1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1999-2004 Poul-Henning Kamp 5 * Copyright (c) 1999 Michael Smith 6 * Copyright (c) 1989, 1993 7 * The Regents of the University of California. All rights reserved. 8 * (c) UNIX System Laboratories, Inc. 9 * All or some portions of this file are derived from material licensed 10 * to the University of California by American Telephone and Telegraph 11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 12 * the permission of UNIX System Laboratories, Inc. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 */ 38 39 #include <sys/param.h> 40 #include <sys/conf.h> 41 #include <sys/smp.h> 42 #include <sys/devctl.h> 43 #include <sys/eventhandler.h> 44 #include <sys/fcntl.h> 45 #include <sys/jail.h> 46 #include <sys/kernel.h> 47 #include <sys/ktr.h> 48 #include <sys/libkern.h> 49 #include <sys/limits.h> 50 #include <sys/malloc.h> 51 #include <sys/mount.h> 52 #include <sys/mutex.h> 53 #include <sys/namei.h> 54 #include <sys/priv.h> 55 #include <sys/proc.h> 56 #include <sys/filedesc.h> 57 #include <sys/reboot.h> 58 #include <sys/sbuf.h> 59 #include <sys/stdarg.h> 60 #include <sys/syscallsubr.h> 61 #include <sys/sysproto.h> 62 #include <sys/sx.h> 63 #include <sys/sysctl.h> 64 #include <sys/systm.h> 65 #include <sys/taskqueue.h> 66 #include <sys/vnode.h> 67 #include <vm/uma.h> 68 69 #include <geom/geom.h> 70 71 #include <security/audit/audit.h> 72 #include <security/mac/mac_framework.h> 73 74 #define VFS_MOUNTARG_SIZE_MAX (1024 * 64) 75 76 static int vfs_domount(struct thread *td, const char *fstype, char *fspath, 77 uint64_t fsflags, bool jail_export, 78 struct vfsoptlist **optlist); 79 static void free_mntarg(struct mntarg *ma); 80 81 static int usermount = 0; 82 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0, 83 "Unprivileged users may mount and unmount file systems"); 84 85 static bool default_autoro = false; 86 SYSCTL_BOOL(_vfs, OID_AUTO, default_autoro, CTLFLAG_RW, &default_autoro, 0, 87 "Retry failed r/w mount as r/o if no explicit ro/rw option is specified"); 88 89 static bool recursive_forced_unmount = false; 90 SYSCTL_BOOL(_vfs, OID_AUTO, recursive_forced_unmount, CTLFLAG_RW, 91 &recursive_forced_unmount, 0, "Recursively unmount stacked upper mounts" 92 " when a file system is forcibly unmounted"); 93 94 static SYSCTL_NODE(_vfs, OID_AUTO, deferred_unmount, 95 CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "deferred unmount controls"); 96 97 static unsigned int deferred_unmount_retry_limit = 10; 98 SYSCTL_UINT(_vfs_deferred_unmount, OID_AUTO, retry_limit, CTLFLAG_RW, 99 &deferred_unmount_retry_limit, 0, 100 "Maximum number of retries for deferred unmount failure"); 101 102 static int deferred_unmount_retry_delay_hz; 103 SYSCTL_INT(_vfs_deferred_unmount, OID_AUTO, retry_delay_hz, CTLFLAG_RW, 104 &deferred_unmount_retry_delay_hz, 0, 105 "Delay in units of [1/kern.hz]s when retrying a failed deferred unmount"); 106 107 static int deferred_unmount_total_retries = 0; 108 SYSCTL_INT(_vfs_deferred_unmount, OID_AUTO, total_retries, CTLFLAG_RD, 109 &deferred_unmount_total_retries, 0, 110 "Total number of retried deferred unmounts"); 111 112 MALLOC_DEFINE(M_MOUNT, "mount", "vfs mount structure"); 113 MALLOC_DEFINE(M_STATFS, "statfs", "statfs structure"); 114 static uma_zone_t mount_zone; 115 116 /* List of mounted filesystems. */ 117 struct mntlist mountlist = TAILQ_HEAD_INITIALIZER(mountlist); 118 119 /* For any iteration/modification of mountlist */ 120 struct mtx_padalign __exclusive_cache_line mountlist_mtx; 121 122 EVENTHANDLER_LIST_DEFINE(vfs_mounted); 123 EVENTHANDLER_LIST_DEFINE(vfs_unmounted); 124 125 static void vfs_deferred_unmount(void *arg, int pending); 126 static struct timeout_task deferred_unmount_task; 127 static struct mtx deferred_unmount_lock; 128 MTX_SYSINIT(deferred_unmount, &deferred_unmount_lock, "deferred_unmount", 129 MTX_DEF); 130 static STAILQ_HEAD(, mount) deferred_unmount_list = 131 STAILQ_HEAD_INITIALIZER(deferred_unmount_list); 132 TASKQUEUE_DEFINE_THREAD(deferred_unmount); 133 134 static void mount_devctl_event(const char *type, struct mount *mp, bool donew); 135 136 /* 137 * Global opts, taken by all filesystems 138 */ 139 static const char *global_opts[] = { 140 "errmsg", 141 "fstype", 142 "fspath", 143 "ro", 144 "rw", 145 "nosuid", 146 "noexec", 147 NULL 148 }; 149 150 static int 151 mount_init(void *mem, int size, int flags) 152 { 153 struct mount *mp; 154 155 mp = (struct mount *)mem; 156 mtx_init(&mp->mnt_mtx, "struct mount mtx", NULL, MTX_DEF); 157 mtx_init(&mp->mnt_listmtx, "struct mount vlist mtx", NULL, MTX_DEF); 158 lockinit(&mp->mnt_explock, PVFS, "explock", 0, 0); 159 mp->mnt_pcpu = uma_zalloc_pcpu(pcpu_zone_16, M_WAITOK | M_ZERO); 160 mp->mnt_ref = 0; 161 mp->mnt_vfs_ops = 1; 162 mp->mnt_rootvnode = NULL; 163 return (0); 164 } 165 166 static void 167 mount_fini(void *mem, int size) 168 { 169 struct mount *mp; 170 171 mp = (struct mount *)mem; 172 uma_zfree_pcpu(pcpu_zone_16, mp->mnt_pcpu); 173 lockdestroy(&mp->mnt_explock); 174 mtx_destroy(&mp->mnt_listmtx); 175 mtx_destroy(&mp->mnt_mtx); 176 } 177 178 static void 179 vfs_mount_init(void *dummy __unused) 180 { 181 TIMEOUT_TASK_INIT(taskqueue_deferred_unmount, &deferred_unmount_task, 182 0, vfs_deferred_unmount, NULL); 183 deferred_unmount_retry_delay_hz = hz; 184 mount_zone = uma_zcreate("Mountpoints", sizeof(struct mount), NULL, 185 NULL, mount_init, mount_fini, UMA_ALIGN_CACHE, UMA_ZONE_NOFREE); 186 mtx_init(&mountlist_mtx, "mountlist", NULL, MTX_DEF); 187 } 188 SYSINIT(vfs_mount, SI_SUB_VFS, SI_ORDER_ANY, vfs_mount_init, NULL); 189 190 /* 191 * --------------------------------------------------------------------- 192 * Functions for building and sanitizing the mount options 193 */ 194 195 /* Remove one mount option. */ 196 static void 197 vfs_freeopt(struct vfsoptlist *opts, struct vfsopt *opt) 198 { 199 200 TAILQ_REMOVE(opts, opt, link); 201 free(opt->name, M_MOUNT); 202 if (opt->value != NULL) 203 free(opt->value, M_MOUNT); 204 free(opt, M_MOUNT); 205 } 206 207 /* Release all resources related to the mount options. */ 208 void 209 vfs_freeopts(struct vfsoptlist *opts) 210 { 211 struct vfsopt *opt; 212 213 while (!TAILQ_EMPTY(opts)) { 214 opt = TAILQ_FIRST(opts); 215 vfs_freeopt(opts, opt); 216 } 217 free(opts, M_MOUNT); 218 } 219 220 void 221 vfs_deleteopt(struct vfsoptlist *opts, const char *name) 222 { 223 struct vfsopt *opt, *temp; 224 225 if (opts == NULL) 226 return; 227 TAILQ_FOREACH_SAFE(opt, opts, link, temp) { 228 if (strcmp(opt->name, name) == 0) 229 vfs_freeopt(opts, opt); 230 } 231 } 232 233 static int 234 vfs_isopt_ro(const char *opt) 235 { 236 237 if (strcmp(opt, "ro") == 0 || strcmp(opt, "rdonly") == 0 || 238 strcmp(opt, "norw") == 0) 239 return (1); 240 return (0); 241 } 242 243 static int 244 vfs_isopt_rw(const char *opt) 245 { 246 247 if (strcmp(opt, "rw") == 0 || strcmp(opt, "noro") == 0) 248 return (1); 249 return (0); 250 } 251 252 /* 253 * Check if options are equal (with or without the "no" prefix). 254 */ 255 static int 256 vfs_equalopts(const char *opt1, const char *opt2) 257 { 258 char *p; 259 260 /* "opt" vs. "opt" or "noopt" vs. "noopt" */ 261 if (strcmp(opt1, opt2) == 0) 262 return (1); 263 /* "noopt" vs. "opt" */ 264 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0) 265 return (1); 266 /* "opt" vs. "noopt" */ 267 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0) 268 return (1); 269 while ((p = strchr(opt1, '.')) != NULL && 270 !strncmp(opt1, opt2, ++p - opt1)) { 271 opt2 += p - opt1; 272 opt1 = p; 273 /* "foo.noopt" vs. "foo.opt" */ 274 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0) 275 return (1); 276 /* "foo.opt" vs. "foo.noopt" */ 277 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0) 278 return (1); 279 } 280 /* "ro" / "rdonly" / "norw" / "rw" / "noro" */ 281 if ((vfs_isopt_ro(opt1) || vfs_isopt_rw(opt1)) && 282 (vfs_isopt_ro(opt2) || vfs_isopt_rw(opt2))) 283 return (1); 284 return (0); 285 } 286 287 /* 288 * If a mount option is specified several times, 289 * (with or without the "no" prefix) only keep 290 * the last occurrence of it. 291 */ 292 static void 293 vfs_sanitizeopts(struct vfsoptlist *opts) 294 { 295 struct vfsopt *opt, *opt2, *tmp; 296 297 TAILQ_FOREACH_REVERSE(opt, opts, vfsoptlist, link) { 298 opt2 = TAILQ_PREV(opt, vfsoptlist, link); 299 while (opt2 != NULL) { 300 if (vfs_equalopts(opt->name, opt2->name)) { 301 tmp = TAILQ_PREV(opt2, vfsoptlist, link); 302 vfs_freeopt(opts, opt2); 303 opt2 = tmp; 304 } else { 305 opt2 = TAILQ_PREV(opt2, vfsoptlist, link); 306 } 307 } 308 } 309 } 310 311 /* 312 * Build a linked list of mount options from a struct uio. 313 */ 314 int 315 vfs_buildopts(struct uio *auio, struct vfsoptlist **options) 316 { 317 struct vfsoptlist *opts; 318 struct vfsopt *opt; 319 size_t memused, namelen, optlen; 320 unsigned int i, iovcnt; 321 int error; 322 323 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK); 324 TAILQ_INIT(opts); 325 memused = 0; 326 iovcnt = auio->uio_iovcnt; 327 for (i = 0; i < iovcnt; i += 2) { 328 namelen = auio->uio_iov[i].iov_len; 329 optlen = auio->uio_iov[i + 1].iov_len; 330 memused += sizeof(struct vfsopt) + optlen + namelen; 331 /* 332 * Avoid consuming too much memory, and attempts to overflow 333 * memused. 334 */ 335 if (memused > VFS_MOUNTARG_SIZE_MAX || 336 optlen > VFS_MOUNTARG_SIZE_MAX || 337 namelen > VFS_MOUNTARG_SIZE_MAX) { 338 error = EINVAL; 339 goto bad; 340 } 341 342 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK); 343 opt->name = malloc(namelen, M_MOUNT, M_WAITOK); 344 opt->value = NULL; 345 opt->len = 0; 346 opt->pos = i / 2; 347 opt->seen = 0; 348 349 /* 350 * Do this early, so jumps to "bad" will free the current 351 * option. 352 */ 353 TAILQ_INSERT_TAIL(opts, opt, link); 354 355 if (auio->uio_segflg == UIO_SYSSPACE) { 356 bcopy(auio->uio_iov[i].iov_base, opt->name, namelen); 357 } else { 358 error = copyin(auio->uio_iov[i].iov_base, opt->name, 359 namelen); 360 if (error) 361 goto bad; 362 } 363 /* Ensure names are null-terminated strings. */ 364 if (namelen == 0 || opt->name[namelen - 1] != '\0') { 365 error = EINVAL; 366 goto bad; 367 } 368 if (optlen != 0) { 369 opt->len = optlen; 370 opt->value = malloc(optlen, M_MOUNT, M_WAITOK); 371 if (auio->uio_segflg == UIO_SYSSPACE) { 372 bcopy(auio->uio_iov[i + 1].iov_base, opt->value, 373 optlen); 374 } else { 375 error = copyin(auio->uio_iov[i + 1].iov_base, 376 opt->value, optlen); 377 if (error) 378 goto bad; 379 } 380 } 381 } 382 vfs_sanitizeopts(opts); 383 *options = opts; 384 return (0); 385 bad: 386 vfs_freeopts(opts); 387 return (error); 388 } 389 390 /* 391 * Merge the old mount options with the new ones passed 392 * in the MNT_UPDATE case. 393 * 394 * XXX: This function will keep a "nofoo" option in the new 395 * options. E.g, if the option's canonical name is "foo", 396 * "nofoo" ends up in the mount point's active options. 397 */ 398 static void 399 vfs_mergeopts(struct vfsoptlist *toopts, struct vfsoptlist *oldopts) 400 { 401 struct vfsopt *opt, *new; 402 403 TAILQ_FOREACH(opt, oldopts, link) { 404 new = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK); 405 new->name = strdup(opt->name, M_MOUNT); 406 if (opt->len != 0) { 407 new->value = malloc(opt->len, M_MOUNT, M_WAITOK); 408 bcopy(opt->value, new->value, opt->len); 409 } else 410 new->value = NULL; 411 new->len = opt->len; 412 new->seen = opt->seen; 413 TAILQ_INSERT_HEAD(toopts, new, link); 414 } 415 vfs_sanitizeopts(toopts); 416 } 417 418 /* 419 * Mount a filesystem. 420 */ 421 #ifndef _SYS_SYSPROTO_H_ 422 struct nmount_args { 423 struct iovec *iovp; 424 unsigned int iovcnt; 425 int flags; 426 }; 427 #endif 428 int 429 sys_nmount(struct thread *td, struct nmount_args *uap) 430 { 431 struct uio *auio; 432 int error; 433 u_int iovcnt; 434 uint64_t flags; 435 436 /* 437 * Mount flags are now 64-bits. On 32-bit archtectures only 438 * 32-bits are passed in, but from here on everything handles 439 * 64-bit flags correctly. 440 */ 441 flags = uap->flags; 442 443 AUDIT_ARG_FFLAGS(flags); 444 CTR4(KTR_VFS, "%s: iovp %p with iovcnt %d and flags %d", __func__, 445 uap->iovp, uap->iovcnt, flags); 446 447 /* 448 * Filter out MNT_ROOTFS. We do not want clients of nmount() in 449 * userspace to set this flag, but we must filter it out if we want 450 * MNT_UPDATE on the root file system to work. 451 * MNT_ROOTFS should only be set by the kernel when mounting its 452 * root file system. 453 */ 454 flags &= ~MNT_ROOTFS; 455 456 iovcnt = uap->iovcnt; 457 /* 458 * Check that we have an even number of iovec's 459 * and that we have at least two options. 460 */ 461 if ((iovcnt & 1) || (iovcnt < 4)) { 462 CTR2(KTR_VFS, "%s: failed for invalid iovcnt %d", __func__, 463 uap->iovcnt); 464 return (EINVAL); 465 } 466 467 error = copyinuio(uap->iovp, iovcnt, &auio); 468 if (error) { 469 CTR2(KTR_VFS, "%s: failed for invalid uio op with %d errno", 470 __func__, error); 471 return (error); 472 } 473 error = vfs_donmount(td, flags, auio); 474 475 freeuio(auio); 476 return (error); 477 } 478 479 /* 480 * --------------------------------------------------------------------- 481 * Various utility functions 482 */ 483 484 /* 485 * Get a reference on a mount point from a vnode. 486 * 487 * The vnode is allowed to be passed unlocked and race against dooming. Note in 488 * such case there are no guarantees the referenced mount point will still be 489 * associated with it after the function returns. 490 */ 491 struct mount * 492 vfs_ref_from_vp(struct vnode *vp) 493 { 494 struct mount *mp; 495 struct mount_pcpu *mpcpu; 496 497 mp = atomic_load_ptr(&vp->v_mount); 498 if (__predict_false(mp == NULL)) { 499 return (mp); 500 } 501 if (vfs_op_thread_enter(mp, mpcpu)) { 502 if (__predict_true(mp == vp->v_mount)) { 503 vfs_mp_count_add_pcpu(mpcpu, ref, 1); 504 vfs_op_thread_exit(mp, mpcpu); 505 } else { 506 vfs_op_thread_exit(mp, mpcpu); 507 mp = NULL; 508 } 509 } else { 510 MNT_ILOCK(mp); 511 if (mp == vp->v_mount) { 512 MNT_REF(mp); 513 MNT_IUNLOCK(mp); 514 } else { 515 MNT_IUNLOCK(mp); 516 mp = NULL; 517 } 518 } 519 return (mp); 520 } 521 522 void 523 vfs_ref(struct mount *mp) 524 { 525 struct mount_pcpu *mpcpu; 526 527 CTR2(KTR_VFS, "%s: mp %p", __func__, mp); 528 if (vfs_op_thread_enter(mp, mpcpu)) { 529 vfs_mp_count_add_pcpu(mpcpu, ref, 1); 530 vfs_op_thread_exit(mp, mpcpu); 531 return; 532 } 533 534 MNT_ILOCK(mp); 535 MNT_REF(mp); 536 MNT_IUNLOCK(mp); 537 } 538 539 /* 540 * Register ump as an upper mount of the mount associated with 541 * vnode vp. This registration will be tracked through 542 * mount_upper_node upper, which should be allocated by the 543 * caller and stored in per-mount data associated with mp. 544 * 545 * If successful, this function will return the mount associated 546 * with vp, and will ensure that it cannot be unmounted until 547 * ump has been unregistered as one of its upper mounts. 548 * 549 * Upon failure this function will return NULL. 550 */ 551 struct mount * 552 vfs_register_upper_from_vp(struct vnode *vp, struct mount *ump, 553 struct mount_upper_node *upper) 554 { 555 struct mount *mp; 556 557 mp = atomic_load_ptr(&vp->v_mount); 558 if (mp == NULL) 559 return (NULL); 560 MNT_ILOCK(mp); 561 if (mp != vp->v_mount || 562 ((mp->mnt_kern_flag & (MNTK_UNMOUNT | MNTK_RECURSE)) != 0)) { 563 MNT_IUNLOCK(mp); 564 return (NULL); 565 } 566 KASSERT(ump != mp, ("upper and lower mounts are identical")); 567 upper->mp = ump; 568 MNT_REF(mp); 569 TAILQ_INSERT_TAIL(&mp->mnt_uppers, upper, mnt_upper_link); 570 MNT_IUNLOCK(mp); 571 return (mp); 572 } 573 574 /* 575 * Register upper mount ump to receive vnode unlink/reclaim 576 * notifications from lower mount mp. This registration will 577 * be tracked through mount_upper_node upper, which should be 578 * allocated by the caller and stored in per-mount data 579 * associated with mp. 580 * 581 * ump must already be registered as an upper mount of mp 582 * through a call to vfs_register_upper_from_vp(). 583 */ 584 void 585 vfs_register_for_notification(struct mount *mp, struct mount *ump, 586 struct mount_upper_node *upper) 587 { 588 upper->mp = ump; 589 MNT_ILOCK(mp); 590 TAILQ_INSERT_TAIL(&mp->mnt_notify, upper, mnt_upper_link); 591 MNT_IUNLOCK(mp); 592 } 593 594 static void 595 vfs_drain_upper_locked(struct mount *mp) 596 { 597 mtx_assert(MNT_MTX(mp), MA_OWNED); 598 while (mp->mnt_upper_pending != 0) { 599 mp->mnt_kern_flag |= MNTK_UPPER_WAITER; 600 msleep(&mp->mnt_uppers, MNT_MTX(mp), 0, "mntupw", 0); 601 } 602 } 603 604 /* 605 * Undo a previous call to vfs_register_for_notification(). 606 * The mount represented by upper must be currently registered 607 * as an upper mount for mp. 608 */ 609 void 610 vfs_unregister_for_notification(struct mount *mp, 611 struct mount_upper_node *upper) 612 { 613 MNT_ILOCK(mp); 614 vfs_drain_upper_locked(mp); 615 TAILQ_REMOVE(&mp->mnt_notify, upper, mnt_upper_link); 616 MNT_IUNLOCK(mp); 617 } 618 619 /* 620 * Undo a previous call to vfs_register_upper_from_vp(). 621 * This must be done before mp can be unmounted. 622 */ 623 void 624 vfs_unregister_upper(struct mount *mp, struct mount_upper_node *upper) 625 { 626 MNT_ILOCK(mp); 627 KASSERT((mp->mnt_kern_flag & MNTK_UNMOUNT) == 0, 628 ("registered upper with pending unmount")); 629 vfs_drain_upper_locked(mp); 630 TAILQ_REMOVE(&mp->mnt_uppers, upper, mnt_upper_link); 631 if ((mp->mnt_kern_flag & MNTK_TASKQUEUE_WAITER) != 0 && 632 TAILQ_EMPTY(&mp->mnt_uppers)) { 633 mp->mnt_kern_flag &= ~MNTK_TASKQUEUE_WAITER; 634 wakeup(&mp->mnt_taskqueue_link); 635 } 636 MNT_REL(mp); 637 MNT_IUNLOCK(mp); 638 } 639 640 void 641 vfs_rel(struct mount *mp) 642 { 643 struct mount_pcpu *mpcpu; 644 645 CTR2(KTR_VFS, "%s: mp %p", __func__, mp); 646 if (vfs_op_thread_enter(mp, mpcpu)) { 647 vfs_mp_count_sub_pcpu(mpcpu, ref, 1); 648 vfs_op_thread_exit(mp, mpcpu); 649 return; 650 } 651 652 MNT_ILOCK(mp); 653 MNT_REL(mp); 654 MNT_IUNLOCK(mp); 655 } 656 657 /* 658 * Allocate and initialize the mount point struct. 659 */ 660 struct mount * 661 vfs_mount_alloc(struct vnode *vp, struct vfsconf *vfsp, const char *fspath, 662 struct ucred *cred) 663 { 664 struct mount *mp; 665 666 mp = uma_zalloc(mount_zone, M_WAITOK); 667 bzero(&mp->mnt_startzero, 668 __rangeof(struct mount, mnt_startzero, mnt_endzero)); 669 mp->mnt_kern_flag = 0; 670 mp->mnt_flag = 0; 671 mp->mnt_rootvnode = NULL; 672 mp->mnt_vnodecovered = NULL; 673 mp->mnt_op = NULL; 674 mp->mnt_vfc = NULL; 675 TAILQ_INIT(&mp->mnt_nvnodelist); 676 mp->mnt_nvnodelistsize = 0; 677 TAILQ_INIT(&mp->mnt_lazyvnodelist); 678 mp->mnt_lazyvnodelistsize = 0; 679 MPPASS(mp->mnt_ref == 0 && mp->mnt_lockref == 0 && 680 mp->mnt_writeopcount == 0, mp); 681 MPASSERT(mp->mnt_vfs_ops == 1, mp, 682 ("vfs_ops should be 1 but %d found", mp->mnt_vfs_ops)); 683 (void) vfs_busy(mp, MBF_NOWAIT); 684 atomic_add_acq_int(&vfsp->vfc_refcount, 1); 685 mp->mnt_op = vfsp->vfc_vfsops; 686 mp->mnt_vfc = vfsp; 687 mp->mnt_stat.f_type = vfsp->vfc_typenum; 688 mp->mnt_gen++; 689 strlcpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN); 690 mp->mnt_vnodecovered = vp; 691 mp->mnt_cred = crdup(cred); 692 mp->mnt_stat.f_owner = cred->cr_uid; 693 strlcpy(mp->mnt_stat.f_mntonname, fspath, MNAMELEN); 694 mp->mnt_iosize_max = DFLTPHYS; 695 #ifdef MAC 696 mac_mount_init(mp); 697 mac_mount_create(cred, mp); 698 #endif 699 arc4rand(&mp->mnt_hashseed, sizeof mp->mnt_hashseed, 0); 700 mp->mnt_upper_pending = 0; 701 TAILQ_INIT(&mp->mnt_uppers); 702 TAILQ_INIT(&mp->mnt_notify); 703 mp->mnt_taskqueue_flags = 0; 704 mp->mnt_unmount_retries = 0; 705 return (mp); 706 } 707 708 /* 709 * Destroy the mount struct previously allocated by vfs_mount_alloc(). 710 */ 711 void 712 vfs_mount_destroy(struct mount *mp) 713 { 714 715 MPPASS(mp->mnt_vfs_ops != 0, mp); 716 717 vfs_assert_mount_counters(mp); 718 719 MNT_ILOCK(mp); 720 mp->mnt_kern_flag |= MNTK_REFEXPIRE; 721 if (mp->mnt_kern_flag & MNTK_MWAIT) { 722 mp->mnt_kern_flag &= ~MNTK_MWAIT; 723 wakeup(mp); 724 } 725 while (mp->mnt_ref) 726 msleep(mp, MNT_MTX(mp), PVFS, "mntref", 0); 727 KASSERT(mp->mnt_ref == 0, 728 ("%s: invalid refcount in the drain path @ %s:%d", __func__, 729 __FILE__, __LINE__)); 730 MPPASS(mp->mnt_writeopcount == 0, mp); 731 MPPASS(mp->mnt_secondary_writes == 0, mp); 732 atomic_subtract_rel_int(&mp->mnt_vfc->vfc_refcount, 1); 733 if (!TAILQ_EMPTY(&mp->mnt_nvnodelist)) { 734 struct vnode *vp; 735 736 TAILQ_FOREACH(vp, &mp->mnt_nvnodelist, v_nmntvnodes) 737 vn_printf(vp, "dangling vnode "); 738 panic("unmount: dangling vnode"); 739 } 740 KASSERT(mp->mnt_upper_pending == 0, ("mnt_upper_pending")); 741 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers")); 742 KASSERT(TAILQ_EMPTY(&mp->mnt_notify), ("mnt_notify")); 743 MPPASS(mp->mnt_nvnodelistsize == 0, mp); 744 MPPASS(mp->mnt_lazyvnodelistsize == 0, mp); 745 MPPASS(mp->mnt_lockref == 0, mp); 746 MNT_IUNLOCK(mp); 747 748 MPASSERT(mp->mnt_vfs_ops == 1, mp, 749 ("vfs_ops should be 1 but %d found", mp->mnt_vfs_ops)); 750 751 MPASSERT(mp->mnt_rootvnode == NULL, mp, 752 ("mount point still has a root vnode %p", mp->mnt_rootvnode)); 753 754 if (mp->mnt_vnodecovered != NULL) 755 vrele(mp->mnt_vnodecovered); 756 #ifdef MAC 757 mac_mount_destroy(mp); 758 #endif 759 if (mp->mnt_opt != NULL) 760 vfs_freeopts(mp->mnt_opt); 761 if (mp->mnt_exjail != NULL) { 762 atomic_subtract_int(&mp->mnt_exjail->cr_prison->pr_exportcnt, 763 1); 764 crfree(mp->mnt_exjail); 765 } 766 if (mp->mnt_export != NULL) { 767 vfs_free_addrlist(mp->mnt_export); 768 free(mp->mnt_export, M_MOUNT); 769 } 770 crfree(mp->mnt_cred); 771 uma_zfree(mount_zone, mp); 772 } 773 774 static bool 775 vfs_should_downgrade_to_ro_mount(uint64_t fsflags, int error) 776 { 777 /* This is an upgrade of an exisiting mount. */ 778 if ((fsflags & MNT_UPDATE) != 0) 779 return (false); 780 /* This is already an R/O mount. */ 781 if ((fsflags & MNT_RDONLY) != 0) 782 return (false); 783 784 switch (error) { 785 case ENODEV: /* generic, geom, ... */ 786 case EACCES: /* cam/scsi, ... */ 787 case EROFS: /* md, mmcsd, ... */ 788 /* 789 * These errors can be returned by the storage layer to signal 790 * that the media is read-only. No harm in the R/O mount 791 * attempt if the error was returned for some other reason. 792 */ 793 return (true); 794 default: 795 return (false); 796 } 797 } 798 799 int 800 vfs_donmount(struct thread *td, uint64_t fsflags, struct uio *fsoptions) 801 { 802 struct vfsoptlist *optlist; 803 struct vfsopt *opt, *tmp_opt; 804 char *fstype, *fspath, *errmsg; 805 int error, fstypelen, fspathlen, errmsg_len, errmsg_pos; 806 bool autoro, has_nonexport, jail_export; 807 808 errmsg = fspath = NULL; 809 errmsg_len = fspathlen = 0; 810 errmsg_pos = -1; 811 autoro = default_autoro; 812 813 error = vfs_buildopts(fsoptions, &optlist); 814 if (error) 815 return (error); 816 817 if (vfs_getopt(optlist, "errmsg", (void **)&errmsg, &errmsg_len) == 0) 818 errmsg_pos = vfs_getopt_pos(optlist, "errmsg"); 819 820 /* 821 * We need these two options before the others, 822 * and they are mandatory for any filesystem. 823 * Ensure they are NUL terminated as well. 824 */ 825 fstypelen = 0; 826 error = vfs_getopt(optlist, "fstype", (void **)&fstype, &fstypelen); 827 if (error || fstypelen <= 0 || fstype[fstypelen - 1] != '\0') { 828 error = EINVAL; 829 if (errmsg != NULL) 830 strncpy(errmsg, "Invalid fstype", errmsg_len); 831 goto bail; 832 } 833 fspathlen = 0; 834 error = vfs_getopt(optlist, "fspath", (void **)&fspath, &fspathlen); 835 if (error || fspathlen <= 0 || fspath[fspathlen - 1] != '\0') { 836 error = EINVAL; 837 if (errmsg != NULL) 838 strncpy(errmsg, "Invalid fspath", errmsg_len); 839 goto bail; 840 } 841 842 /* 843 * Check to see that "export" is only used with the "update", "fstype", 844 * "fspath", "from" and "errmsg" options when in a vnet jail. 845 * These are the ones used to set/update exports by mountd(8). 846 * If only the above options are set in a jail that can run mountd(8), 847 * then the jail_export argument of vfs_domount() will be true. 848 * When jail_export is true, the vfs_suser() check does not cause 849 * failure, but limits the update to exports only. 850 * This allows mountd(8) running within the vnet jail 851 * to export file systems visible within the jail, but 852 * mounted outside of the jail. 853 */ 854 /* 855 * We need to see if we have the "update" option 856 * before we call vfs_domount(), since vfs_domount() has special 857 * logic based on MNT_UPDATE. This is very important 858 * when we want to update the root filesystem. 859 */ 860 has_nonexport = false; 861 jail_export = false; 862 TAILQ_FOREACH_SAFE(opt, optlist, link, tmp_opt) { 863 int do_freeopt = 0; 864 865 if (jailed(td->td_ucred) && 866 strcmp(opt->name, "export") != 0 && 867 strcmp(opt->name, "update") != 0 && 868 strcmp(opt->name, "fstype") != 0 && 869 strcmp(opt->name, "fspath") != 0 && 870 strcmp(opt->name, "from") != 0 && 871 strcmp(opt->name, "errmsg") != 0) 872 has_nonexport = true; 873 if (strcmp(opt->name, "update") == 0) { 874 fsflags |= MNT_UPDATE; 875 do_freeopt = 1; 876 } 877 else if (strcmp(opt->name, "async") == 0) 878 fsflags |= MNT_ASYNC; 879 else if (strcmp(opt->name, "force") == 0) { 880 fsflags |= MNT_FORCE; 881 do_freeopt = 1; 882 } 883 else if (strcmp(opt->name, "reload") == 0) { 884 fsflags |= MNT_RELOAD; 885 do_freeopt = 1; 886 } 887 else if (strcmp(opt->name, "multilabel") == 0) 888 fsflags |= MNT_MULTILABEL; 889 else if (strcmp(opt->name, "noasync") == 0) 890 fsflags &= ~MNT_ASYNC; 891 else if (strcmp(opt->name, "noatime") == 0) 892 fsflags |= MNT_NOATIME; 893 else if (strcmp(opt->name, "atime") == 0) { 894 free(opt->name, M_MOUNT); 895 opt->name = strdup("nonoatime", M_MOUNT); 896 } 897 else if (strcmp(opt->name, "noclusterr") == 0) 898 fsflags |= MNT_NOCLUSTERR; 899 else if (strcmp(opt->name, "clusterr") == 0) { 900 free(opt->name, M_MOUNT); 901 opt->name = strdup("nonoclusterr", M_MOUNT); 902 } 903 else if (strcmp(opt->name, "noclusterw") == 0) 904 fsflags |= MNT_NOCLUSTERW; 905 else if (strcmp(opt->name, "clusterw") == 0) { 906 free(opt->name, M_MOUNT); 907 opt->name = strdup("nonoclusterw", M_MOUNT); 908 } 909 else if (strcmp(opt->name, "noexec") == 0) 910 fsflags |= MNT_NOEXEC; 911 else if (strcmp(opt->name, "exec") == 0) { 912 free(opt->name, M_MOUNT); 913 opt->name = strdup("nonoexec", M_MOUNT); 914 } 915 else if (strcmp(opt->name, "nosuid") == 0) 916 fsflags |= MNT_NOSUID; 917 else if (strcmp(opt->name, "suid") == 0) { 918 free(opt->name, M_MOUNT); 919 opt->name = strdup("nonosuid", M_MOUNT); 920 } 921 else if (strcmp(opt->name, "nosymfollow") == 0) 922 fsflags |= MNT_NOSYMFOLLOW; 923 else if (strcmp(opt->name, "symfollow") == 0) { 924 free(opt->name, M_MOUNT); 925 opt->name = strdup("nonosymfollow", M_MOUNT); 926 } 927 else if (strcmp(opt->name, "noro") == 0) { 928 fsflags &= ~MNT_RDONLY; 929 autoro = false; 930 } 931 else if (strcmp(opt->name, "rw") == 0) { 932 fsflags &= ~MNT_RDONLY; 933 autoro = false; 934 } 935 else if (strcmp(opt->name, "ro") == 0) { 936 fsflags |= MNT_RDONLY; 937 autoro = false; 938 } 939 else if (strcmp(opt->name, "rdonly") == 0) { 940 free(opt->name, M_MOUNT); 941 opt->name = strdup("ro", M_MOUNT); 942 fsflags |= MNT_RDONLY; 943 autoro = false; 944 } 945 else if (strcmp(opt->name, "autoro") == 0) { 946 do_freeopt = 1; 947 autoro = true; 948 } 949 else if (strcmp(opt->name, "suiddir") == 0) 950 fsflags |= MNT_SUIDDIR; 951 else if (strcmp(opt->name, "sync") == 0) 952 fsflags |= MNT_SYNCHRONOUS; 953 else if (strcmp(opt->name, "union") == 0) 954 fsflags |= MNT_UNION; 955 else if (strcmp(opt->name, "export") == 0) { 956 fsflags |= MNT_EXPORTED; 957 jail_export = true; 958 } else if (strcmp(opt->name, "automounted") == 0) { 959 fsflags |= MNT_AUTOMOUNTED; 960 do_freeopt = 1; 961 } else if (strcmp(opt->name, "nocover") == 0) { 962 fsflags |= MNT_NOCOVER; 963 do_freeopt = 1; 964 } else if (strcmp(opt->name, "cover") == 0) { 965 fsflags &= ~MNT_NOCOVER; 966 do_freeopt = 1; 967 } else if (strcmp(opt->name, "emptydir") == 0) { 968 fsflags |= MNT_EMPTYDIR; 969 do_freeopt = 1; 970 } else if (strcmp(opt->name, "noemptydir") == 0) { 971 fsflags &= ~MNT_EMPTYDIR; 972 do_freeopt = 1; 973 } 974 if (do_freeopt) 975 vfs_freeopt(optlist, opt); 976 } 977 978 /* 979 * Be ultra-paranoid about making sure the type and fspath 980 * variables will fit in our mp buffers, including the 981 * terminating NUL. 982 */ 983 if (fstypelen > MFSNAMELEN || fspathlen > MNAMELEN) { 984 error = ENAMETOOLONG; 985 goto bail; 986 } 987 988 /* 989 * If has_nonexport is true or the caller is not running within a 990 * vnet prison that can run mountd(8), set jail_export false. 991 */ 992 if (has_nonexport || !jailed(td->td_ucred) || 993 !prison_check_nfsd(td->td_ucred)) 994 jail_export = false; 995 996 error = vfs_domount(td, fstype, fspath, fsflags, jail_export, &optlist); 997 if (error == ENODEV) { 998 error = EINVAL; 999 if (errmsg != NULL) 1000 strncpy(errmsg, "Invalid fstype", errmsg_len); 1001 goto bail; 1002 } 1003 1004 /* 1005 * See if we can mount in the read-only mode if the error code suggests 1006 * that it could be possible and the mount options allow for that. 1007 * Never try it if "[no]{ro|rw}" has been explicitly requested and not 1008 * overridden by "autoro". 1009 */ 1010 if (autoro && vfs_should_downgrade_to_ro_mount(fsflags, error)) { 1011 printf("%s: R/W mount failed, possibly R/O media," 1012 " trying R/O mount\n", __func__); 1013 fsflags |= MNT_RDONLY; 1014 error = vfs_domount(td, fstype, fspath, fsflags, jail_export, 1015 &optlist); 1016 } 1017 bail: 1018 /* copyout the errmsg */ 1019 if (errmsg_pos != -1 && ((2 * errmsg_pos + 1) < fsoptions->uio_iovcnt) 1020 && errmsg_len > 0 && errmsg != NULL) { 1021 if (fsoptions->uio_segflg == UIO_SYSSPACE) { 1022 bcopy(errmsg, 1023 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, 1024 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); 1025 } else { 1026 (void)copyout(errmsg, 1027 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, 1028 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); 1029 } 1030 } 1031 1032 if (optlist != NULL) 1033 vfs_freeopts(optlist); 1034 return (error); 1035 } 1036 1037 /* 1038 * Old mount API. 1039 */ 1040 #ifndef _SYS_SYSPROTO_H_ 1041 struct mount_args { 1042 char *type; 1043 char *path; 1044 int flags; 1045 caddr_t data; 1046 }; 1047 #endif 1048 /* ARGSUSED */ 1049 int 1050 sys_mount(struct thread *td, struct mount_args *uap) 1051 { 1052 char *fstype; 1053 struct vfsconf *vfsp = NULL; 1054 struct mntarg *ma = NULL; 1055 uint64_t flags; 1056 int error; 1057 1058 /* 1059 * Mount flags are now 64-bits. On 32-bit architectures only 1060 * 32-bits are passed in, but from here on everything handles 1061 * 64-bit flags correctly. 1062 */ 1063 flags = uap->flags; 1064 1065 AUDIT_ARG_FFLAGS(flags); 1066 1067 /* 1068 * Filter out MNT_ROOTFS. We do not want clients of mount() in 1069 * userspace to set this flag, but we must filter it out if we want 1070 * MNT_UPDATE on the root file system to work. 1071 * MNT_ROOTFS should only be set by the kernel when mounting its 1072 * root file system. 1073 */ 1074 flags &= ~MNT_ROOTFS; 1075 1076 fstype = malloc(MFSNAMELEN, M_TEMP, M_WAITOK); 1077 error = copyinstr(uap->type, fstype, MFSNAMELEN, NULL); 1078 if (error) { 1079 free(fstype, M_TEMP); 1080 return (error); 1081 } 1082 1083 AUDIT_ARG_TEXT(fstype); 1084 vfsp = vfs_byname_kld(fstype, td, &error); 1085 free(fstype, M_TEMP); 1086 if (vfsp == NULL) 1087 return (EINVAL); 1088 if (((vfsp->vfc_flags & VFCF_SBDRY) != 0 && 1089 vfsp->vfc_vfsops_sd->vfs_cmount == NULL) || 1090 ((vfsp->vfc_flags & VFCF_SBDRY) == 0 && 1091 vfsp->vfc_vfsops->vfs_cmount == NULL)) 1092 return (EOPNOTSUPP); 1093 1094 ma = mount_argsu(ma, "fstype", uap->type, MFSNAMELEN); 1095 ma = mount_argsu(ma, "fspath", uap->path, MNAMELEN); 1096 ma = mount_argb(ma, flags & MNT_RDONLY, "noro"); 1097 ma = mount_argb(ma, !(flags & MNT_NOSUID), "nosuid"); 1098 ma = mount_argb(ma, !(flags & MNT_NOEXEC), "noexec"); 1099 1100 if ((vfsp->vfc_flags & VFCF_SBDRY) != 0) 1101 return (vfsp->vfc_vfsops_sd->vfs_cmount(ma, uap->data, flags)); 1102 return (vfsp->vfc_vfsops->vfs_cmount(ma, uap->data, flags)); 1103 } 1104 1105 /* 1106 * vfs_domount_first(): first file system mount (not update) 1107 */ 1108 static int 1109 vfs_domount_first( 1110 struct thread *td, /* Calling thread. */ 1111 struct vfsconf *vfsp, /* File system type. */ 1112 char *fspath, /* Mount path. */ 1113 struct vnode *vp, /* Vnode to be covered. */ 1114 uint64_t fsflags, /* Flags common to all filesystems. */ 1115 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1116 ) 1117 { 1118 struct vattr va; 1119 struct mount *mp; 1120 struct vnode *newdp, *rootvp; 1121 int error, error1; 1122 bool unmounted; 1123 1124 ASSERT_VOP_ELOCKED(vp, __func__); 1125 KASSERT((fsflags & MNT_UPDATE) == 0, ("MNT_UPDATE shouldn't be here")); 1126 1127 /* 1128 * If the jail of the calling thread lacks permission for this type of 1129 * file system, or is trying to cover its own root, deny immediately. 1130 */ 1131 if (jailed(td->td_ucred) && (!prison_allow(td->td_ucred, 1132 vfsp->vfc_prison_flag) || vp == td->td_ucred->cr_prison->pr_root)) { 1133 vput(vp); 1134 return (EPERM); 1135 } 1136 1137 /* 1138 * If the user is not root, ensure that they own the directory 1139 * onto which we are attempting to mount. 1140 */ 1141 error = VOP_GETATTR(vp, &va, td->td_ucred); 1142 if (error == 0 && va.va_uid != td->td_ucred->cr_uid) 1143 error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN); 1144 if (error == 0) 1145 error = vinvalbuf(vp, V_SAVE, 0, 0); 1146 if (vfsp->vfc_flags & VFCF_FILEMOUNT) { 1147 if (error == 0 && vp->v_type != VDIR && vp->v_type != VREG) 1148 error = EINVAL; 1149 /* 1150 * For file mounts, ensure that there is only one hardlink to the file. 1151 */ 1152 if (error == 0 && vp->v_type == VREG && va.va_nlink != 1) 1153 error = EINVAL; 1154 } else { 1155 if (error == 0 && vp->v_type != VDIR) 1156 error = ENOTDIR; 1157 } 1158 if (error == 0 && (fsflags & MNT_EMPTYDIR) != 0) 1159 error = vn_dir_check_empty(vp); 1160 if (error == 0) { 1161 VI_LOCK(vp); 1162 if ((vp->v_iflag & VI_MOUNT) == 0 && vp->v_mountedhere == NULL) 1163 vp->v_iflag |= VI_MOUNT; 1164 else 1165 error = EBUSY; 1166 VI_UNLOCK(vp); 1167 } 1168 if (error != 0) { 1169 vput(vp); 1170 return (error); 1171 } 1172 vn_seqc_write_begin(vp); 1173 VOP_UNLOCK(vp); 1174 1175 /* Allocate and initialize the filesystem. */ 1176 mp = vfs_mount_alloc(vp, vfsp, fspath, td->td_ucred); 1177 /* XXXMAC: pass to vfs_mount_alloc? */ 1178 mp->mnt_optnew = *optlist; 1179 /* Set the mount level flags. */ 1180 mp->mnt_flag = (fsflags & 1181 (MNT_UPDATEMASK | MNT_ROOTFS | MNT_RDONLY | MNT_FORCE)); 1182 1183 /* 1184 * Mount the filesystem. 1185 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they 1186 * get. No freeing of cn_pnbuf. 1187 */ 1188 error1 = 0; 1189 unmounted = true; 1190 if ((error = VFS_MOUNT(mp)) != 0 || 1191 (error1 = VFS_STATFS(mp, &mp->mnt_stat)) != 0 || 1192 (error1 = VFS_ROOT(mp, LK_EXCLUSIVE, &newdp)) != 0) { 1193 rootvp = NULL; 1194 if (error1 != 0) { 1195 MPASS(error == 0); 1196 rootvp = vfs_cache_root_clear(mp); 1197 if (rootvp != NULL) { 1198 vhold(rootvp); 1199 vrele(rootvp); 1200 } 1201 (void)vn_start_write(NULL, &mp, V_WAIT); 1202 MNT_ILOCK(mp); 1203 mp->mnt_kern_flag |= MNTK_UNMOUNT | MNTK_UNMOUNTF; 1204 MNT_IUNLOCK(mp); 1205 VFS_PURGE(mp); 1206 error = VFS_UNMOUNT(mp, 0); 1207 vn_finished_write(mp); 1208 if (error != 0) { 1209 printf( 1210 "failed post-mount (%d): rollback unmount returned %d\n", 1211 error1, error); 1212 unmounted = false; 1213 } 1214 error = error1; 1215 } 1216 vfs_unbusy(mp); 1217 mp->mnt_vnodecovered = NULL; 1218 if (unmounted) { 1219 /* XXXKIB wait for mnt_lockref drain? */ 1220 vfs_mount_destroy(mp); 1221 } 1222 VI_LOCK(vp); 1223 vp->v_iflag &= ~VI_MOUNT; 1224 VI_UNLOCK(vp); 1225 if (rootvp != NULL) { 1226 vn_seqc_write_end(rootvp); 1227 vdrop(rootvp); 1228 } 1229 vn_seqc_write_end(vp); 1230 vrele(vp); 1231 return (error); 1232 } 1233 vn_seqc_write_begin(newdp); 1234 VOP_UNLOCK(newdp); 1235 1236 if (mp->mnt_opt != NULL) 1237 vfs_freeopts(mp->mnt_opt); 1238 mp->mnt_opt = mp->mnt_optnew; 1239 *optlist = NULL; 1240 1241 /* 1242 * Prevent external consumers of mount options from reading mnt_optnew. 1243 */ 1244 mp->mnt_optnew = NULL; 1245 1246 MNT_ILOCK(mp); 1247 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 1248 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 1249 mp->mnt_kern_flag |= MNTK_ASYNC; 1250 else 1251 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1252 MNT_IUNLOCK(mp); 1253 1254 /* 1255 * VIRF_MOUNTPOINT and v_mountedhere need to be set under the 1256 * vp lock to satisfy vfs_lookup() requirements. 1257 */ 1258 VOP_LOCK(vp, LK_EXCLUSIVE | LK_RETRY); 1259 VI_LOCK(vp); 1260 vn_irflag_set_locked(vp, VIRF_MOUNTPOINT); 1261 vp->v_mountedhere = mp; 1262 VI_UNLOCK(vp); 1263 VOP_UNLOCK(vp); 1264 cache_purge(vp); 1265 1266 /* 1267 * We need to lock both vnodes. 1268 * 1269 * Use vn_lock_pair to avoid establishing an ordering between vnodes 1270 * from different filesystems. 1271 */ 1272 vn_lock_pair(vp, false, LK_EXCLUSIVE, newdp, false, LK_EXCLUSIVE); 1273 1274 VI_LOCK(vp); 1275 vp->v_iflag &= ~VI_MOUNT; 1276 VI_UNLOCK(vp); 1277 /* Place the new filesystem at the end of the mount list. */ 1278 mtx_lock(&mountlist_mtx); 1279 TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list); 1280 mtx_unlock(&mountlist_mtx); 1281 vfs_event_signal(NULL, VQ_MOUNT, 0); 1282 VOP_UNLOCK(vp); 1283 EVENTHANDLER_DIRECT_INVOKE(vfs_mounted, mp, newdp, td); 1284 VOP_UNLOCK(newdp); 1285 mount_devctl_event("MOUNT", mp, false); 1286 mountcheckdirs(vp, newdp); 1287 vn_seqc_write_end(vp); 1288 vn_seqc_write_end(newdp); 1289 vrele(newdp); 1290 if ((mp->mnt_flag & MNT_RDONLY) == 0) 1291 vfs_allocate_syncvnode(mp); 1292 vfs_op_exit(mp); 1293 vfs_unbusy(mp); 1294 return (0); 1295 } 1296 1297 /* 1298 * vfs_domount_update(): update of mounted file system 1299 */ 1300 static int 1301 vfs_domount_update( 1302 struct thread *td, /* Calling thread. */ 1303 struct vnode *vp, /* Mount point vnode. */ 1304 uint64_t fsflags, /* Flags common to all filesystems. */ 1305 bool jail_export, /* Got export option in vnet prison. */ 1306 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1307 ) 1308 { 1309 struct export_args export; 1310 struct o2export_args o2export; 1311 struct vnode *rootvp; 1312 void *bufp; 1313 struct mount *mp; 1314 int error, export_error, i, len, fsid_up_len; 1315 uint64_t flag, mnt_union; 1316 gid_t *grps; 1317 fsid_t *fsid_up; 1318 bool vfs_suser_failed; 1319 1320 ASSERT_VOP_ELOCKED(vp, __func__); 1321 KASSERT((fsflags & MNT_UPDATE) != 0, ("MNT_UPDATE should be here")); 1322 mp = vp->v_mount; 1323 1324 if ((vp->v_vflag & VV_ROOT) == 0) { 1325 if (vfs_copyopt(*optlist, "export", &export, sizeof(export)) 1326 == 0) 1327 error = EXDEV; 1328 else 1329 error = EINVAL; 1330 vput(vp); 1331 return (error); 1332 } 1333 1334 /* 1335 * We only allow the filesystem to be reloaded if it 1336 * is currently mounted read-only. 1337 */ 1338 flag = mp->mnt_flag; 1339 if ((fsflags & MNT_RELOAD) != 0 && (flag & MNT_RDONLY) == 0) { 1340 vput(vp); 1341 return (EOPNOTSUPP); /* Needs translation */ 1342 } 1343 /* 1344 * Only privileged root, or (if MNT_USER is set) the user that 1345 * did the original mount is permitted to update it. 1346 */ 1347 /* 1348 * For the case of mountd(8) doing exports in a jail, the vfs_suser() 1349 * call does not cause failure. vfs_domount() has already checked 1350 * that "root" is doing this and vfs_suser() will fail when 1351 * the file system has been mounted outside the jail. 1352 * jail_export set true indicates that "export" is not mixed 1353 * with other options that change mount behaviour. 1354 */ 1355 vfs_suser_failed = false; 1356 error = vfs_suser(mp, td); 1357 if (jail_export && error != 0) { 1358 error = 0; 1359 vfs_suser_failed = true; 1360 } 1361 if (error != 0) { 1362 vput(vp); 1363 return (error); 1364 } 1365 if (vfs_busy(mp, MBF_NOWAIT)) { 1366 vput(vp); 1367 return (EBUSY); 1368 } 1369 VI_LOCK(vp); 1370 if ((vp->v_iflag & VI_MOUNT) != 0 || vp->v_mountedhere != NULL) { 1371 VI_UNLOCK(vp); 1372 vfs_unbusy(mp); 1373 vput(vp); 1374 return (EBUSY); 1375 } 1376 vp->v_iflag |= VI_MOUNT; 1377 VI_UNLOCK(vp); 1378 VOP_UNLOCK(vp); 1379 1380 rootvp = NULL; 1381 vfs_op_enter(mp); 1382 vn_seqc_write_begin(vp); 1383 1384 if (vfs_getopt(*optlist, "fsid", (void **)&fsid_up, 1385 &fsid_up_len) == 0) { 1386 if (fsid_up_len != sizeof(*fsid_up)) { 1387 error = EINVAL; 1388 goto end; 1389 } 1390 if (fsidcmp(fsid_up, &mp->mnt_stat.f_fsid) != 0) { 1391 error = ENOENT; 1392 goto end; 1393 } 1394 vfs_deleteopt(*optlist, "fsid"); 1395 } 1396 1397 mnt_union = 0; 1398 MNT_ILOCK(mp); 1399 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0) { 1400 MNT_IUNLOCK(mp); 1401 error = EBUSY; 1402 goto end; 1403 } 1404 if (vfs_suser_failed) { 1405 KASSERT((fsflags & (MNT_EXPORTED | MNT_UPDATE)) == 1406 (MNT_EXPORTED | MNT_UPDATE), 1407 ("%s: jailed export did not set expected fsflags", 1408 __func__)); 1409 /* 1410 * For this case, only MNT_UPDATE and 1411 * MNT_EXPORTED have been set in fsflags 1412 * by the options. Only set MNT_UPDATE, 1413 * since that is the one that would be set 1414 * when set in fsflags, below. 1415 */ 1416 mp->mnt_flag |= MNT_UPDATE; 1417 } else { 1418 mp->mnt_flag &= ~MNT_UPDATEMASK; 1419 if ((mp->mnt_flag & MNT_UNION) == 0 && 1420 (fsflags & MNT_UNION) != 0) { 1421 fsflags &= ~MNT_UNION; 1422 mnt_union = MNT_UNION; 1423 } 1424 mp->mnt_flag |= fsflags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE | 1425 MNT_SNAPSHOT | MNT_ROOTFS | MNT_UPDATEMASK | MNT_RDONLY); 1426 if ((mp->mnt_flag & MNT_ASYNC) == 0) 1427 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1428 } 1429 rootvp = vfs_cache_root_clear(mp); 1430 MNT_IUNLOCK(mp); 1431 mp->mnt_optnew = *optlist; 1432 vfs_mergeopts(mp->mnt_optnew, mp->mnt_opt); 1433 1434 /* 1435 * Mount the filesystem. 1436 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they 1437 * get. No freeing of cn_pnbuf. 1438 */ 1439 /* 1440 * For the case of mountd(8) doing exports from within a vnet jail, 1441 * "from" is typically not set correctly such that VFS_MOUNT() will 1442 * return ENOENT. It is not obvious that VFS_MOUNT() ever needs to be 1443 * called when mountd is doing exports, but this check only applies to 1444 * the specific case where it is running inside a vnet jail, to 1445 * avoid any POLA violation. 1446 */ 1447 error = 0; 1448 if (!jail_export) 1449 error = VFS_MOUNT(mp); 1450 1451 export_error = 0; 1452 /* Process the export option. */ 1453 if (error == 0 && vfs_getopt(mp->mnt_optnew, "export", &bufp, 1454 &len) == 0) { 1455 /* Assume that there is only 1 ABI for each length. */ 1456 switch (len) { 1457 case (sizeof(struct oexport_args)): 1458 bzero(&o2export, sizeof(o2export)); 1459 /* FALLTHROUGH */ 1460 case (sizeof(o2export)): 1461 bcopy(bufp, &o2export, len); 1462 export.ex_flags = (uint64_t)o2export.ex_flags; 1463 export.ex_root = o2export.ex_root; 1464 export.ex_uid = o2export.ex_anon.cr_uid; 1465 export.ex_groups = NULL; 1466 export.ex_ngroups = o2export.ex_anon.cr_ngroups; 1467 if (export.ex_ngroups > 0) { 1468 if (export.ex_ngroups <= XU_NGROUPS) { 1469 export.ex_groups = malloc( 1470 export.ex_ngroups * sizeof(gid_t), 1471 M_TEMP, M_WAITOK); 1472 for (i = 0; i < export.ex_ngroups; i++) 1473 export.ex_groups[i] = 1474 o2export.ex_anon.cr_groups[i]; 1475 } else 1476 export_error = EINVAL; 1477 } else if (export.ex_ngroups < 0) 1478 export_error = EINVAL; 1479 export.ex_addr = o2export.ex_addr; 1480 export.ex_addrlen = o2export.ex_addrlen; 1481 export.ex_mask = o2export.ex_mask; 1482 export.ex_masklen = o2export.ex_masklen; 1483 export.ex_indexfile = o2export.ex_indexfile; 1484 export.ex_numsecflavors = o2export.ex_numsecflavors; 1485 if (export.ex_numsecflavors < MAXSECFLAVORS) { 1486 for (i = 0; i < export.ex_numsecflavors; i++) 1487 export.ex_secflavors[i] = 1488 o2export.ex_secflavors[i]; 1489 } else 1490 export_error = EINVAL; 1491 if (export_error == 0) 1492 export_error = vfs_export(mp, &export, true); 1493 free(export.ex_groups, M_TEMP); 1494 break; 1495 case (sizeof(export)): 1496 bcopy(bufp, &export, len); 1497 grps = NULL; 1498 if (export.ex_ngroups > 0) { 1499 if (export.ex_ngroups <= ngroups_max + 1) { 1500 grps = malloc(export.ex_ngroups * 1501 sizeof(gid_t), M_TEMP, M_WAITOK); 1502 export_error = copyin(export.ex_groups, 1503 grps, export.ex_ngroups * 1504 sizeof(gid_t)); 1505 if (export_error == 0) 1506 export.ex_groups = grps; 1507 } else 1508 export_error = EINVAL; 1509 } else if (export.ex_ngroups == 0) 1510 export.ex_groups = NULL; 1511 else 1512 export_error = EINVAL; 1513 if (export_error == 0) 1514 export_error = vfs_export(mp, &export, true); 1515 free(grps, M_TEMP); 1516 break; 1517 default: 1518 export_error = EINVAL; 1519 break; 1520 } 1521 } 1522 1523 MNT_ILOCK(mp); 1524 if (error == 0) { 1525 mp->mnt_flag &= ~(MNT_UPDATE | MNT_RELOAD | MNT_FORCE | 1526 MNT_SNAPSHOT); 1527 mp->mnt_flag |= mnt_union; 1528 } else { 1529 /* 1530 * If we fail, restore old mount flags. MNT_QUOTA is special, 1531 * because it is not part of MNT_UPDATEMASK, but it could have 1532 * changed in the meantime if quotactl(2) was called. 1533 * All in all we want current value of MNT_QUOTA, not the old 1534 * one. 1535 */ 1536 mp->mnt_flag = (mp->mnt_flag & MNT_QUOTA) | (flag & ~MNT_QUOTA); 1537 } 1538 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 1539 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 1540 mp->mnt_kern_flag |= MNTK_ASYNC; 1541 else 1542 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1543 MNT_IUNLOCK(mp); 1544 1545 if (error != 0) 1546 goto end; 1547 1548 mount_devctl_event("REMOUNT", mp, true); 1549 if (mp->mnt_opt != NULL) 1550 vfs_freeopts(mp->mnt_opt); 1551 mp->mnt_opt = mp->mnt_optnew; 1552 *optlist = NULL; 1553 (void)VFS_STATFS(mp, &mp->mnt_stat); 1554 /* 1555 * Prevent external consumers of mount options from reading 1556 * mnt_optnew. 1557 */ 1558 mp->mnt_optnew = NULL; 1559 1560 if ((mp->mnt_flag & MNT_RDONLY) == 0) 1561 vfs_allocate_syncvnode(mp); 1562 else 1563 vfs_deallocate_syncvnode(mp); 1564 end: 1565 vfs_op_exit(mp); 1566 if (rootvp != NULL) { 1567 vn_seqc_write_end(rootvp); 1568 vrele(rootvp); 1569 } 1570 vn_seqc_write_end(vp); 1571 vfs_unbusy(mp); 1572 VI_LOCK(vp); 1573 vp->v_iflag &= ~VI_MOUNT; 1574 VI_UNLOCK(vp); 1575 vrele(vp); 1576 return (error != 0 ? error : export_error); 1577 } 1578 1579 /* 1580 * vfs_domount(): actually attempt a filesystem mount. 1581 */ 1582 static int 1583 vfs_domount( 1584 struct thread *td, /* Calling thread. */ 1585 const char *fstype, /* Filesystem type. */ 1586 char *fspath, /* Mount path. */ 1587 uint64_t fsflags, /* Flags common to all filesystems. */ 1588 bool jail_export, /* Got export option in vnet prison. */ 1589 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1590 ) 1591 { 1592 struct vfsconf *vfsp; 1593 struct nameidata nd; 1594 struct vnode *vp; 1595 char *pathbuf; 1596 int error; 1597 1598 /* 1599 * Be ultra-paranoid about making sure the type and fspath 1600 * variables will fit in our mp buffers, including the 1601 * terminating NUL. 1602 */ 1603 if (strlen(fstype) >= MFSNAMELEN || strlen(fspath) >= MNAMELEN) 1604 return (ENAMETOOLONG); 1605 1606 if (jail_export) { 1607 error = priv_check(td, PRIV_NFS_DAEMON); 1608 if (error) 1609 return (error); 1610 } else if (jailed(td->td_ucred) || usermount == 0) { 1611 if ((error = priv_check(td, PRIV_VFS_MOUNT)) != 0) 1612 return (error); 1613 } 1614 1615 /* 1616 * Do not allow NFS export or MNT_SUIDDIR by unprivileged users. 1617 */ 1618 if (fsflags & MNT_EXPORTED) { 1619 error = priv_check(td, PRIV_VFS_MOUNT_EXPORTED); 1620 if (error) 1621 return (error); 1622 } 1623 if (fsflags & MNT_SUIDDIR) { 1624 error = priv_check(td, PRIV_VFS_MOUNT_SUIDDIR); 1625 if (error) 1626 return (error); 1627 } 1628 /* 1629 * Silently enforce MNT_NOSUID and MNT_USER for unprivileged users. 1630 */ 1631 if ((fsflags & (MNT_NOSUID | MNT_USER)) != (MNT_NOSUID | MNT_USER)) { 1632 if (priv_check(td, PRIV_VFS_MOUNT_NONUSER) != 0) 1633 fsflags |= MNT_NOSUID | MNT_USER; 1634 } 1635 1636 /* Load KLDs before we lock the covered vnode to avoid reversals. */ 1637 vfsp = NULL; 1638 if ((fsflags & MNT_UPDATE) == 0) { 1639 /* Don't try to load KLDs if we're mounting the root. */ 1640 if (fsflags & MNT_ROOTFS) { 1641 if ((vfsp = vfs_byname(fstype)) == NULL) 1642 return (ENODEV); 1643 } else { 1644 if ((vfsp = vfs_byname_kld(fstype, td, &error)) == NULL) 1645 return (error); 1646 } 1647 } 1648 1649 /* 1650 * Get vnode to be covered or mount point's vnode in case of MNT_UPDATE. 1651 */ 1652 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1 | WANTPARENT, 1653 UIO_SYSSPACE, fspath); 1654 error = namei(&nd); 1655 if (error != 0) 1656 return (error); 1657 vp = nd.ni_vp; 1658 /* 1659 * Don't allow stacking file mounts to work around problems with the way 1660 * that namei sets nd.ni_dvp to vp_crossmp for these. 1661 */ 1662 if (vp->v_type == VREG) 1663 fsflags |= MNT_NOCOVER; 1664 if ((fsflags & MNT_UPDATE) == 0) { 1665 if ((vp->v_vflag & VV_ROOT) != 0 && 1666 (fsflags & MNT_NOCOVER) != 0) { 1667 vput(vp); 1668 error = EBUSY; 1669 goto out; 1670 } 1671 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1672 strcpy(pathbuf, fspath); 1673 /* 1674 * Note: we allow any vnode type here. If the path sanity check 1675 * succeeds, the type will be validated in vfs_domount_first 1676 * above. 1677 */ 1678 if (vp->v_type == VDIR) 1679 error = vn_path_to_global_path(td, vp, pathbuf, 1680 MNAMELEN); 1681 else 1682 error = vn_path_to_global_path_hardlink(td, vp, 1683 nd.ni_dvp, pathbuf, MNAMELEN, 1684 nd.ni_cnd.cn_nameptr, nd.ni_cnd.cn_namelen); 1685 if (error == 0) { 1686 error = vfs_domount_first(td, vfsp, pathbuf, vp, 1687 fsflags, optlist); 1688 } 1689 free(pathbuf, M_TEMP); 1690 } else 1691 error = vfs_domount_update(td, vp, fsflags, jail_export, 1692 optlist); 1693 1694 out: 1695 NDFREE_PNBUF(&nd); 1696 vrele(nd.ni_dvp); 1697 1698 return (error); 1699 } 1700 1701 /* 1702 * Unmount a filesystem. 1703 * 1704 * Note: unmount takes a path to the vnode mounted on as argument, not 1705 * special file (as before). 1706 */ 1707 #ifndef _SYS_SYSPROTO_H_ 1708 struct unmount_args { 1709 char *path; 1710 int flags; 1711 }; 1712 #endif 1713 /* ARGSUSED */ 1714 int 1715 sys_unmount(struct thread *td, struct unmount_args *uap) 1716 { 1717 1718 return (kern_unmount(td, uap->path, uap->flags)); 1719 } 1720 1721 int 1722 kern_unmount(struct thread *td, const char *path, int flags) 1723 { 1724 struct nameidata nd; 1725 struct mount *mp; 1726 char *fsidbuf, *pathbuf; 1727 fsid_t fsid; 1728 int error; 1729 1730 AUDIT_ARG_VALUE(flags); 1731 if (jailed(td->td_ucred) || usermount == 0) { 1732 error = priv_check(td, PRIV_VFS_UNMOUNT); 1733 if (error) 1734 return (error); 1735 } 1736 1737 if (flags & MNT_BYFSID) { 1738 fsidbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1739 error = copyinstr(path, fsidbuf, MNAMELEN, NULL); 1740 if (error) { 1741 free(fsidbuf, M_TEMP); 1742 return (error); 1743 } 1744 1745 AUDIT_ARG_TEXT(fsidbuf); 1746 /* Decode the filesystem ID. */ 1747 if (sscanf(fsidbuf, "FSID:%d:%d", &fsid.val[0], &fsid.val[1]) != 2) { 1748 free(fsidbuf, M_TEMP); 1749 return (EINVAL); 1750 } 1751 1752 mp = vfs_getvfs(&fsid); 1753 free(fsidbuf, M_TEMP); 1754 if (mp == NULL) { 1755 return (ENOENT); 1756 } 1757 } else { 1758 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1759 error = copyinstr(path, pathbuf, MNAMELEN, NULL); 1760 if (error) { 1761 free(pathbuf, M_TEMP); 1762 return (error); 1763 } 1764 1765 /* 1766 * Try to find global path for path argument. 1767 */ 1768 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, 1769 UIO_SYSSPACE, pathbuf); 1770 if (namei(&nd) == 0) { 1771 NDFREE_PNBUF(&nd); 1772 error = vn_path_to_global_path(td, nd.ni_vp, pathbuf, 1773 MNAMELEN); 1774 if (error == 0) 1775 vput(nd.ni_vp); 1776 } 1777 mtx_lock(&mountlist_mtx); 1778 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 1779 if (strcmp(mp->mnt_stat.f_mntonname, pathbuf) == 0) { 1780 vfs_ref(mp); 1781 break; 1782 } 1783 } 1784 mtx_unlock(&mountlist_mtx); 1785 free(pathbuf, M_TEMP); 1786 if (mp == NULL) { 1787 /* 1788 * Previously we returned ENOENT for a nonexistent path and 1789 * EINVAL for a non-mountpoint. We cannot tell these apart 1790 * now, so in the !MNT_BYFSID case return the more likely 1791 * EINVAL for compatibility. 1792 */ 1793 return (EINVAL); 1794 } 1795 } 1796 1797 /* 1798 * Don't allow unmounting the root filesystem. 1799 */ 1800 if (mp->mnt_flag & MNT_ROOTFS) { 1801 vfs_rel(mp); 1802 return (EINVAL); 1803 } 1804 error = dounmount(mp, flags, td); 1805 return (error); 1806 } 1807 1808 /* 1809 * Return error if any of the vnodes, ignoring the root vnode 1810 * and the syncer vnode, have non-zero usecount. 1811 * 1812 * This function is purely advisory - it can return false positives 1813 * and negatives. 1814 */ 1815 static int 1816 vfs_check_usecounts(struct mount *mp) 1817 { 1818 struct vnode *vp, *mvp; 1819 1820 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) { 1821 if ((vp->v_vflag & VV_ROOT) == 0 && vp->v_type != VNON && 1822 vp->v_usecount != 0) { 1823 VI_UNLOCK(vp); 1824 MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp); 1825 return (EBUSY); 1826 } 1827 VI_UNLOCK(vp); 1828 } 1829 1830 return (0); 1831 } 1832 1833 static void 1834 dounmount_cleanup(struct mount *mp, struct vnode *coveredvp, int mntkflags) 1835 { 1836 1837 mtx_assert(MNT_MTX(mp), MA_OWNED); 1838 mp->mnt_kern_flag &= ~mntkflags; 1839 if ((mp->mnt_kern_flag & MNTK_MWAIT) != 0) { 1840 mp->mnt_kern_flag &= ~MNTK_MWAIT; 1841 wakeup(mp); 1842 } 1843 vfs_op_exit_locked(mp); 1844 MNT_IUNLOCK(mp); 1845 if (coveredvp != NULL) { 1846 VOP_UNLOCK(coveredvp); 1847 vdrop(coveredvp); 1848 } 1849 vn_finished_write(mp); 1850 vfs_rel(mp); 1851 } 1852 1853 /* 1854 * There are various reference counters associated with the mount point. 1855 * Normally it is permitted to modify them without taking the mnt ilock, 1856 * but this behavior can be temporarily disabled if stable value is needed 1857 * or callers are expected to block (e.g. to not allow new users during 1858 * forced unmount). 1859 */ 1860 void 1861 vfs_op_enter(struct mount *mp) 1862 { 1863 struct mount_pcpu *mpcpu; 1864 int cpu; 1865 1866 MNT_ILOCK(mp); 1867 mp->mnt_vfs_ops++; 1868 if (mp->mnt_vfs_ops > 1) { 1869 MNT_IUNLOCK(mp); 1870 return; 1871 } 1872 vfs_op_barrier_wait(mp); 1873 CPU_FOREACH(cpu) { 1874 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1875 1876 mp->mnt_ref += mpcpu->mntp_ref; 1877 mpcpu->mntp_ref = 0; 1878 1879 mp->mnt_lockref += mpcpu->mntp_lockref; 1880 mpcpu->mntp_lockref = 0; 1881 1882 mp->mnt_writeopcount += mpcpu->mntp_writeopcount; 1883 mpcpu->mntp_writeopcount = 0; 1884 } 1885 MPASSERT(mp->mnt_ref > 0 && mp->mnt_lockref >= 0 && 1886 mp->mnt_writeopcount >= 0, mp, 1887 ("invalid count(s): ref %d lockref %d writeopcount %d", 1888 mp->mnt_ref, mp->mnt_lockref, mp->mnt_writeopcount)); 1889 MNT_IUNLOCK(mp); 1890 vfs_assert_mount_counters(mp); 1891 } 1892 1893 void 1894 vfs_op_exit_locked(struct mount *mp) 1895 { 1896 1897 mtx_assert(MNT_MTX(mp), MA_OWNED); 1898 1899 MPASSERT(mp->mnt_vfs_ops > 0, mp, 1900 ("invalid vfs_ops count %d", mp->mnt_vfs_ops)); 1901 MPASSERT(mp->mnt_vfs_ops > 1 || 1902 (mp->mnt_kern_flag & (MNTK_UNMOUNT | MNTK_SUSPEND)) == 0, mp, 1903 ("vfs_ops too low %d in unmount or suspend", mp->mnt_vfs_ops)); 1904 mp->mnt_vfs_ops--; 1905 } 1906 1907 void 1908 vfs_op_exit(struct mount *mp) 1909 { 1910 1911 MNT_ILOCK(mp); 1912 vfs_op_exit_locked(mp); 1913 MNT_IUNLOCK(mp); 1914 } 1915 1916 struct vfs_op_barrier_ipi { 1917 struct mount *mp; 1918 struct smp_rendezvous_cpus_retry_arg srcra; 1919 }; 1920 1921 static void 1922 vfs_op_action_func(void *arg) 1923 { 1924 struct vfs_op_barrier_ipi *vfsopipi; 1925 struct mount *mp; 1926 1927 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra); 1928 mp = vfsopipi->mp; 1929 1930 if (!vfs_op_thread_entered(mp)) 1931 smp_rendezvous_cpus_done(arg); 1932 } 1933 1934 static void 1935 vfs_op_wait_func(void *arg, int cpu) 1936 { 1937 struct vfs_op_barrier_ipi *vfsopipi; 1938 struct mount *mp; 1939 struct mount_pcpu *mpcpu; 1940 1941 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra); 1942 mp = vfsopipi->mp; 1943 1944 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1945 while (atomic_load_int(&mpcpu->mntp_thread_in_ops)) 1946 cpu_spinwait(); 1947 } 1948 1949 void 1950 vfs_op_barrier_wait(struct mount *mp) 1951 { 1952 struct vfs_op_barrier_ipi vfsopipi; 1953 1954 vfsopipi.mp = mp; 1955 1956 smp_rendezvous_cpus_retry(all_cpus, 1957 smp_no_rendezvous_barrier, 1958 vfs_op_action_func, 1959 smp_no_rendezvous_barrier, 1960 vfs_op_wait_func, 1961 &vfsopipi.srcra); 1962 } 1963 1964 #ifdef DIAGNOSTIC 1965 void 1966 vfs_assert_mount_counters(struct mount *mp) 1967 { 1968 struct mount_pcpu *mpcpu; 1969 int cpu; 1970 1971 if (mp->mnt_vfs_ops == 0) 1972 return; 1973 1974 CPU_FOREACH(cpu) { 1975 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1976 if (mpcpu->mntp_ref != 0 || 1977 mpcpu->mntp_lockref != 0 || 1978 mpcpu->mntp_writeopcount != 0) 1979 vfs_dump_mount_counters(mp); 1980 } 1981 } 1982 1983 void 1984 vfs_dump_mount_counters(struct mount *mp) 1985 { 1986 struct mount_pcpu *mpcpu; 1987 int ref, lockref, writeopcount; 1988 int cpu; 1989 1990 printf("%s: mp %p vfs_ops %d\n", __func__, mp, mp->mnt_vfs_ops); 1991 1992 printf(" ref : "); 1993 ref = mp->mnt_ref; 1994 CPU_FOREACH(cpu) { 1995 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1996 printf("%d ", mpcpu->mntp_ref); 1997 ref += mpcpu->mntp_ref; 1998 } 1999 printf("\n"); 2000 printf(" lockref : "); 2001 lockref = mp->mnt_lockref; 2002 CPU_FOREACH(cpu) { 2003 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 2004 printf("%d ", mpcpu->mntp_lockref); 2005 lockref += mpcpu->mntp_lockref; 2006 } 2007 printf("\n"); 2008 printf("writeopcount: "); 2009 writeopcount = mp->mnt_writeopcount; 2010 CPU_FOREACH(cpu) { 2011 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 2012 printf("%d ", mpcpu->mntp_writeopcount); 2013 writeopcount += mpcpu->mntp_writeopcount; 2014 } 2015 printf("\n"); 2016 2017 printf("counter struct total\n"); 2018 printf("ref %-5d %-5d\n", mp->mnt_ref, ref); 2019 printf("lockref %-5d %-5d\n", mp->mnt_lockref, lockref); 2020 printf("writeopcount %-5d %-5d\n", mp->mnt_writeopcount, writeopcount); 2021 2022 panic("invalid counts on struct mount"); 2023 } 2024 #endif 2025 2026 int 2027 vfs_mount_fetch_counter(struct mount *mp, enum mount_counter which) 2028 { 2029 struct mount_pcpu *mpcpu; 2030 int cpu, sum; 2031 2032 switch (which) { 2033 case MNT_COUNT_REF: 2034 sum = mp->mnt_ref; 2035 break; 2036 case MNT_COUNT_LOCKREF: 2037 sum = mp->mnt_lockref; 2038 break; 2039 case MNT_COUNT_WRITEOPCOUNT: 2040 sum = mp->mnt_writeopcount; 2041 break; 2042 } 2043 2044 CPU_FOREACH(cpu) { 2045 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 2046 switch (which) { 2047 case MNT_COUNT_REF: 2048 sum += mpcpu->mntp_ref; 2049 break; 2050 case MNT_COUNT_LOCKREF: 2051 sum += mpcpu->mntp_lockref; 2052 break; 2053 case MNT_COUNT_WRITEOPCOUNT: 2054 sum += mpcpu->mntp_writeopcount; 2055 break; 2056 } 2057 } 2058 return (sum); 2059 } 2060 2061 static bool 2062 deferred_unmount_enqueue(struct mount *mp, uint64_t flags, bool requeue, 2063 int timeout_ticks) 2064 { 2065 bool enqueued; 2066 2067 enqueued = false; 2068 mtx_lock(&deferred_unmount_lock); 2069 if ((mp->mnt_taskqueue_flags & MNT_DEFERRED) == 0 || requeue) { 2070 mp->mnt_taskqueue_flags = flags | MNT_DEFERRED; 2071 STAILQ_INSERT_TAIL(&deferred_unmount_list, mp, 2072 mnt_taskqueue_link); 2073 enqueued = true; 2074 } 2075 mtx_unlock(&deferred_unmount_lock); 2076 2077 if (enqueued) { 2078 taskqueue_enqueue_timeout(taskqueue_deferred_unmount, 2079 &deferred_unmount_task, timeout_ticks); 2080 } 2081 2082 return (enqueued); 2083 } 2084 2085 /* 2086 * Taskqueue handler for processing async/recursive unmounts 2087 */ 2088 static void 2089 vfs_deferred_unmount(void *argi __unused, int pending __unused) 2090 { 2091 STAILQ_HEAD(, mount) local_unmounts; 2092 uint64_t flags; 2093 struct mount *mp, *tmp; 2094 int error; 2095 unsigned int retries; 2096 bool unmounted; 2097 2098 STAILQ_INIT(&local_unmounts); 2099 mtx_lock(&deferred_unmount_lock); 2100 STAILQ_CONCAT(&local_unmounts, &deferred_unmount_list); 2101 mtx_unlock(&deferred_unmount_lock); 2102 2103 STAILQ_FOREACH_SAFE(mp, &local_unmounts, mnt_taskqueue_link, tmp) { 2104 flags = mp->mnt_taskqueue_flags; 2105 KASSERT((flags & MNT_DEFERRED) != 0, 2106 ("taskqueue unmount without MNT_DEFERRED")); 2107 error = dounmount(mp, flags, curthread); 2108 if (error != 0) { 2109 MNT_ILOCK(mp); 2110 unmounted = ((mp->mnt_kern_flag & MNTK_REFEXPIRE) != 0); 2111 MNT_IUNLOCK(mp); 2112 2113 /* 2114 * The deferred unmount thread is the only thread that 2115 * modifies the retry counts, so locking/atomics aren't 2116 * needed here. 2117 */ 2118 retries = (mp->mnt_unmount_retries)++; 2119 deferred_unmount_total_retries++; 2120 if (!unmounted && retries < deferred_unmount_retry_limit) { 2121 deferred_unmount_enqueue(mp, flags, true, 2122 -deferred_unmount_retry_delay_hz); 2123 } else { 2124 if (retries >= deferred_unmount_retry_limit) { 2125 printf("giving up on deferred unmount " 2126 "of %s after %d retries, error %d\n", 2127 mp->mnt_stat.f_mntonname, retries, error); 2128 } 2129 vfs_rel(mp); 2130 } 2131 } 2132 } 2133 } 2134 2135 /* 2136 * Do the actual filesystem unmount. 2137 */ 2138 int 2139 dounmount(struct mount *mp, uint64_t flags, struct thread *td) 2140 { 2141 struct mount_upper_node *upper; 2142 struct vnode *coveredvp, *rootvp; 2143 int error; 2144 uint64_t async_flag; 2145 int mnt_gen_r; 2146 unsigned int retries; 2147 2148 KASSERT((flags & MNT_DEFERRED) == 0 || 2149 (flags & (MNT_RECURSE | MNT_FORCE)) == (MNT_RECURSE | MNT_FORCE), 2150 ("MNT_DEFERRED requires MNT_RECURSE | MNT_FORCE")); 2151 2152 /* 2153 * If the caller has explicitly requested the unmount to be handled by 2154 * the taskqueue and we're not already in taskqueue context, queue 2155 * up the unmount request and exit. This is done prior to any 2156 * credential checks; MNT_DEFERRED should be used only for kernel- 2157 * initiated unmounts and will therefore be processed with the 2158 * (kernel) credentials of the taskqueue thread. Still, callers 2159 * should be sure this is the behavior they want. 2160 */ 2161 if ((flags & MNT_DEFERRED) != 0 && 2162 taskqueue_member(taskqueue_deferred_unmount, curthread) == 0) { 2163 if (!deferred_unmount_enqueue(mp, flags, false, 0)) 2164 vfs_rel(mp); 2165 return (EINPROGRESS); 2166 } 2167 2168 /* 2169 * Only privileged root, or (if MNT_USER is set) the user that did the 2170 * original mount is permitted to unmount this filesystem. 2171 * This check should be made prior to queueing up any recursive 2172 * unmounts of upper filesystems. Those unmounts will be executed 2173 * with kernel thread credentials and are expected to succeed, so 2174 * we must at least ensure the originating context has sufficient 2175 * privilege to unmount the base filesystem before proceeding with 2176 * the uppers. 2177 */ 2178 error = vfs_suser(mp, td); 2179 if (error != 0) { 2180 KASSERT((flags & MNT_DEFERRED) == 0, 2181 ("taskqueue unmount with insufficient privilege")); 2182 vfs_rel(mp); 2183 return (error); 2184 } 2185 2186 if (recursive_forced_unmount && ((flags & MNT_FORCE) != 0)) 2187 flags |= MNT_RECURSE; 2188 2189 if ((flags & MNT_RECURSE) != 0) { 2190 KASSERT((flags & MNT_FORCE) != 0, 2191 ("MNT_RECURSE requires MNT_FORCE")); 2192 2193 MNT_ILOCK(mp); 2194 /* 2195 * Set MNTK_RECURSE to prevent new upper mounts from being 2196 * added, and note that an operation on the uppers list is in 2197 * progress. This will ensure that unregistration from the 2198 * uppers list, and therefore any pending unmount of the upper 2199 * FS, can't complete until after we finish walking the list. 2200 */ 2201 mp->mnt_kern_flag |= MNTK_RECURSE; 2202 mp->mnt_upper_pending++; 2203 TAILQ_FOREACH(upper, &mp->mnt_uppers, mnt_upper_link) { 2204 retries = upper->mp->mnt_unmount_retries; 2205 if (retries > deferred_unmount_retry_limit) { 2206 error = EBUSY; 2207 continue; 2208 } 2209 MNT_IUNLOCK(mp); 2210 2211 vfs_ref(upper->mp); 2212 if (!deferred_unmount_enqueue(upper->mp, flags, 2213 false, 0)) 2214 vfs_rel(upper->mp); 2215 MNT_ILOCK(mp); 2216 } 2217 mp->mnt_upper_pending--; 2218 if ((mp->mnt_kern_flag & MNTK_UPPER_WAITER) != 0 && 2219 mp->mnt_upper_pending == 0) { 2220 mp->mnt_kern_flag &= ~MNTK_UPPER_WAITER; 2221 wakeup(&mp->mnt_uppers); 2222 } 2223 2224 /* 2225 * If we're not on the taskqueue, wait until the uppers list 2226 * is drained before proceeding with unmount. Otherwise, if 2227 * we are on the taskqueue and there are still pending uppers, 2228 * just re-enqueue on the end of the taskqueue. 2229 */ 2230 if ((flags & MNT_DEFERRED) == 0) { 2231 while (error == 0 && !TAILQ_EMPTY(&mp->mnt_uppers)) { 2232 mp->mnt_kern_flag |= MNTK_TASKQUEUE_WAITER; 2233 error = msleep(&mp->mnt_taskqueue_link, 2234 MNT_MTX(mp), PCATCH, "umntqw", 0); 2235 } 2236 if (error != 0) { 2237 MNT_REL(mp); 2238 MNT_IUNLOCK(mp); 2239 return (error); 2240 } 2241 } else if (!TAILQ_EMPTY(&mp->mnt_uppers)) { 2242 MNT_IUNLOCK(mp); 2243 if (error == 0) 2244 deferred_unmount_enqueue(mp, flags, true, 0); 2245 return (error); 2246 } 2247 MNT_IUNLOCK(mp); 2248 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers not empty")); 2249 } 2250 2251 /* Allow the taskqueue to safely re-enqueue on failure */ 2252 if ((flags & MNT_DEFERRED) != 0) 2253 vfs_ref(mp); 2254 2255 if ((coveredvp = mp->mnt_vnodecovered) != NULL) { 2256 mnt_gen_r = mp->mnt_gen; 2257 VI_LOCK(coveredvp); 2258 vholdl(coveredvp); 2259 vn_lock(coveredvp, LK_EXCLUSIVE | LK_INTERLOCK | LK_RETRY); 2260 /* 2261 * Check for mp being unmounted while waiting for the 2262 * covered vnode lock. 2263 */ 2264 if (coveredvp->v_mountedhere != mp || 2265 coveredvp->v_mountedhere->mnt_gen != mnt_gen_r) { 2266 VOP_UNLOCK(coveredvp); 2267 vdrop(coveredvp); 2268 vfs_rel(mp); 2269 return (EBUSY); 2270 } 2271 } 2272 2273 vfs_op_enter(mp); 2274 2275 vn_start_write(NULL, &mp, V_WAIT); 2276 MNT_ILOCK(mp); 2277 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0 || 2278 (mp->mnt_flag & MNT_UPDATE) != 0 || 2279 !TAILQ_EMPTY(&mp->mnt_uppers)) { 2280 dounmount_cleanup(mp, coveredvp, 0); 2281 return (EBUSY); 2282 } 2283 mp->mnt_kern_flag |= MNTK_UNMOUNT; 2284 rootvp = vfs_cache_root_clear(mp); 2285 if (coveredvp != NULL) 2286 vn_seqc_write_begin(coveredvp); 2287 if (flags & MNT_NONBUSY) { 2288 MNT_IUNLOCK(mp); 2289 error = vfs_check_usecounts(mp); 2290 MNT_ILOCK(mp); 2291 if (error != 0) { 2292 vn_seqc_write_end(coveredvp); 2293 dounmount_cleanup(mp, coveredvp, MNTK_UNMOUNT); 2294 if (rootvp != NULL) { 2295 vn_seqc_write_end(rootvp); 2296 vrele(rootvp); 2297 } 2298 return (error); 2299 } 2300 } 2301 /* Allow filesystems to detect that a forced unmount is in progress. */ 2302 if (flags & MNT_FORCE) { 2303 mp->mnt_kern_flag |= MNTK_UNMOUNTF; 2304 MNT_IUNLOCK(mp); 2305 /* 2306 * Must be done after setting MNTK_UNMOUNTF and before 2307 * waiting for mnt_lockref to become 0. 2308 */ 2309 VFS_PURGE(mp); 2310 MNT_ILOCK(mp); 2311 } 2312 error = 0; 2313 if (mp->mnt_lockref) { 2314 mp->mnt_kern_flag |= MNTK_DRAINING; 2315 error = msleep(&mp->mnt_lockref, MNT_MTX(mp), PVFS, 2316 "mount drain", 0); 2317 } 2318 MNT_IUNLOCK(mp); 2319 KASSERT(mp->mnt_lockref == 0, 2320 ("%s: invalid lock refcount in the drain path @ %s:%d", 2321 __func__, __FILE__, __LINE__)); 2322 KASSERT(error == 0, 2323 ("%s: invalid return value for msleep in the drain path @ %s:%d", 2324 __func__, __FILE__, __LINE__)); 2325 2326 /* 2327 * We want to keep the vnode around so that we can vn_seqc_write_end 2328 * after we are done with unmount. Downgrade our reference to a mere 2329 * hold count so that we don't interefere with anything. 2330 */ 2331 if (rootvp != NULL) { 2332 vhold(rootvp); 2333 vrele(rootvp); 2334 } 2335 2336 if (mp->mnt_flag & MNT_EXPUBLIC) 2337 vfs_setpublicfs(NULL, NULL, NULL); 2338 2339 vfs_periodic(mp, MNT_WAIT); 2340 MNT_ILOCK(mp); 2341 async_flag = mp->mnt_flag & MNT_ASYNC; 2342 mp->mnt_flag &= ~MNT_ASYNC; 2343 mp->mnt_kern_flag &= ~MNTK_ASYNC; 2344 MNT_IUNLOCK(mp); 2345 vfs_deallocate_syncvnode(mp); 2346 error = VFS_UNMOUNT(mp, flags); 2347 vn_finished_write(mp); 2348 vfs_rel(mp); 2349 /* 2350 * If we failed to flush the dirty blocks for this mount point, 2351 * undo all the cdir/rdir and rootvnode changes we made above. 2352 * Unless we failed to do so because the device is reporting that 2353 * it doesn't exist anymore. 2354 */ 2355 if (error && error != ENXIO) { 2356 MNT_ILOCK(mp); 2357 if ((mp->mnt_flag & MNT_RDONLY) == 0) { 2358 MNT_IUNLOCK(mp); 2359 vfs_allocate_syncvnode(mp); 2360 MNT_ILOCK(mp); 2361 } 2362 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF); 2363 mp->mnt_flag |= async_flag; 2364 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 2365 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 2366 mp->mnt_kern_flag |= MNTK_ASYNC; 2367 if (mp->mnt_kern_flag & MNTK_MWAIT) { 2368 mp->mnt_kern_flag &= ~MNTK_MWAIT; 2369 wakeup(mp); 2370 } 2371 vfs_op_exit_locked(mp); 2372 MNT_IUNLOCK(mp); 2373 if (coveredvp) { 2374 vn_seqc_write_end(coveredvp); 2375 VOP_UNLOCK(coveredvp); 2376 vdrop(coveredvp); 2377 } 2378 if (rootvp != NULL) { 2379 vn_seqc_write_end(rootvp); 2380 vdrop(rootvp); 2381 } 2382 return (error); 2383 } 2384 2385 mtx_lock(&mountlist_mtx); 2386 TAILQ_REMOVE(&mountlist, mp, mnt_list); 2387 mtx_unlock(&mountlist_mtx); 2388 EVENTHANDLER_DIRECT_INVOKE(vfs_unmounted, mp, td); 2389 if (coveredvp != NULL) { 2390 VI_LOCK(coveredvp); 2391 vn_irflag_unset_locked(coveredvp, VIRF_MOUNTPOINT); 2392 coveredvp->v_mountedhere = NULL; 2393 vn_seqc_write_end_locked(coveredvp); 2394 VI_UNLOCK(coveredvp); 2395 VOP_UNLOCK(coveredvp); 2396 vdrop(coveredvp); 2397 } 2398 mount_devctl_event("UNMOUNT", mp, false); 2399 if (rootvp != NULL) { 2400 vn_seqc_write_end(rootvp); 2401 vdrop(rootvp); 2402 } 2403 vfs_event_signal(NULL, VQ_UNMOUNT, 0); 2404 if (rootvnode != NULL && mp == rootvnode->v_mount) { 2405 vrele(rootvnode); 2406 rootvnode = NULL; 2407 } 2408 if (mp == rootdevmp) 2409 rootdevmp = NULL; 2410 if ((flags & MNT_DEFERRED) != 0) 2411 vfs_rel(mp); 2412 vfs_mount_destroy(mp); 2413 return (0); 2414 } 2415 2416 /* 2417 * Report errors during filesystem mounting. 2418 */ 2419 void 2420 vfs_mount_error(struct mount *mp, const char *fmt, ...) 2421 { 2422 struct vfsoptlist *moptlist = mp->mnt_optnew; 2423 va_list ap; 2424 int error, len; 2425 char *errmsg; 2426 2427 error = vfs_getopt(moptlist, "errmsg", (void **)&errmsg, &len); 2428 if (error || errmsg == NULL || len <= 0) 2429 return; 2430 2431 va_start(ap, fmt); 2432 vsnprintf(errmsg, (size_t)len, fmt, ap); 2433 va_end(ap); 2434 } 2435 2436 void 2437 vfs_opterror(struct vfsoptlist *opts, const char *fmt, ...) 2438 { 2439 va_list ap; 2440 int error, len; 2441 char *errmsg; 2442 2443 error = vfs_getopt(opts, "errmsg", (void **)&errmsg, &len); 2444 if (error || errmsg == NULL || len <= 0) 2445 return; 2446 2447 va_start(ap, fmt); 2448 vsnprintf(errmsg, (size_t)len, fmt, ap); 2449 va_end(ap); 2450 } 2451 2452 /* 2453 * --------------------------------------------------------------------- 2454 * Functions for querying mount options/arguments from filesystems. 2455 */ 2456 2457 /* 2458 * Check that no unknown options are given 2459 */ 2460 int 2461 vfs_filteropt(struct vfsoptlist *opts, const char **legal) 2462 { 2463 struct vfsopt *opt; 2464 char errmsg[255]; 2465 const char **t, *p, *q; 2466 int ret = 0; 2467 2468 TAILQ_FOREACH(opt, opts, link) { 2469 p = opt->name; 2470 q = NULL; 2471 if (p[0] == 'n' && p[1] == 'o') 2472 q = p + 2; 2473 for(t = global_opts; *t != NULL; t++) { 2474 if (strcmp(*t, p) == 0) 2475 break; 2476 if (q != NULL) { 2477 if (strcmp(*t, q) == 0) 2478 break; 2479 } 2480 } 2481 if (*t != NULL) 2482 continue; 2483 for(t = legal; *t != NULL; t++) { 2484 if (strcmp(*t, p) == 0) 2485 break; 2486 if (q != NULL) { 2487 if (strcmp(*t, q) == 0) 2488 break; 2489 } 2490 } 2491 if (*t != NULL) 2492 continue; 2493 snprintf(errmsg, sizeof(errmsg), 2494 "mount option <%s> is unknown", p); 2495 ret = EINVAL; 2496 } 2497 if (ret != 0) { 2498 TAILQ_FOREACH(opt, opts, link) { 2499 if (strcmp(opt->name, "errmsg") == 0) { 2500 strncpy((char *)opt->value, errmsg, opt->len); 2501 break; 2502 } 2503 } 2504 if (opt == NULL) 2505 printf("%s\n", errmsg); 2506 } 2507 return (ret); 2508 } 2509 2510 /* 2511 * Get a mount option by its name. 2512 * 2513 * Return 0 if the option was found, ENOENT otherwise. 2514 * If len is non-NULL it will be filled with the length 2515 * of the option. If buf is non-NULL, it will be filled 2516 * with the address of the option. 2517 */ 2518 int 2519 vfs_getopt(struct vfsoptlist *opts, const char *name, void **buf, int *len) 2520 { 2521 struct vfsopt *opt; 2522 2523 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL")); 2524 2525 TAILQ_FOREACH(opt, opts, link) { 2526 if (strcmp(name, opt->name) == 0) { 2527 opt->seen = 1; 2528 if (len != NULL) 2529 *len = opt->len; 2530 if (buf != NULL) 2531 *buf = opt->value; 2532 return (0); 2533 } 2534 } 2535 return (ENOENT); 2536 } 2537 2538 int 2539 vfs_getopt_pos(struct vfsoptlist *opts, const char *name) 2540 { 2541 struct vfsopt *opt; 2542 2543 if (opts == NULL) 2544 return (-1); 2545 2546 TAILQ_FOREACH(opt, opts, link) { 2547 if (strcmp(name, opt->name) == 0) { 2548 opt->seen = 1; 2549 return (opt->pos); 2550 } 2551 } 2552 return (-1); 2553 } 2554 2555 int 2556 vfs_getopt_size(struct vfsoptlist *opts, const char *name, off_t *value) 2557 { 2558 char *opt_value, *vtp; 2559 quad_t iv; 2560 int error, opt_len; 2561 2562 error = vfs_getopt(opts, name, (void **)&opt_value, &opt_len); 2563 if (error != 0) 2564 return (error); 2565 if (opt_len == 0 || opt_value == NULL) 2566 return (EINVAL); 2567 if (opt_value[0] == '\0' || opt_value[opt_len - 1] != '\0') 2568 return (EINVAL); 2569 iv = strtoq(opt_value, &vtp, 0); 2570 if (vtp == opt_value || (vtp[0] != '\0' && vtp[1] != '\0')) 2571 return (EINVAL); 2572 if (iv < 0) 2573 return (EINVAL); 2574 switch (vtp[0]) { 2575 case 't': case 'T': 2576 iv *= 1024; 2577 /* FALLTHROUGH */ 2578 case 'g': case 'G': 2579 iv *= 1024; 2580 /* FALLTHROUGH */ 2581 case 'm': case 'M': 2582 iv *= 1024; 2583 /* FALLTHROUGH */ 2584 case 'k': case 'K': 2585 iv *= 1024; 2586 case '\0': 2587 break; 2588 default: 2589 return (EINVAL); 2590 } 2591 *value = iv; 2592 2593 return (0); 2594 } 2595 2596 char * 2597 vfs_getopts(struct vfsoptlist *opts, const char *name, int *error) 2598 { 2599 struct vfsopt *opt; 2600 2601 *error = 0; 2602 TAILQ_FOREACH(opt, opts, link) { 2603 if (strcmp(name, opt->name) != 0) 2604 continue; 2605 opt->seen = 1; 2606 if (opt->len == 0 || 2607 ((char *)opt->value)[opt->len - 1] != '\0') { 2608 *error = EINVAL; 2609 return (NULL); 2610 } 2611 return (opt->value); 2612 } 2613 *error = ENOENT; 2614 return (NULL); 2615 } 2616 2617 int 2618 vfs_flagopt(struct vfsoptlist *opts, const char *name, uint64_t *w, 2619 uint64_t val) 2620 { 2621 struct vfsopt *opt; 2622 2623 TAILQ_FOREACH(opt, opts, link) { 2624 if (strcmp(name, opt->name) == 0) { 2625 opt->seen = 1; 2626 if (w != NULL) 2627 *w |= val; 2628 return (1); 2629 } 2630 } 2631 if (w != NULL) 2632 *w &= ~val; 2633 return (0); 2634 } 2635 2636 int 2637 vfs_scanopt(struct vfsoptlist *opts, const char *name, const char *fmt, ...) 2638 { 2639 va_list ap; 2640 struct vfsopt *opt; 2641 int ret; 2642 2643 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL")); 2644 2645 TAILQ_FOREACH(opt, opts, link) { 2646 if (strcmp(name, opt->name) != 0) 2647 continue; 2648 opt->seen = 1; 2649 if (opt->len == 0 || opt->value == NULL) 2650 return (0); 2651 if (((char *)opt->value)[opt->len - 1] != '\0') 2652 return (0); 2653 va_start(ap, fmt); 2654 ret = vsscanf(opt->value, fmt, ap); 2655 va_end(ap); 2656 return (ret); 2657 } 2658 return (0); 2659 } 2660 2661 int 2662 vfs_setopt(struct vfsoptlist *opts, const char *name, void *value, int len) 2663 { 2664 struct vfsopt *opt; 2665 2666 TAILQ_FOREACH(opt, opts, link) { 2667 if (strcmp(name, opt->name) != 0) 2668 continue; 2669 opt->seen = 1; 2670 if (opt->value == NULL) 2671 opt->len = len; 2672 else { 2673 if (opt->len != len) 2674 return (EINVAL); 2675 bcopy(value, opt->value, len); 2676 } 2677 return (0); 2678 } 2679 return (ENOENT); 2680 } 2681 2682 int 2683 vfs_setopt_part(struct vfsoptlist *opts, const char *name, void *value, int len) 2684 { 2685 struct vfsopt *opt; 2686 2687 TAILQ_FOREACH(opt, opts, link) { 2688 if (strcmp(name, opt->name) != 0) 2689 continue; 2690 opt->seen = 1; 2691 if (opt->value == NULL) 2692 opt->len = len; 2693 else { 2694 if (opt->len < len) 2695 return (EINVAL); 2696 opt->len = len; 2697 bcopy(value, opt->value, len); 2698 } 2699 return (0); 2700 } 2701 return (ENOENT); 2702 } 2703 2704 int 2705 vfs_setopts(struct vfsoptlist *opts, const char *name, const char *value) 2706 { 2707 struct vfsopt *opt; 2708 2709 TAILQ_FOREACH(opt, opts, link) { 2710 if (strcmp(name, opt->name) != 0) 2711 continue; 2712 opt->seen = 1; 2713 if (opt->value == NULL) 2714 opt->len = strlen(value) + 1; 2715 else if (strlcpy(opt->value, value, opt->len) >= opt->len) 2716 return (EINVAL); 2717 return (0); 2718 } 2719 return (ENOENT); 2720 } 2721 2722 /* 2723 * Find and copy a mount option. 2724 * 2725 * The size of the buffer has to be specified 2726 * in len, if it is not the same length as the 2727 * mount option, EINVAL is returned. 2728 * Returns ENOENT if the option is not found. 2729 */ 2730 int 2731 vfs_copyopt(struct vfsoptlist *opts, const char *name, void *dest, int len) 2732 { 2733 struct vfsopt *opt; 2734 2735 KASSERT(opts != NULL, ("vfs_copyopt: caller passed 'opts' as NULL")); 2736 2737 TAILQ_FOREACH(opt, opts, link) { 2738 if (strcmp(name, opt->name) == 0) { 2739 opt->seen = 1; 2740 if (len != opt->len) 2741 return (EINVAL); 2742 bcopy(opt->value, dest, opt->len); 2743 return (0); 2744 } 2745 } 2746 return (ENOENT); 2747 } 2748 2749 int 2750 __vfs_statfs(struct mount *mp, struct statfs *sbp) 2751 { 2752 /* 2753 * Filesystems only fill in part of the structure for updates, we 2754 * have to read the entirety first to get all content. 2755 */ 2756 if (sbp != &mp->mnt_stat) 2757 memcpy(sbp, &mp->mnt_stat, sizeof(*sbp)); 2758 2759 /* 2760 * Set these in case the underlying filesystem fails to do so. 2761 */ 2762 sbp->f_version = STATFS_VERSION; 2763 sbp->f_namemax = NAME_MAX; 2764 sbp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; 2765 sbp->f_nvnodelistsize = mp->mnt_nvnodelistsize; 2766 2767 return (mp->mnt_op->vfs_statfs(mp, sbp)); 2768 } 2769 2770 void 2771 vfs_mountedfrom(struct mount *mp, const char *from) 2772 { 2773 2774 bzero(mp->mnt_stat.f_mntfromname, sizeof mp->mnt_stat.f_mntfromname); 2775 strlcpy(mp->mnt_stat.f_mntfromname, from, 2776 sizeof mp->mnt_stat.f_mntfromname); 2777 } 2778 2779 /* 2780 * --------------------------------------------------------------------- 2781 * This is the api for building mount args and mounting filesystems from 2782 * inside the kernel. 2783 * 2784 * The API works by accumulation of individual args. First error is 2785 * latched. 2786 * 2787 * XXX: should be documented in new manpage kernel_mount(9) 2788 */ 2789 2790 /* A memory allocation which must be freed when we are done */ 2791 struct mntaarg { 2792 SLIST_ENTRY(mntaarg) next; 2793 }; 2794 2795 /* The header for the mount arguments */ 2796 struct mntarg { 2797 struct iovec *v; 2798 int len; 2799 int error; 2800 SLIST_HEAD(, mntaarg) list; 2801 }; 2802 2803 /* 2804 * Add a boolean argument. 2805 * 2806 * flag is the boolean value. 2807 * name must start with "no". 2808 */ 2809 struct mntarg * 2810 mount_argb(struct mntarg *ma, int flag, const char *name) 2811 { 2812 2813 KASSERT(name[0] == 'n' && name[1] == 'o', 2814 ("mount_argb(...,%s): name must start with 'no'", name)); 2815 2816 return (mount_arg(ma, name + (flag ? 2 : 0), NULL, 0)); 2817 } 2818 2819 /* 2820 * Add an argument printf style 2821 */ 2822 struct mntarg * 2823 mount_argf(struct mntarg *ma, const char *name, const char *fmt, ...) 2824 { 2825 va_list ap; 2826 struct mntaarg *maa; 2827 struct sbuf *sb; 2828 int len; 2829 2830 if (ma == NULL) { 2831 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2832 SLIST_INIT(&ma->list); 2833 } 2834 if (ma->error) 2835 return (ma); 2836 2837 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2), 2838 M_MOUNT, M_WAITOK); 2839 ma->v[ma->len].iov_base = (void *)(uintptr_t)name; 2840 ma->v[ma->len].iov_len = strlen(name) + 1; 2841 ma->len++; 2842 2843 sb = sbuf_new_auto(); 2844 va_start(ap, fmt); 2845 sbuf_vprintf(sb, fmt, ap); 2846 va_end(ap); 2847 sbuf_finish(sb); 2848 len = sbuf_len(sb) + 1; 2849 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO); 2850 SLIST_INSERT_HEAD(&ma->list, maa, next); 2851 bcopy(sbuf_data(sb), maa + 1, len); 2852 sbuf_delete(sb); 2853 2854 ma->v[ma->len].iov_base = maa + 1; 2855 ma->v[ma->len].iov_len = len; 2856 ma->len++; 2857 2858 return (ma); 2859 } 2860 2861 /* 2862 * Add an argument which is a userland string. 2863 */ 2864 struct mntarg * 2865 mount_argsu(struct mntarg *ma, const char *name, const void *val, int len) 2866 { 2867 struct mntaarg *maa; 2868 char *tbuf; 2869 2870 if (val == NULL) 2871 return (ma); 2872 if (ma == NULL) { 2873 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2874 SLIST_INIT(&ma->list); 2875 } 2876 if (ma->error) 2877 return (ma); 2878 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO); 2879 SLIST_INSERT_HEAD(&ma->list, maa, next); 2880 tbuf = (void *)(maa + 1); 2881 ma->error = copyinstr(val, tbuf, len, NULL); 2882 return (mount_arg(ma, name, tbuf, -1)); 2883 } 2884 2885 /* 2886 * Plain argument. 2887 * 2888 * If length is -1, treat value as a C string. 2889 */ 2890 struct mntarg * 2891 mount_arg(struct mntarg *ma, const char *name, const void *val, int len) 2892 { 2893 2894 if (ma == NULL) { 2895 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2896 SLIST_INIT(&ma->list); 2897 } 2898 if (ma->error) 2899 return (ma); 2900 2901 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2), 2902 M_MOUNT, M_WAITOK); 2903 ma->v[ma->len].iov_base = (void *)(uintptr_t)name; 2904 ma->v[ma->len].iov_len = strlen(name) + 1; 2905 ma->len++; 2906 2907 ma->v[ma->len].iov_base = (void *)(uintptr_t)val; 2908 if (len < 0) 2909 ma->v[ma->len].iov_len = strlen(val) + 1; 2910 else 2911 ma->v[ma->len].iov_len = len; 2912 ma->len++; 2913 return (ma); 2914 } 2915 2916 /* 2917 * Free a mntarg structure 2918 */ 2919 static void 2920 free_mntarg(struct mntarg *ma) 2921 { 2922 struct mntaarg *maa; 2923 2924 while (!SLIST_EMPTY(&ma->list)) { 2925 maa = SLIST_FIRST(&ma->list); 2926 SLIST_REMOVE_HEAD(&ma->list, next); 2927 free(maa, M_MOUNT); 2928 } 2929 free(ma->v, M_MOUNT); 2930 free(ma, M_MOUNT); 2931 } 2932 2933 /* 2934 * Mount a filesystem 2935 */ 2936 int 2937 kernel_mount(struct mntarg *ma, uint64_t flags) 2938 { 2939 struct uio auio; 2940 int error; 2941 2942 KASSERT(ma != NULL, ("kernel_mount NULL ma")); 2943 KASSERT(ma->error != 0 || ma->v != NULL, ("kernel_mount NULL ma->v")); 2944 KASSERT(!(ma->len & 1), ("kernel_mount odd ma->len (%d)", ma->len)); 2945 2946 error = ma->error; 2947 if (error == 0) { 2948 auio.uio_iov = ma->v; 2949 auio.uio_iovcnt = ma->len; 2950 auio.uio_segflg = UIO_SYSSPACE; 2951 error = vfs_donmount(curthread, flags, &auio); 2952 } 2953 free_mntarg(ma); 2954 return (error); 2955 } 2956 2957 /* Map from mount options to printable formats. */ 2958 static struct mntoptnames optnames[] = { 2959 MNTOPT_NAMES 2960 }; 2961 2962 #define DEVCTL_LEN 1024 2963 static void 2964 mount_devctl_event(const char *type, struct mount *mp, bool donew) 2965 { 2966 const uint8_t *cp; 2967 struct mntoptnames *fp; 2968 struct sbuf sb; 2969 struct statfs *sfp = &mp->mnt_stat; 2970 char *buf; 2971 2972 buf = malloc(DEVCTL_LEN, M_MOUNT, M_NOWAIT); 2973 if (buf == NULL) 2974 return; 2975 sbuf_new(&sb, buf, DEVCTL_LEN, SBUF_FIXEDLEN); 2976 sbuf_cpy(&sb, "mount-point=\""); 2977 devctl_safe_quote_sb(&sb, sfp->f_mntonname); 2978 sbuf_cat(&sb, "\" mount-dev=\""); 2979 devctl_safe_quote_sb(&sb, sfp->f_mntfromname); 2980 sbuf_cat(&sb, "\" mount-type=\""); 2981 devctl_safe_quote_sb(&sb, sfp->f_fstypename); 2982 sbuf_cat(&sb, "\" fsid=0x"); 2983 cp = (const uint8_t *)&sfp->f_fsid.val[0]; 2984 for (int i = 0; i < sizeof(sfp->f_fsid); i++) 2985 sbuf_printf(&sb, "%02x", cp[i]); 2986 sbuf_printf(&sb, " owner=%u flags=\"", sfp->f_owner); 2987 for (fp = optnames; fp->o_opt != 0; fp++) { 2988 if ((mp->mnt_flag & fp->o_opt) != 0) { 2989 sbuf_cat(&sb, fp->o_name); 2990 sbuf_putc(&sb, ';'); 2991 } 2992 } 2993 sbuf_putc(&sb, '"'); 2994 sbuf_finish(&sb); 2995 2996 /* 2997 * Options are not published because the form of the options depends on 2998 * the file system and may include binary data. In addition, they don't 2999 * necessarily provide enough useful information to be actionable when 3000 * devd processes them. 3001 */ 3002 3003 if (sbuf_error(&sb) == 0) 3004 devctl_notify("VFS", "FS", type, sbuf_data(&sb)); 3005 sbuf_delete(&sb); 3006 free(buf, M_MOUNT); 3007 } 3008 3009 /* 3010 * Force remount specified mount point to read-only. The argument 3011 * must be busied to avoid parallel unmount attempts. 3012 * 3013 * Intended use is to prevent further writes if some metadata 3014 * inconsistency is detected. Note that the function still flushes 3015 * all cached metadata and data for the mount point, which might be 3016 * not always suitable. 3017 */ 3018 int 3019 vfs_remount_ro(struct mount *mp) 3020 { 3021 struct vfsoptlist *opts; 3022 struct vfsopt *opt; 3023 struct vnode *vp_covered, *rootvp; 3024 int error; 3025 3026 vfs_op_enter(mp); 3027 KASSERT(mp->mnt_lockref > 0, 3028 ("vfs_remount_ro: mp %p is not busied", mp)); 3029 KASSERT((mp->mnt_kern_flag & MNTK_UNMOUNT) == 0, 3030 ("vfs_remount_ro: mp %p is being unmounted (and busy?)", mp)); 3031 3032 rootvp = NULL; 3033 vp_covered = mp->mnt_vnodecovered; 3034 error = vget(vp_covered, LK_EXCLUSIVE | LK_NOWAIT); 3035 if (error != 0) { 3036 vfs_op_exit(mp); 3037 return (error); 3038 } 3039 VI_LOCK(vp_covered); 3040 if ((vp_covered->v_iflag & VI_MOUNT) != 0) { 3041 VI_UNLOCK(vp_covered); 3042 vput(vp_covered); 3043 vfs_op_exit(mp); 3044 return (EBUSY); 3045 } 3046 vp_covered->v_iflag |= VI_MOUNT; 3047 VI_UNLOCK(vp_covered); 3048 vn_seqc_write_begin(vp_covered); 3049 3050 MNT_ILOCK(mp); 3051 if ((mp->mnt_flag & MNT_RDONLY) != 0) { 3052 MNT_IUNLOCK(mp); 3053 error = EBUSY; 3054 goto out; 3055 } 3056 mp->mnt_flag |= MNT_UPDATE | MNT_FORCE | MNT_RDONLY; 3057 rootvp = vfs_cache_root_clear(mp); 3058 MNT_IUNLOCK(mp); 3059 3060 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK | M_ZERO); 3061 TAILQ_INIT(opts); 3062 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK | M_ZERO); 3063 opt->name = strdup("ro", M_MOUNT); 3064 opt->value = NULL; 3065 TAILQ_INSERT_TAIL(opts, opt, link); 3066 vfs_mergeopts(opts, mp->mnt_opt); 3067 mp->mnt_optnew = opts; 3068 3069 error = VFS_MOUNT(mp); 3070 3071 if (error == 0) { 3072 MNT_ILOCK(mp); 3073 mp->mnt_flag &= ~(MNT_UPDATE | MNT_FORCE); 3074 MNT_IUNLOCK(mp); 3075 vfs_deallocate_syncvnode(mp); 3076 if (mp->mnt_opt != NULL) 3077 vfs_freeopts(mp->mnt_opt); 3078 mp->mnt_opt = mp->mnt_optnew; 3079 } else { 3080 MNT_ILOCK(mp); 3081 mp->mnt_flag &= ~(MNT_UPDATE | MNT_FORCE | MNT_RDONLY); 3082 MNT_IUNLOCK(mp); 3083 vfs_freeopts(mp->mnt_optnew); 3084 } 3085 mp->mnt_optnew = NULL; 3086 3087 out: 3088 vfs_op_exit(mp); 3089 VI_LOCK(vp_covered); 3090 vp_covered->v_iflag &= ~VI_MOUNT; 3091 VI_UNLOCK(vp_covered); 3092 vput(vp_covered); 3093 vn_seqc_write_end(vp_covered); 3094 if (rootvp != NULL) { 3095 vn_seqc_write_end(rootvp); 3096 vrele(rootvp); 3097 } 3098 return (error); 3099 } 3100 3101 /* 3102 * Suspend write operations on all local writeable filesystems. Does 3103 * full sync of them in the process. 3104 * 3105 * Iterate over the mount points in reverse order, suspending most 3106 * recently mounted filesystems first. It handles a case where a 3107 * filesystem mounted from a md(4) vnode-backed device should be 3108 * suspended before the filesystem that owns the vnode. 3109 */ 3110 void 3111 suspend_all_fs(void) 3112 { 3113 struct mount *mp; 3114 int error; 3115 3116 mtx_lock(&mountlist_mtx); 3117 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 3118 error = vfs_busy(mp, MBF_MNTLSTLOCK | MBF_NOWAIT); 3119 if (error != 0) 3120 continue; 3121 if ((mp->mnt_flag & (MNT_RDONLY | MNT_LOCAL)) != MNT_LOCAL || 3122 (mp->mnt_kern_flag & MNTK_SUSPEND) != 0) { 3123 mtx_lock(&mountlist_mtx); 3124 vfs_unbusy(mp); 3125 continue; 3126 } 3127 error = vfs_write_suspend(mp, 0); 3128 if (error == 0) { 3129 MNT_ILOCK(mp); 3130 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0); 3131 mp->mnt_kern_flag |= MNTK_SUSPEND_ALL; 3132 MNT_IUNLOCK(mp); 3133 mtx_lock(&mountlist_mtx); 3134 } else { 3135 printf("suspend of %s failed, error %d\n", 3136 mp->mnt_stat.f_mntonname, error); 3137 mtx_lock(&mountlist_mtx); 3138 vfs_unbusy(mp); 3139 } 3140 } 3141 mtx_unlock(&mountlist_mtx); 3142 } 3143 3144 /* 3145 * Clone the mnt_exjail field to a new mount point. 3146 */ 3147 void 3148 vfs_exjail_clone(struct mount *inmp, struct mount *outmp) 3149 { 3150 struct ucred *cr; 3151 struct prison *pr; 3152 3153 MNT_ILOCK(inmp); 3154 cr = inmp->mnt_exjail; 3155 if (cr != NULL) { 3156 crhold(cr); 3157 MNT_IUNLOCK(inmp); 3158 pr = cr->cr_prison; 3159 sx_slock(&allprison_lock); 3160 if (!prison_isalive(pr)) { 3161 sx_sunlock(&allprison_lock); 3162 crfree(cr); 3163 return; 3164 } 3165 MNT_ILOCK(outmp); 3166 if (outmp->mnt_exjail == NULL) { 3167 outmp->mnt_exjail = cr; 3168 atomic_add_int(&pr->pr_exportcnt, 1); 3169 cr = NULL; 3170 } 3171 MNT_IUNLOCK(outmp); 3172 sx_sunlock(&allprison_lock); 3173 if (cr != NULL) 3174 crfree(cr); 3175 } else 3176 MNT_IUNLOCK(inmp); 3177 } 3178 3179 void 3180 resume_all_fs(void) 3181 { 3182 struct mount *mp; 3183 3184 mtx_lock(&mountlist_mtx); 3185 TAILQ_FOREACH(mp, &mountlist, mnt_list) { 3186 if ((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0) 3187 continue; 3188 mtx_unlock(&mountlist_mtx); 3189 MNT_ILOCK(mp); 3190 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND) != 0); 3191 mp->mnt_kern_flag &= ~MNTK_SUSPEND_ALL; 3192 MNT_IUNLOCK(mp); 3193 vfs_write_resume(mp, 0); 3194 mtx_lock(&mountlist_mtx); 3195 vfs_unbusy(mp); 3196 } 3197 mtx_unlock(&mountlist_mtx); 3198 } 3199