE(M_UNIONFSMNT, "UNIONFS mount", "UNIONFS mount structure"); 54 55 static vfs_fhtovp_t unionfs_fhtovp; 56 static vfs_checkexp_t unionfs_checkexp; 57 static vfs_mount_t unionfs_domount; 58 static vfs_quotactl_t unionfs_quotactl; 59 static vfs_root_t unionfs_root; 60 static vfs_sync_t unionfs_sync; 61 static vfs_statfs_t unionfs_statfs; 62 static vfs_unmount_t unionfs_unmount; 63 static vfs_vget_t unionfs_vget; 64 static vfs_extattrctl_t unionfs_extattrctl; 65 66 static struct vfsops unionfs_vfsops; 67 68 /* 69 * Mount unionfs layer. 70 */ 71 static int 72 unionfs_domount(struct mount *mp) 73 { 74 struct mount *lowermp, *uppermp; 75 struct vnode *lowerrootvp; 76 struct vnode *upperrootvp; 77 struct unionfs_mount *ump; 78 char *target; 79 char *tmp; 80 char *ep; 81 struct nameidata nd, *ndp; 82 struct vattr va; 83 unionfs_copymode copymode; 84 unionfs_whitemode whitemode; 85 int below; 86 int error; 87 int len; 88 uid_t uid; 89 gid_t gid; 90 u_short udir; 91 u_short ufile; 92 93 UNIONFSDEBUG("unionfs_mount(mp = %p)\n", mp); 94 95 error = 0; 96 below = 0; 97 uid = 0; 98 gid = 0; 99 udir = 0; 100 ufile = 0; 101 copymode = UNIONFS_TRANSPARENT; /* default */ 102 whitemode = UNIONFS_WHITE_ALWAYS; 103 ndp = &nd; 104 105 if (mp->mnt_flag & MNT_ROOTFS) { 106 vfs_mount_error(mp, "Cannot union mount root filesystem"); 107 return (EOPNOTSUPP); 108 } 109 110 /* 111 * Update is a no operation. 112 */ 113 if (mp->mnt_flag & MNT_UPDATE) { 114 vfs_mount_error(mp, "unionfs does not support mount update"); 115 return (EOPNOTSUPP); 116 } 117 118 /* 119 * Get argument 120 */ 121 error = vfs_getopt(mp->mnt_optnew, "target", (void **)&target, &len); 122 if (error) 123 error = vfs_getopt(mp->mnt_optnew, "from", (void **)&target, 124 &len); 125 if (error || target[len - 1] != '\0') { 126 vfs_mount_error(mp, "Invalid target"); 127 return (EINVAL); 128 } 129 if (vfs_getopt(mp->mnt_optnew, "below", NULL, NULL) == 0) 130 below = 1; 131 if (vfs_getopt(mp->mnt_optnew, "udir", (void **)&tmp, NULL) == 0) { 132 if (tmp != NULL) 133 udir = (mode_t)strtol(tmp, &ep, 8); 134 if (tmp == NULL || *ep) { 135 vfs_mount_error(mp, "Invalid udir"); 136 return (EINVAL); 137 } 138 udir &= S_IRWXU | S_IRWXG | S_IRWXO; 139 } 140 if (vfs_getopt(mp->mnt_optnew, "ufile", (void **)&tmp, NULL) == 0) { 141 if (tmp != NULL) 142 ufile = (mode_t)strtol(tmp, &ep, 8); 143 if (tmp == NULL || *ep) { 144 vfs_mount_error(mp, "Invalid ufile"); 145 return (EINVAL); 146 } 147 ufile &= S_IRWXU | S_IRWXG | S_IRWXO; 148 } 149 /* check umask, uid and gid */ 150 if (udir == 0 && ufile != 0) 151 udir = ufile; 152 if (ufile == 0 && udir != 0) 153 ufile = udir; 154 155 vn_lock(mp->mnt_vnodecovered, LK_SHARED | LK_RETRY); 156 error = VOP_GETATTR(mp->mnt_vnodecovered, &va, mp->mnt_cred); 157 if (!error) { 158 if (udir == 0) 159 udir = va.va_mode; 160 if (ufile == 0) 161 ufile = va.va_mode; 162 uid = va.va_uid; 163 gid = va.va_gid; 164 } 165 VOP_UNLOCK(mp->mnt_vnodecovered); 166 if (error) 167 return (error); 168 169 if (mp->mnt_cred->cr_ruid == 0) { /* root only */ 170 if (vfs_getopt(mp->mnt_optnew, "uid", (void **)&tmp, 171 NULL) == 0) { 172 if (tmp != NULL) 173 uid = (uid_t)strtol(tmp, &ep, 10); 174 if (tmp == NULL || *ep) { 175 vfs_mount_error(mp, "Invalid uid"); 176 return (EINVAL); 177 } 178 } 179 if (vfs_getopt(mp->mnt_optnew, "gid", (void **)&tmp, 180 NULL) == 0) { 181 if (tmp != NULL) 182 gid = (gid_t)strtol(tmp, &ep, 10); 183 if (tmp == NULL || *ep) { 184 vfs_mount_error(mp, "Invalid gid"); 185 return (EINVAL); 186 } 187 } 188 if (vfs_getopt(mp->mnt_optnew, "copymode", (void **)&tmp, 189 NULL) == 0) { 190 if (tmp == NULL) { 191 vfs_mount_error(mp, "Invalid copymode"); 192 return (EINVAL); 193 } else if (strcasecmp(tmp, "traditional") == 0) 194 copymode = UNIONFS_TRADITIONAL; 195 else if (strcasecmp(tmp, "transparent") == 0) 196 copymode = UNIONFS_TRANSPARENT; 197 else if (strcasecmp(tmp, "masquerade") == 0) 198 copymode = UNIONFS_MASQUERADE; 199 else { 200 vfs_mount_error(mp, "Invalid copymode"); 201 return (EINVAL); 202 } 203 } 204 if (vfs_getopt(mp->mnt_optnew, "whiteout", (void **)&tmp, 205 NULL) == 0) { 206 if (tmp == NULL) { 207 vfs_mount_error(mp, "Invalid whiteout mode"); 208 return (EINVAL); 209 } else if (strcasecmp(tmp, "always") == 0) 210 whitemode = UNIONFS_WHITE_ALWAYS; 211 else if (strcasecmp(tmp, "whenneeded") == 0) 212 whitemode = UNIONFS_WHITE_WHENNEEDED; 213 else { 214 vfs_mount_error(mp, "Invalid whiteout mode"); 215 return (EINVAL); 216 } 217 } 218 } 219 /* If copymode is UNIONFS_TRADITIONAL, uid/gid is mounted user. */ 220 if (copymode == UNIONFS_TRADITIONAL) { 221 uid = mp->mnt_cred->cr_ruid; 222 gid = mp->mnt_cred->cr_rgid; 223 } 224 225 UNIONFSDEBUG("unionfs_mount: uid=%d, gid=%d\n", uid, gid); 226 UNIONFSDEBUG("unionfs_mount: udir=0%03o, ufile=0%03o\n", udir, ufile); 227 UNIONFSDEBUG("unionfs_mount: copymode=%d\n", copymode); 228 229 /* 230 * Find upper node 231 */ 232 NDINIT(ndp, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, target); 233 if ((error = namei(ndp))) 234 return (error); 235 236 NDFREE_PNBUF(ndp); 237 238 /* get root vnodes */ 239 lowerrootvp = mp->mnt_vnodecovered; 240 upperrootvp = ndp->ni_vp; 241 KASSERT(lowerrootvp != NULL, ("%s: NULL lower root vp", __func__)); 242 KASSERT(upperrootvp != NULL, ("%s: NULL upper root vp", __func__)); 243 244 /* create unionfs_mount */ 245 ump = malloc(sizeof(struct unionfs_mount), M_UNIONFSMNT, 246 M_WAITOK | M_ZERO); 247 248 /* 249 * Save reference 250 */ 251 if (below) { 252 VOP_UNLOCK(upperrootvp); 253 vn_lock(lowerrootvp, LK_EXCLUSIVE | LK_RETRY); 254 ump->um_lowervp = upperrootvp; 255 ump->um_uppervp = lowerrootvp; 256 } else { 257 ump->um_lowervp = lowerrootvp; 258 ump->um_uppervp = upperrootvp; 259 } 260 ump->um_rootvp = NULLVP; 261 ump->um_uid = uid; 262 ump->um_gid = gid; 263 ump->um_udir = udir; 264 ump->um_ufile = ufile; 265 ump->um_copymode = copymode; 266 ump->um_whitemode = whitemode; 267 268 mp->mnt_data = ump; 269 270 /* 271 * Copy upper layer's RDONLY flag. 272 */ 273 mp->mnt_flag |= ump->um_uppervp->v_mount->mnt_flag & MNT_RDONLY; 274 275 /* 276 * Unlock the node 277 */ 278 VOP_UNLOCK(ump->um_uppervp); 279 280 /* 281 * Get the unionfs root vnode. 282 */ 283 error = unionfs_nodeget(mp, ump->um_uppervp, ump->um_lowervp, 284 NULLVP, &(ump->um_rootvp), NULL); 285 if (error != 0) { 286 vrele(upperrootvp); 287 free(ump, M_UNIONFSMNT); 288 mp->mnt_data = NULL; 289 return (error); 290 } 291 KASSERT(ump->um_rootvp != NULL, ("rootvp cannot be NULL")); 292 KASSERT((ump->um_rootvp->v_vflag & VV_ROOT) != 0, 293 ("%s: rootvp without VV_ROOT", __func__)); 294 295 /* 296 * Do not release the namei() reference on upperrootvp until after 297 * we attempt to register the upper mounts. A concurrent unmount 298 * of the upper or lower FS may have caused unionfs_nodeget() to 299 * create a unionfs node with a NULL upper or lower vp and with 300 * no reference held on upperrootvp or lowerrootvp. 301 * vfs_register_upper() should subsequently fail, which is what 302 * we want, but we must ensure neither underlying vnode can be 303 * reused until that happens. We assume the caller holds a reference 304 * to lowerrootvp as it is the mount's covered vnode. 305 */ 306 lowermp = vfs_register_upper_from_vp(ump->um_lowervp, mp, 307 &ump->um_lower_link); 308 uppermp = vfs_register_upper_from_vp(ump->um_uppervp, mp, 309 &ump->um_upper_link); 310 311 vrele(upperrootvp); 312 313 if (lowermp == NULL || uppermp == NULL) { 314 if (lowermp != NULL) 315 vfs_unregister_upper(lowermp, &ump->um_lower_link); 316 if (uppermp != NULL) 317 vfs_unregister_upper(uppermp, &ump->um_upper_link); 318 vflush(mp, 1, FORCECLOSE, curthread); 319 free(ump, M_UNIONFSMNT); 320 mp->mnt_data = NULL; 321 return (ENOENT); 322 } 323 324 /* 325 * Specify that the covered vnode lock should remain held while 326 * lookup() performs the cross-mount walk. This prevents a lock-order 327 * reversal between the covered vnode lock (which is also locked by 328 * unionfs_lock()) and the mountpoint's busy count. Without this, 329 * unmount will lock the covered vnode lock (directly through the 330 * covered vnode) and wait for the busy count to drain, while a 331 * concurrent lookup will increment the busy count and then lock 332 * the covered vnode lock (indirectly through unionfs_lock()). 333 * 334 * Note that we can't yet use this facility for the 'below' case 335 * in which the upper vnode is the covered vnode, because that would 336 * introduce a different LOR in which the cross-mount lookup would 337 * effectively hold the upper vnode lock before acquiring the lower 338 * vnode lock, while an unrelated lock operation would still acquire 339 * the lower vnode lock before the upper vnode lock, which is the 340 * order unionfs currently requires. 341 */ 342 if (!below) { 343 vn_lock(mp->mnt_vnodecovered, LK_EXCLUSIVE | LK_RETRY | LK_CANRECURSE); 344 mp->mnt_vnodecovered->v_vflag |= VV_CROSSLOCK; 345 VOP_UNLOCK(mp->mnt_vnodecovered); 346 } 347 348 MNT_ILOCK(mp); 349 if ((lowermp->mnt_flag & MNT_LOCAL) != 0 && 350 (uppermp->mnt_flag & MNT_LOCAL) != 0) 351 mp->mnt_flag |= MNT_LOCAL; 352 mp->mnt_kern_flag |= MNTK_NOMSYNC | MNTK_UNIONFS; 353 MNT_IUNLOCK(mp); 354 355 /* 356 * Get new fsid 357 */ 358 vfs_getnewfsid(mp); 359 360 snprintf(mp->mnt_stat.f_mntfromname, MNAMELEN, "<%s>:%s", 361 below ? "below" : "above", target); 362 363 UNIONFSDEBUG("unionfs_mount: from %s, on %s\n", 364 mp->mnt_stat.f_mntfromname, mp->mnt_stat.f_mntonname); 365 366 return (0); 367 } 368 369 /* 370 * Free reference to unionfs layer 371 */ 372 static int 373 unionfs_unmount(struct mount *mp, int mntflags) 374 { 375 struct unionfs_mount *ump; 376 int error; 377 int num; 378 int freeing; 379 int flags; 380 381 UNIONFSDEBUG("unionfs_unmount: mp = %p\n", mp); 382 383 ump = MOUNTTOUNIONFSMOUNT(mp); 384 flags = 0; 385 386 if (mntflags & MNT_FORCE) 387 flags |= FORCECLOSE; 388 389 /* vflush (no need to call vrele) */ 390 for (freeing = 0; (error = vflush(mp, 1, flags, curthread)) != 0;) { 391 num = mp->mnt_nvnodelistsize; 392 if (num == freeing) 393 break; 394 freeing = num; 395 } 396 397 if (error) 398 return (error); 399 400 vn_lock(mp->mnt_vnodecovered, LK_EXCLUSIVE | LK_RETRY | LK_CANRECURSE); 401 mp->mnt_vnodecovered->v_vflag &= ~VV_CROSSLOCK; 402 VOP_UNLOCK(mp->mnt_vnodecovered); 403 vfs_unregister_upper(ump->um_lowervp->v_mount, &ump->um_lower_link); 404 vfs_unregister_upper(ump->um_uppervp->v_mount, &ump->um_upper_link); 405 free(ump, M_UNIONFSMNT); 406 mp->mnt_data = NULL; 407 408 return (0); 409 } 410 411 static int 412 unionfs_root(struct mount *mp, int flags, struct vnode **vpp) 413 { 414 struct unionfs_mount *ump; 415 struct vnode *vp; 416 417 ump = MOUNTTOUNIONFSMOUNT(mp); 418 vp = ump->um_rootvp; 419 420 UNIONFSDEBUG("unionfs_root: rootvp=%p locked=%x\n", 421 vp, VOP_ISLOCKED(vp)); 422 423 vref(vp); 424 if (flags & LK_TYPE_MASK) 425 vn_lock(vp, flags); 426 427 *vpp = vp; 428 429 return (0); 430 } 431 432 static int 433 unionfs_quotactl(struct mount *mp, int cmd, uid_t uid, void *arg, 434 bool *mp_busy) 435 { 436 struct mount *uppermp; 437 struct unionfs_mount *ump; 438 int error; 439 bool unbusy; 440 441 ump = MOUNTTOUNIONFSMOUNT(mp); 442 uppermp = atomic_load_ptr(&ump->um_uppervp->v_mount); 443 KASSERT(*mp_busy == true, ("upper mount not busy")); 444 /* 445 * See comment in sys_quotactl() for an explanation of why the 446 * lower mount needs to be busied by the caller of VFS_QUOTACTL() 447 * but may be unbusied by the implementation. We must unbusy 448 * the upper mount for the same reason; otherwise a namei lookup 449 * issued by the VFS_QUOTACTL() implementation could traverse the 450 * upper mount and deadlock. 451 */ 452 vfs_unbusy(mp); 453 *mp_busy = false; 454 unbusy = true; 455 error = vfs_busy(uppermp, 0); 456 /* 457 * Writing is always performed to upper vnode. 458 */ 459 if (error == 0) 460 error = VFS_QUOTACTL(uppermp, cmd, uid, arg, &unbusy); 461 if (unbusy) 462 vfs_unbusy(uppermp); 463 464 return (error); 465 } 466 467 static int 468 unionfs_statfs(struct mount *mp, struct statfs *sbp) 469 { 470 struct unionfs_mount *ump; 471 struct statfs *mstat; 472 uint64_t lbsize; 473 int error; 474 475 ump = MOUNTTOUNIONFSMOUNT(mp); 476 477 UNIONFSDEBUG("unionfs_statfs(mp = %p, lvp = %p, uvp = %p)\n", 478 mp, ump->um_lowervp, ump->um_uppervp); 479 480 mstat = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK | M_ZERO); 481 482 error = VFS_STATFS(ump->um_lowervp->v_mount, mstat); 483 if (error) { 484 free(mstat, M_STATFS); 485 return (error); 486 } 487 488 /* now copy across the "interesting" information and fake the rest */ 489 sbp->f_blocks = mstat->f_blocks; 490 sbp->f_files = mstat->f_files; 491 492 lbsize = mstat->f_bsize; 493 494 error = VFS_STATFS(ump->um_uppervp->v_mount, mstat); 495 if (error) { 496 free(mstat, M_STATFS); 497 return (error); 498 } 499 500 /* 501 * The FS type etc is copy from upper vfs. 502 * (write able vfs have priority) 503 */ 504 sbp->f_type = mstat->f_type; 505 sbp->f_flags = mstat->f_flags; 506 sbp->f_bsize = mstat->f_bsize; 507 sbp->f_iosize = mstat->f_iosize; 508 509 if (mstat->f_bsize != lbsize) 510 sbp->f_blocks = ((off_t)sbp->f_blocks * lbsize) / 511 mstat->f_bsize; 512 513 sbp->f_blocks += mstat->f_blocks; 514 sbp->f_bfree = mstat->f_bfree; 515 sbp->f_bavail = mstat->f_bavail; 516 sbp->f_files += mstat->f_files; 517 sbp->f_ffree = mstat->f_ffree; 518 519 free(mstat, M_STATFS); 520 return (0); 521 } 522 523 static int 524 unionfs_sync(struct mount *mp, int waitfor) 525 { 526 /* nothing to do */ 527 return (0); 528 } 529 530 static int 531 unionfs_vget(struct mount *mp, ino_t ino, int flags, struct vnode **vpp) 532 { 533 return (EOPNOTSUPP); 534 } 535 536 static int 537 unionfs_fhtovp(struct mount *mp, struct fid *fidp, int flags, 538 struct vnode **vpp) 539 { 540 return (EOPNOTSUPP); 541 } 542 543 static int 544 unionfs_checkexp(struct mount *mp, struct sockaddr *nam, uint64_t *extflagsp, 545 struct ucred **credanonp, int *numsecflavors, int *secflavors) 546 { 547 return (EOPNOTSUPP); 548 } 549 550 static int 551 unionfs_extattrctl(struct mount *mp, int cmd, struct vnode *filename_vp, 552 int namespace, const char *attrname) 553 { 554 struct unionfs_mount *ump; 555 struct unionfs_node *unp; 556 557 ump = MOUNTTOUNIONFSMOUNT(mp); 558 unp = VTOUNIONFS(filename_vp); 559 560 if (unp->un_uppervp != NULLVP) { 561 return (VFS_EXTATTRCTL(ump->um_uppervp->v_mount, cmd, 562 unp->un_uppervp, namespace, attrname)); 563 } else { 564 return (VFS_EXTATTRCTL(ump->um_lowervp->v_mount, cmd, 565 unp->un_lowervp, namespace, attrname)); 566 } 567 } 568 569 static struct vfsops unionfs_vfsops = { 570 .vfs_checkexp = unionfs_checkexp, 571 .vfs_extattrctl = unionfs_extattrctl, 572 .vfs_fhtovp = unionfs_fhtovp, 573 .vfs_init = unionfs_init, 574 .vfs_mount = unionfs_domount, 575 .vfs_quotactl = unionfs_quotactl, 576 .vfs_root = unionfs_root, 577 .vfs_statfs = unionfs_statfs, 578 .vfs_sync = unionfs_sync, 579 .vfs_uninit = unionfs_uninit, 580 .vfs_unmount = unionfs_unmount, 581 .vfs_vget = unionfs_vget, 582 }; 583 584 VFS_SET(unionfs_vfsops, unionfs, VFCF_LOOPBACK); 585