1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1999-2004 Poul-Henning Kamp 5 * Copyright (c) 1999 Michael Smith 6 * Copyright (c) 1989, 1993 7 * The Regents of the University of California. All rights reserved. 8 * (c) UNIX System Laboratories, Inc. 9 * All or some portions of this file are derived from material licensed 10 * to the University of California by American Telephone and Telegraph 11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 12 * the permission of UNIX System Laboratories, Inc. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 */ 38 39 #include <sys/cdefs.h> 40 __FBSDID("$FreeBSD$"); 41 42 #include <sys/param.h> 43 #include <sys/conf.h> 44 #include <sys/smp.h> 45 #include <sys/devctl.h> 46 #include <sys/eventhandler.h> 47 #include <sys/fcntl.h> 48 #include <sys/jail.h> 49 #include <sys/kernel.h> 50 #include <sys/ktr.h> 51 #include <sys/libkern.h> 52 #include <sys/limits.h> 53 #include <sys/malloc.h> 54 #include <sys/mount.h> 55 #include <sys/mutex.h> 56 #include <sys/namei.h> 57 #include <sys/priv.h> 58 #include <sys/proc.h> 59 #include <sys/filedesc.h> 60 #include <sys/reboot.h> 61 #include <sys/sbuf.h> 62 #include <sys/syscallsubr.h> 63 #include <sys/sysproto.h> 64 #include <sys/sx.h> 65 #include <sys/sysctl.h> 66 #include <sys/systm.h> 67 #include <sys/taskqueue.h> 68 #include <sys/vnode.h> 69 #include <vm/uma.h> 70 71 #include <geom/geom.h> 72 73 #include <machine/stdarg.h> 74 75 #include <security/audit/audit.h> 76 #include <security/mac/mac_framework.h> 77 78 #define VFS_MOUNTARG_SIZE_MAX (1024 * 64) 79 80 static int vfs_domount(struct thread *td, const char *fstype, char *fspath, 81 uint64_t fsflags, struct vfsoptlist **optlist); 82 static void free_mntarg(struct mntarg *ma); 83 84 static int usermount = 0; 85 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0, 86 "Unprivileged users may mount and unmount file systems"); 87 88 static bool default_autoro = false; 89 SYSCTL_BOOL(_vfs, OID_AUTO, default_autoro, CTLFLAG_RW, &default_autoro, 0, 90 "Retry failed r/w mount as r/o if no explicit ro/rw option is specified"); 91 92 static bool recursive_forced_unmount = false; 93 SYSCTL_BOOL(_vfs, OID_AUTO, recursive_forced_unmount, CTLFLAG_RW, 94 &recursive_forced_unmount, 0, "Recursively unmount stacked upper mounts" 95 " when a file system is forcibly unmounted"); 96 97 static SYSCTL_NODE(_vfs, OID_AUTO, deferred_unmount, 98 CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "deferred unmount controls"); 99 100 static unsigned int deferred_unmount_retry_limit = 10; 101 SYSCTL_UINT(_vfs_deferred_unmount, OID_AUTO, retry_limit, CTLFLAG_RW, 102 &deferred_unmount_retry_limit, 0, 103 "Maximum number of retries for deferred unmount failure"); 104 105 static int deferred_unmount_retry_delay_hz; 106 SYSCTL_INT(_vfs_deferred_unmount, OID_AUTO, retry_delay_hz, CTLFLAG_RW, 107 &deferred_unmount_retry_delay_hz, 0, 108 "Delay in units of [1/kern.hz]s when retrying a failed deferred unmount"); 109 110 static int deferred_unmount_total_retries = 0; 111 SYSCTL_INT(_vfs_deferred_unmount, OID_AUTO, total_retries, CTLFLAG_RD, 112 &deferred_unmount_total_retries, 0, 113 "Total number of retried deferred unmounts"); 114 115 MALLOC_DEFINE(M_MOUNT, "mount", "vfs mount structure"); 116 MALLOC_DEFINE(M_STATFS, "statfs", "statfs structure"); 117 static uma_zone_t mount_zone; 118 119 /* List of mounted filesystems. */ 120 struct mntlist mountlist = TAILQ_HEAD_INITIALIZER(mountlist); 121 122 /* For any iteration/modification of mountlist */ 123 struct mtx_padalign __exclusive_cache_line mountlist_mtx; 124 125 EVENTHANDLER_LIST_DEFINE(vfs_mounted); 126 EVENTHANDLER_LIST_DEFINE(vfs_unmounted); 127 128 static void vfs_deferred_unmount(void *arg, int pending); 129 static struct timeout_task deferred_unmount_task; 130 static struct mtx deferred_unmount_lock; 131 MTX_SYSINIT(deferred_unmount, &deferred_unmount_lock, "deferred_unmount", 132 MTX_DEF); 133 static STAILQ_HEAD(, mount) deferred_unmount_list = 134 STAILQ_HEAD_INITIALIZER(deferred_unmount_list); 135 TASKQUEUE_DEFINE_THREAD(deferred_unmount); 136 137 static void mount_devctl_event(const char *type, struct mount *mp, bool donew); 138 139 /* 140 * Global opts, taken by all filesystems 141 */ 142 static const char *global_opts[] = { 143 "errmsg", 144 "fstype", 145 "fspath", 146 "ro", 147 "rw", 148 "nosuid", 149 "noexec", 150 NULL 151 }; 152 153 static int 154 mount_init(void *mem, int size, int flags) 155 { 156 struct mount *mp; 157 158 mp = (struct mount *)mem; 159 mtx_init(&mp->mnt_mtx, "struct mount mtx", NULL, MTX_DEF); 160 mtx_init(&mp->mnt_listmtx, "struct mount vlist mtx", NULL, MTX_DEF); 161 lockinit(&mp->mnt_explock, PVFS, "explock", 0, 0); 162 mp->mnt_pcpu = uma_zalloc_pcpu(pcpu_zone_16, M_WAITOK | M_ZERO); 163 mp->mnt_ref = 0; 164 mp->mnt_vfs_ops = 1; 165 mp->mnt_rootvnode = NULL; 166 return (0); 167 } 168 169 static void 170 mount_fini(void *mem, int size) 171 { 172 struct mount *mp; 173 174 mp = (struct mount *)mem; 175 uma_zfree_pcpu(pcpu_zone_16, mp->mnt_pcpu); 176 lockdestroy(&mp->mnt_explock); 177 mtx_destroy(&mp->mnt_listmtx); 178 mtx_destroy(&mp->mnt_mtx); 179 } 180 181 static void 182 vfs_mount_init(void *dummy __unused) 183 { 184 TIMEOUT_TASK_INIT(taskqueue_deferred_unmount, &deferred_unmount_task, 185 0, vfs_deferred_unmount, NULL); 186 deferred_unmount_retry_delay_hz = hz; 187 mount_zone = uma_zcreate("Mountpoints", sizeof(struct mount), NULL, 188 NULL, mount_init, mount_fini, UMA_ALIGN_CACHE, UMA_ZONE_NOFREE); 189 mtx_init(&mountlist_mtx, "mountlist", NULL, MTX_DEF); 190 } 191 SYSINIT(vfs_mount, SI_SUB_VFS, SI_ORDER_ANY, vfs_mount_init, NULL); 192 193 /* 194 * --------------------------------------------------------------------- 195 * Functions for building and sanitizing the mount options 196 */ 197 198 /* Remove one mount option. */ 199 static void 200 vfs_freeopt(struct vfsoptlist *opts, struct vfsopt *opt) 201 { 202 203 TAILQ_REMOVE(opts, opt, link); 204 free(opt->name, M_MOUNT); 205 if (opt->value != NULL) 206 free(opt->value, M_MOUNT); 207 free(opt, M_MOUNT); 208 } 209 210 /* Release all resources related to the mount options. */ 211 void 212 vfs_freeopts(struct vfsoptlist *opts) 213 { 214 struct vfsopt *opt; 215 216 while (!TAILQ_EMPTY(opts)) { 217 opt = TAILQ_FIRST(opts); 218 vfs_freeopt(opts, opt); 219 } 220 free(opts, M_MOUNT); 221 } 222 223 void 224 vfs_deleteopt(struct vfsoptlist *opts, const char *name) 225 { 226 struct vfsopt *opt, *temp; 227 228 if (opts == NULL) 229 return; 230 TAILQ_FOREACH_SAFE(opt, opts, link, temp) { 231 if (strcmp(opt->name, name) == 0) 232 vfs_freeopt(opts, opt); 233 } 234 } 235 236 static int 237 vfs_isopt_ro(const char *opt) 238 { 239 240 if (strcmp(opt, "ro") == 0 || strcmp(opt, "rdonly") == 0 || 241 strcmp(opt, "norw") == 0) 242 return (1); 243 return (0); 244 } 245 246 static int 247 vfs_isopt_rw(const char *opt) 248 { 249 250 if (strcmp(opt, "rw") == 0 || strcmp(opt, "noro") == 0) 251 return (1); 252 return (0); 253 } 254 255 /* 256 * Check if options are equal (with or without the "no" prefix). 257 */ 258 static int 259 vfs_equalopts(const char *opt1, const char *opt2) 260 { 261 char *p; 262 263 /* "opt" vs. "opt" or "noopt" vs. "noopt" */ 264 if (strcmp(opt1, opt2) == 0) 265 return (1); 266 /* "noopt" vs. "opt" */ 267 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0) 268 return (1); 269 /* "opt" vs. "noopt" */ 270 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0) 271 return (1); 272 while ((p = strchr(opt1, '.')) != NULL && 273 !strncmp(opt1, opt2, ++p - opt1)) { 274 opt2 += p - opt1; 275 opt1 = p; 276 /* "foo.noopt" vs. "foo.opt" */ 277 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0) 278 return (1); 279 /* "foo.opt" vs. "foo.noopt" */ 280 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0) 281 return (1); 282 } 283 /* "ro" / "rdonly" / "norw" / "rw" / "noro" */ 284 if ((vfs_isopt_ro(opt1) || vfs_isopt_rw(opt1)) && 285 (vfs_isopt_ro(opt2) || vfs_isopt_rw(opt2))) 286 return (1); 287 return (0); 288 } 289 290 /* 291 * If a mount option is specified several times, 292 * (with or without the "no" prefix) only keep 293 * the last occurrence of it. 294 */ 295 static void 296 vfs_sanitizeopts(struct vfsoptlist *opts) 297 { 298 struct vfsopt *opt, *opt2, *tmp; 299 300 TAILQ_FOREACH_REVERSE(opt, opts, vfsoptlist, link) { 301 opt2 = TAILQ_PREV(opt, vfsoptlist, link); 302 while (opt2 != NULL) { 303 if (vfs_equalopts(opt->name, opt2->name)) { 304 tmp = TAILQ_PREV(opt2, vfsoptlist, link); 305 vfs_freeopt(opts, opt2); 306 opt2 = tmp; 307 } else { 308 opt2 = TAILQ_PREV(opt2, vfsoptlist, link); 309 } 310 } 311 } 312 } 313 314 /* 315 * Build a linked list of mount options from a struct uio. 316 */ 317 int 318 vfs_buildopts(struct uio *auio, struct vfsoptlist **options) 319 { 320 struct vfsoptlist *opts; 321 struct vfsopt *opt; 322 size_t memused, namelen, optlen; 323 unsigned int i, iovcnt; 324 int error; 325 326 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK); 327 TAILQ_INIT(opts); 328 memused = 0; 329 iovcnt = auio->uio_iovcnt; 330 for (i = 0; i < iovcnt; i += 2) { 331 namelen = auio->uio_iov[i].iov_len; 332 optlen = auio->uio_iov[i + 1].iov_len; 333 memused += sizeof(struct vfsopt) + optlen + namelen; 334 /* 335 * Avoid consuming too much memory, and attempts to overflow 336 * memused. 337 */ 338 if (memused > VFS_MOUNTARG_SIZE_MAX || 339 optlen > VFS_MOUNTARG_SIZE_MAX || 340 namelen > VFS_MOUNTARG_SIZE_MAX) { 341 error = EINVAL; 342 goto bad; 343 } 344 345 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK); 346 opt->name = malloc(namelen, M_MOUNT, M_WAITOK); 347 opt->value = NULL; 348 opt->len = 0; 349 opt->pos = i / 2; 350 opt->seen = 0; 351 352 /* 353 * Do this early, so jumps to "bad" will free the current 354 * option. 355 */ 356 TAILQ_INSERT_TAIL(opts, opt, link); 357 358 if (auio->uio_segflg == UIO_SYSSPACE) { 359 bcopy(auio->uio_iov[i].iov_base, opt->name, namelen); 360 } else { 361 error = copyin(auio->uio_iov[i].iov_base, opt->name, 362 namelen); 363 if (error) 364 goto bad; 365 } 366 /* Ensure names are null-terminated strings. */ 367 if (namelen == 0 || opt->name[namelen - 1] != '\0') { 368 error = EINVAL; 369 goto bad; 370 } 371 if (optlen != 0) { 372 opt->len = optlen; 373 opt->value = malloc(optlen, M_MOUNT, M_WAITOK); 374 if (auio->uio_segflg == UIO_SYSSPACE) { 375 bcopy(auio->uio_iov[i + 1].iov_base, opt->value, 376 optlen); 377 } else { 378 error = copyin(auio->uio_iov[i + 1].iov_base, 379 opt->value, optlen); 380 if (error) 381 goto bad; 382 } 383 } 384 } 385 vfs_sanitizeopts(opts); 386 *options = opts; 387 return (0); 388 bad: 389 vfs_freeopts(opts); 390 return (error); 391 } 392 393 /* 394 * Merge the old mount options with the new ones passed 395 * in the MNT_UPDATE case. 396 * 397 * XXX: This function will keep a "nofoo" option in the new 398 * options. E.g, if the option's canonical name is "foo", 399 * "nofoo" ends up in the mount point's active options. 400 */ 401 static void 402 vfs_mergeopts(struct vfsoptlist *toopts, struct vfsoptlist *oldopts) 403 { 404 struct vfsopt *opt, *new; 405 406 TAILQ_FOREACH(opt, oldopts, link) { 407 new = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK); 408 new->name = strdup(opt->name, M_MOUNT); 409 if (opt->len != 0) { 410 new->value = malloc(opt->len, M_MOUNT, M_WAITOK); 411 bcopy(opt->value, new->value, opt->len); 412 } else 413 new->value = NULL; 414 new->len = opt->len; 415 new->seen = opt->seen; 416 TAILQ_INSERT_HEAD(toopts, new, link); 417 } 418 vfs_sanitizeopts(toopts); 419 } 420 421 /* 422 * Mount a filesystem. 423 */ 424 #ifndef _SYS_SYSPROTO_H_ 425 struct nmount_args { 426 struct iovec *iovp; 427 unsigned int iovcnt; 428 int flags; 429 }; 430 #endif 431 int 432 sys_nmount(struct thread *td, struct nmount_args *uap) 433 { 434 struct uio *auio; 435 int error; 436 u_int iovcnt; 437 uint64_t flags; 438 439 /* 440 * Mount flags are now 64-bits. On 32-bit archtectures only 441 * 32-bits are passed in, but from here on everything handles 442 * 64-bit flags correctly. 443 */ 444 flags = uap->flags; 445 446 AUDIT_ARG_FFLAGS(flags); 447 CTR4(KTR_VFS, "%s: iovp %p with iovcnt %d and flags %d", __func__, 448 uap->iovp, uap->iovcnt, flags); 449 450 /* 451 * Filter out MNT_ROOTFS. We do not want clients of nmount() in 452 * userspace to set this flag, but we must filter it out if we want 453 * MNT_UPDATE on the root file system to work. 454 * MNT_ROOTFS should only be set by the kernel when mounting its 455 * root file system. 456 */ 457 flags &= ~MNT_ROOTFS; 458 459 iovcnt = uap->iovcnt; 460 /* 461 * Check that we have an even number of iovec's 462 * and that we have at least two options. 463 */ 464 if ((iovcnt & 1) || (iovcnt < 4)) { 465 CTR2(KTR_VFS, "%s: failed for invalid iovcnt %d", __func__, 466 uap->iovcnt); 467 return (EINVAL); 468 } 469 470 error = copyinuio(uap->iovp, iovcnt, &auio); 471 if (error) { 472 CTR2(KTR_VFS, "%s: failed for invalid uio op with %d errno", 473 __func__, error); 474 return (error); 475 } 476 error = vfs_donmount(td, flags, auio); 477 478 free(auio, M_IOV); 479 return (error); 480 } 481 482 /* 483 * --------------------------------------------------------------------- 484 * Various utility functions 485 */ 486 487 /* 488 * Get a reference on a mount point from a vnode. 489 * 490 * The vnode is allowed to be passed unlocked and race against dooming. Note in 491 * such case there are no guarantees the referenced mount point will still be 492 * associated with it after the function returns. 493 */ 494 struct mount * 495 vfs_ref_from_vp(struct vnode *vp) 496 { 497 struct mount *mp; 498 struct mount_pcpu *mpcpu; 499 500 mp = atomic_load_ptr(&vp->v_mount); 501 if (__predict_false(mp == NULL)) { 502 return (mp); 503 } 504 if (vfs_op_thread_enter(mp, mpcpu)) { 505 if (__predict_true(mp == vp->v_mount)) { 506 vfs_mp_count_add_pcpu(mpcpu, ref, 1); 507 vfs_op_thread_exit(mp, mpcpu); 508 } else { 509 vfs_op_thread_exit(mp, mpcpu); 510 mp = NULL; 511 } 512 } else { 513 MNT_ILOCK(mp); 514 if (mp == vp->v_mount) { 515 MNT_REF(mp); 516 MNT_IUNLOCK(mp); 517 } else { 518 MNT_IUNLOCK(mp); 519 mp = NULL; 520 } 521 } 522 return (mp); 523 } 524 525 void 526 vfs_ref(struct mount *mp) 527 { 528 struct mount_pcpu *mpcpu; 529 530 CTR2(KTR_VFS, "%s: mp %p", __func__, mp); 531 if (vfs_op_thread_enter(mp, mpcpu)) { 532 vfs_mp_count_add_pcpu(mpcpu, ref, 1); 533 vfs_op_thread_exit(mp, mpcpu); 534 return; 535 } 536 537 MNT_ILOCK(mp); 538 MNT_REF(mp); 539 MNT_IUNLOCK(mp); 540 } 541 542 /* 543 * Register ump as an upper mount of the mount associated with 544 * vnode vp. This registration will be tracked through 545 * mount_upper_node upper, which should be allocated by the 546 * caller and stored in per-mount data associated with mp. 547 * 548 * If successful, this function will return the mount associated 549 * with vp, and will ensure that it cannot be unmounted until 550 * ump has been unregistered as one of its upper mounts. 551 * 552 * Upon failure this function will return NULL. 553 */ 554 struct mount * 555 vfs_register_upper_from_vp(struct vnode *vp, struct mount *ump, 556 struct mount_upper_node *upper) 557 { 558 struct mount *mp; 559 560 mp = atomic_load_ptr(&vp->v_mount); 561 if (mp == NULL) 562 return (NULL); 563 MNT_ILOCK(mp); 564 if (mp != vp->v_mount || 565 ((mp->mnt_kern_flag & (MNTK_UNMOUNT | MNTK_RECURSE)) != 0)) { 566 MNT_IUNLOCK(mp); 567 return (NULL); 568 } 569 KASSERT(ump != mp, ("upper and lower mounts are identical")); 570 upper->mp = ump; 571 MNT_REF(mp); 572 TAILQ_INSERT_TAIL(&mp->mnt_uppers, upper, mnt_upper_link); 573 MNT_IUNLOCK(mp); 574 return (mp); 575 } 576 577 /* 578 * Register upper mount ump to receive vnode unlink/reclaim 579 * notifications from lower mount mp. This registration will 580 * be tracked through mount_upper_node upper, which should be 581 * allocated by the caller and stored in per-mount data 582 * associated with mp. 583 * 584 * ump must already be registered as an upper mount of mp 585 * through a call to vfs_register_upper_from_vp(). 586 */ 587 void 588 vfs_register_for_notification(struct mount *mp, struct mount *ump, 589 struct mount_upper_node *upper) 590 { 591 upper->mp = ump; 592 MNT_ILOCK(mp); 593 TAILQ_INSERT_TAIL(&mp->mnt_notify, upper, mnt_upper_link); 594 MNT_IUNLOCK(mp); 595 } 596 597 static void 598 vfs_drain_upper_locked(struct mount *mp) 599 { 600 mtx_assert(MNT_MTX(mp), MA_OWNED); 601 while (mp->mnt_upper_pending != 0) { 602 mp->mnt_kern_flag |= MNTK_UPPER_WAITER; 603 msleep(&mp->mnt_uppers, MNT_MTX(mp), 0, "mntupw", 0); 604 } 605 } 606 607 /* 608 * Undo a previous call to vfs_register_for_notification(). 609 * The mount represented by upper must be currently registered 610 * as an upper mount for mp. 611 */ 612 void 613 vfs_unregister_for_notification(struct mount *mp, 614 struct mount_upper_node *upper) 615 { 616 MNT_ILOCK(mp); 617 vfs_drain_upper_locked(mp); 618 TAILQ_REMOVE(&mp->mnt_notify, upper, mnt_upper_link); 619 MNT_IUNLOCK(mp); 620 } 621 622 /* 623 * Undo a previous call to vfs_register_upper_from_vp(). 624 * This must be done before mp can be unmounted. 625 */ 626 void 627 vfs_unregister_upper(struct mount *mp, struct mount_upper_node *upper) 628 { 629 MNT_ILOCK(mp); 630 KASSERT((mp->mnt_kern_flag & MNTK_UNMOUNT) == 0, 631 ("registered upper with pending unmount")); 632 vfs_drain_upper_locked(mp); 633 TAILQ_REMOVE(&mp->mnt_uppers, upper, mnt_upper_link); 634 if ((mp->mnt_kern_flag & MNTK_TASKQUEUE_WAITER) != 0 && 635 TAILQ_EMPTY(&mp->mnt_uppers)) { 636 mp->mnt_kern_flag &= ~MNTK_TASKQUEUE_WAITER; 637 wakeup(&mp->mnt_taskqueue_link); 638 } 639 MNT_REL(mp); 640 MNT_IUNLOCK(mp); 641 } 642 643 void 644 vfs_rel(struct mount *mp) 645 { 646 struct mount_pcpu *mpcpu; 647 648 CTR2(KTR_VFS, "%s: mp %p", __func__, mp); 649 if (vfs_op_thread_enter(mp, mpcpu)) { 650 vfs_mp_count_sub_pcpu(mpcpu, ref, 1); 651 vfs_op_thread_exit(mp, mpcpu); 652 return; 653 } 654 655 MNT_ILOCK(mp); 656 MNT_REL(mp); 657 MNT_IUNLOCK(mp); 658 } 659 660 /* 661 * Allocate and initialize the mount point struct. 662 */ 663 struct mount * 664 vfs_mount_alloc(struct vnode *vp, struct vfsconf *vfsp, const char *fspath, 665 struct ucred *cred) 666 { 667 struct mount *mp; 668 669 mp = uma_zalloc(mount_zone, M_WAITOK); 670 bzero(&mp->mnt_startzero, 671 __rangeof(struct mount, mnt_startzero, mnt_endzero)); 672 mp->mnt_kern_flag = 0; 673 mp->mnt_flag = 0; 674 mp->mnt_rootvnode = NULL; 675 mp->mnt_vnodecovered = NULL; 676 mp->mnt_op = NULL; 677 mp->mnt_vfc = NULL; 678 TAILQ_INIT(&mp->mnt_nvnodelist); 679 mp->mnt_nvnodelistsize = 0; 680 TAILQ_INIT(&mp->mnt_lazyvnodelist); 681 mp->mnt_lazyvnodelistsize = 0; 682 MPPASS(mp->mnt_ref == 0 && mp->mnt_lockref == 0 && 683 mp->mnt_writeopcount == 0, mp); 684 MPASSERT(mp->mnt_vfs_ops == 1, mp, 685 ("vfs_ops should be 1 but %d found", mp->mnt_vfs_ops)); 686 (void) vfs_busy(mp, MBF_NOWAIT); 687 atomic_add_acq_int(&vfsp->vfc_refcount, 1); 688 mp->mnt_op = vfsp->vfc_vfsops; 689 mp->mnt_vfc = vfsp; 690 mp->mnt_stat.f_type = vfsp->vfc_typenum; 691 mp->mnt_gen++; 692 strlcpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN); 693 mp->mnt_vnodecovered = vp; 694 mp->mnt_cred = crdup(cred); 695 mp->mnt_stat.f_owner = cred->cr_uid; 696 strlcpy(mp->mnt_stat.f_mntonname, fspath, MNAMELEN); 697 mp->mnt_iosize_max = DFLTPHYS; 698 #ifdef MAC 699 mac_mount_init(mp); 700 mac_mount_create(cred, mp); 701 #endif 702 arc4rand(&mp->mnt_hashseed, sizeof mp->mnt_hashseed, 0); 703 mp->mnt_upper_pending = 0; 704 TAILQ_INIT(&mp->mnt_uppers); 705 TAILQ_INIT(&mp->mnt_notify); 706 mp->mnt_taskqueue_flags = 0; 707 mp->mnt_unmount_retries = 0; 708 return (mp); 709 } 710 711 /* 712 * Destroy the mount struct previously allocated by vfs_mount_alloc(). 713 */ 714 void 715 vfs_mount_destroy(struct mount *mp) 716 { 717 718 MPPASS(mp->mnt_vfs_ops != 0, mp); 719 720 vfs_assert_mount_counters(mp); 721 722 MNT_ILOCK(mp); 723 mp->mnt_kern_flag |= MNTK_REFEXPIRE; 724 if (mp->mnt_kern_flag & MNTK_MWAIT) { 725 mp->mnt_kern_flag &= ~MNTK_MWAIT; 726 wakeup(mp); 727 } 728 while (mp->mnt_ref) 729 msleep(mp, MNT_MTX(mp), PVFS, "mntref", 0); 730 KASSERT(mp->mnt_ref == 0, 731 ("%s: invalid refcount in the drain path @ %s:%d", __func__, 732 __FILE__, __LINE__)); 733 MPPASS(mp->mnt_writeopcount == 0, mp); 734 MPPASS(mp->mnt_secondary_writes == 0, mp); 735 atomic_subtract_rel_int(&mp->mnt_vfc->vfc_refcount, 1); 736 if (!TAILQ_EMPTY(&mp->mnt_nvnodelist)) { 737 struct vnode *vp; 738 739 TAILQ_FOREACH(vp, &mp->mnt_nvnodelist, v_nmntvnodes) 740 vn_printf(vp, "dangling vnode "); 741 panic("unmount: dangling vnode"); 742 } 743 KASSERT(mp->mnt_upper_pending == 0, ("mnt_upper_pending")); 744 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers")); 745 KASSERT(TAILQ_EMPTY(&mp->mnt_notify), ("mnt_notify")); 746 MPPASS(mp->mnt_nvnodelistsize == 0, mp); 747 MPPASS(mp->mnt_lazyvnodelistsize == 0, mp); 748 MPPASS(mp->mnt_lockref == 0, mp); 749 MNT_IUNLOCK(mp); 750 751 MPASSERT(mp->mnt_vfs_ops == 1, mp, 752 ("vfs_ops should be 1 but %d found", mp->mnt_vfs_ops)); 753 754 MPASSERT(mp->mnt_rootvnode == NULL, mp, 755 ("mount point still has a root vnode %p", mp->mnt_rootvnode)); 756 757 if (mp->mnt_vnodecovered != NULL) 758 vrele(mp->mnt_vnodecovered); 759 #ifdef MAC 760 mac_mount_destroy(mp); 761 #endif 762 if (mp->mnt_opt != NULL) 763 vfs_freeopts(mp->mnt_opt); 764 if (mp->mnt_exjail != NULL) { 765 atomic_subtract_int(&mp->mnt_exjail->cr_prison->pr_exportcnt, 766 1); 767 crfree(mp->mnt_exjail); 768 } 769 if (mp->mnt_export != NULL) { 770 vfs_free_addrlist(mp->mnt_export); 771 free(mp->mnt_export, M_MOUNT); 772 } 773 crfree(mp->mnt_cred); 774 uma_zfree(mount_zone, mp); 775 } 776 777 static bool 778 vfs_should_downgrade_to_ro_mount(uint64_t fsflags, int error) 779 { 780 /* This is an upgrade of an exisiting mount. */ 781 if ((fsflags & MNT_UPDATE) != 0) 782 return (false); 783 /* This is already an R/O mount. */ 784 if ((fsflags & MNT_RDONLY) != 0) 785 return (false); 786 787 switch (error) { 788 case ENODEV: /* generic, geom, ... */ 789 case EACCES: /* cam/scsi, ... */ 790 case EROFS: /* md, mmcsd, ... */ 791 /* 792 * These errors can be returned by the storage layer to signal 793 * that the media is read-only. No harm in the R/O mount 794 * attempt if the error was returned for some other reason. 795 */ 796 return (true); 797 default: 798 return (false); 799 } 800 } 801 802 int 803 vfs_donmount(struct thread *td, uint64_t fsflags, struct uio *fsoptions) 804 { 805 struct vfsoptlist *optlist; 806 struct vfsopt *opt, *tmp_opt; 807 char *fstype, *fspath, *errmsg; 808 int error, fstypelen, fspathlen, errmsg_len, errmsg_pos; 809 bool autoro; 810 811 errmsg = fspath = NULL; 812 errmsg_len = fspathlen = 0; 813 errmsg_pos = -1; 814 autoro = default_autoro; 815 816 error = vfs_buildopts(fsoptions, &optlist); 817 if (error) 818 return (error); 819 820 if (vfs_getopt(optlist, "errmsg", (void **)&errmsg, &errmsg_len) == 0) 821 errmsg_pos = vfs_getopt_pos(optlist, "errmsg"); 822 823 /* 824 * We need these two options before the others, 825 * and they are mandatory for any filesystem. 826 * Ensure they are NUL terminated as well. 827 */ 828 fstypelen = 0; 829 error = vfs_getopt(optlist, "fstype", (void **)&fstype, &fstypelen); 830 if (error || fstypelen <= 0 || fstype[fstypelen - 1] != '\0') { 831 error = EINVAL; 832 if (errmsg != NULL) 833 strncpy(errmsg, "Invalid fstype", errmsg_len); 834 goto bail; 835 } 836 fspathlen = 0; 837 error = vfs_getopt(optlist, "fspath", (void **)&fspath, &fspathlen); 838 if (error || fspathlen <= 0 || fspath[fspathlen - 1] != '\0') { 839 error = EINVAL; 840 if (errmsg != NULL) 841 strncpy(errmsg, "Invalid fspath", errmsg_len); 842 goto bail; 843 } 844 845 /* 846 * We need to see if we have the "update" option 847 * before we call vfs_domount(), since vfs_domount() has special 848 * logic based on MNT_UPDATE. This is very important 849 * when we want to update the root filesystem. 850 */ 851 TAILQ_FOREACH_SAFE(opt, optlist, link, tmp_opt) { 852 int do_freeopt = 0; 853 854 if (strcmp(opt->name, "update") == 0) { 855 fsflags |= MNT_UPDATE; 856 do_freeopt = 1; 857 } 858 else if (strcmp(opt->name, "async") == 0) 859 fsflags |= MNT_ASYNC; 860 else if (strcmp(opt->name, "force") == 0) { 861 fsflags |= MNT_FORCE; 862 do_freeopt = 1; 863 } 864 else if (strcmp(opt->name, "reload") == 0) { 865 fsflags |= MNT_RELOAD; 866 do_freeopt = 1; 867 } 868 else if (strcmp(opt->name, "multilabel") == 0) 869 fsflags |= MNT_MULTILABEL; 870 else if (strcmp(opt->name, "noasync") == 0) 871 fsflags &= ~MNT_ASYNC; 872 else if (strcmp(opt->name, "noatime") == 0) 873 fsflags |= MNT_NOATIME; 874 else if (strcmp(opt->name, "atime") == 0) { 875 free(opt->name, M_MOUNT); 876 opt->name = strdup("nonoatime", M_MOUNT); 877 } 878 else if (strcmp(opt->name, "noclusterr") == 0) 879 fsflags |= MNT_NOCLUSTERR; 880 else if (strcmp(opt->name, "clusterr") == 0) { 881 free(opt->name, M_MOUNT); 882 opt->name = strdup("nonoclusterr", M_MOUNT); 883 } 884 else if (strcmp(opt->name, "noclusterw") == 0) 885 fsflags |= MNT_NOCLUSTERW; 886 else if (strcmp(opt->name, "clusterw") == 0) { 887 free(opt->name, M_MOUNT); 888 opt->name = strdup("nonoclusterw", M_MOUNT); 889 } 890 else if (strcmp(opt->name, "noexec") == 0) 891 fsflags |= MNT_NOEXEC; 892 else if (strcmp(opt->name, "exec") == 0) { 893 free(opt->name, M_MOUNT); 894 opt->name = strdup("nonoexec", M_MOUNT); 895 } 896 else if (strcmp(opt->name, "nosuid") == 0) 897 fsflags |= MNT_NOSUID; 898 else if (strcmp(opt->name, "suid") == 0) { 899 free(opt->name, M_MOUNT); 900 opt->name = strdup("nonosuid", M_MOUNT); 901 } 902 else if (strcmp(opt->name, "nosymfollow") == 0) 903 fsflags |= MNT_NOSYMFOLLOW; 904 else if (strcmp(opt->name, "symfollow") == 0) { 905 free(opt->name, M_MOUNT); 906 opt->name = strdup("nonosymfollow", M_MOUNT); 907 } 908 else if (strcmp(opt->name, "noro") == 0) { 909 fsflags &= ~MNT_RDONLY; 910 autoro = false; 911 } 912 else if (strcmp(opt->name, "rw") == 0) { 913 fsflags &= ~MNT_RDONLY; 914 autoro = false; 915 } 916 else if (strcmp(opt->name, "ro") == 0) { 917 fsflags |= MNT_RDONLY; 918 autoro = false; 919 } 920 else if (strcmp(opt->name, "rdonly") == 0) { 921 free(opt->name, M_MOUNT); 922 opt->name = strdup("ro", M_MOUNT); 923 fsflags |= MNT_RDONLY; 924 autoro = false; 925 } 926 else if (strcmp(opt->name, "autoro") == 0) { 927 do_freeopt = 1; 928 autoro = true; 929 } 930 else if (strcmp(opt->name, "suiddir") == 0) 931 fsflags |= MNT_SUIDDIR; 932 else if (strcmp(opt->name, "sync") == 0) 933 fsflags |= MNT_SYNCHRONOUS; 934 else if (strcmp(opt->name, "union") == 0) 935 fsflags |= MNT_UNION; 936 else if (strcmp(opt->name, "export") == 0) 937 fsflags |= MNT_EXPORTED; 938 else if (strcmp(opt->name, "automounted") == 0) { 939 fsflags |= MNT_AUTOMOUNTED; 940 do_freeopt = 1; 941 } else if (strcmp(opt->name, "nocover") == 0) { 942 fsflags |= MNT_NOCOVER; 943 do_freeopt = 1; 944 } else if (strcmp(opt->name, "cover") == 0) { 945 fsflags &= ~MNT_NOCOVER; 946 do_freeopt = 1; 947 } else if (strcmp(opt->name, "emptydir") == 0) { 948 fsflags |= MNT_EMPTYDIR; 949 do_freeopt = 1; 950 } else if (strcmp(opt->name, "noemptydir") == 0) { 951 fsflags &= ~MNT_EMPTYDIR; 952 do_freeopt = 1; 953 } 954 if (do_freeopt) 955 vfs_freeopt(optlist, opt); 956 } 957 958 /* 959 * Be ultra-paranoid about making sure the type and fspath 960 * variables will fit in our mp buffers, including the 961 * terminating NUL. 962 */ 963 if (fstypelen > MFSNAMELEN || fspathlen > MNAMELEN) { 964 error = ENAMETOOLONG; 965 goto bail; 966 } 967 968 error = vfs_domount(td, fstype, fspath, fsflags, &optlist); 969 if (error == ENOENT) { 970 error = EINVAL; 971 if (errmsg != NULL) 972 strncpy(errmsg, "Invalid fstype", errmsg_len); 973 goto bail; 974 } 975 976 /* 977 * See if we can mount in the read-only mode if the error code suggests 978 * that it could be possible and the mount options allow for that. 979 * Never try it if "[no]{ro|rw}" has been explicitly requested and not 980 * overridden by "autoro". 981 */ 982 if (autoro && vfs_should_downgrade_to_ro_mount(fsflags, error)) { 983 printf("%s: R/W mount failed, possibly R/O media," 984 " trying R/O mount\n", __func__); 985 fsflags |= MNT_RDONLY; 986 error = vfs_domount(td, fstype, fspath, fsflags, &optlist); 987 } 988 bail: 989 /* copyout the errmsg */ 990 if (errmsg_pos != -1 && ((2 * errmsg_pos + 1) < fsoptions->uio_iovcnt) 991 && errmsg_len > 0 && errmsg != NULL) { 992 if (fsoptions->uio_segflg == UIO_SYSSPACE) { 993 bcopy(errmsg, 994 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, 995 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); 996 } else { 997 copyout(errmsg, 998 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, 999 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); 1000 } 1001 } 1002 1003 if (optlist != NULL) 1004 vfs_freeopts(optlist); 1005 return (error); 1006 } 1007 1008 /* 1009 * Old mount API. 1010 */ 1011 #ifndef _SYS_SYSPROTO_H_ 1012 struct mount_args { 1013 char *type; 1014 char *path; 1015 int flags; 1016 caddr_t data; 1017 }; 1018 #endif 1019 /* ARGSUSED */ 1020 int 1021 sys_mount(struct thread *td, struct mount_args *uap) 1022 { 1023 char *fstype; 1024 struct vfsconf *vfsp = NULL; 1025 struct mntarg *ma = NULL; 1026 uint64_t flags; 1027 int error; 1028 1029 /* 1030 * Mount flags are now 64-bits. On 32-bit architectures only 1031 * 32-bits are passed in, but from here on everything handles 1032 * 64-bit flags correctly. 1033 */ 1034 flags = uap->flags; 1035 1036 AUDIT_ARG_FFLAGS(flags); 1037 1038 /* 1039 * Filter out MNT_ROOTFS. We do not want clients of mount() in 1040 * userspace to set this flag, but we must filter it out if we want 1041 * MNT_UPDATE on the root file system to work. 1042 * MNT_ROOTFS should only be set by the kernel when mounting its 1043 * root file system. 1044 */ 1045 flags &= ~MNT_ROOTFS; 1046 1047 fstype = malloc(MFSNAMELEN, M_TEMP, M_WAITOK); 1048 error = copyinstr(uap->type, fstype, MFSNAMELEN, NULL); 1049 if (error) { 1050 free(fstype, M_TEMP); 1051 return (error); 1052 } 1053 1054 AUDIT_ARG_TEXT(fstype); 1055 vfsp = vfs_byname_kld(fstype, td, &error); 1056 free(fstype, M_TEMP); 1057 if (vfsp == NULL) 1058 return (ENOENT); 1059 if (((vfsp->vfc_flags & VFCF_SBDRY) != 0 && 1060 vfsp->vfc_vfsops_sd->vfs_cmount == NULL) || 1061 ((vfsp->vfc_flags & VFCF_SBDRY) == 0 && 1062 vfsp->vfc_vfsops->vfs_cmount == NULL)) 1063 return (EOPNOTSUPP); 1064 1065 ma = mount_argsu(ma, "fstype", uap->type, MFSNAMELEN); 1066 ma = mount_argsu(ma, "fspath", uap->path, MNAMELEN); 1067 ma = mount_argb(ma, flags & MNT_RDONLY, "noro"); 1068 ma = mount_argb(ma, !(flags & MNT_NOSUID), "nosuid"); 1069 ma = mount_argb(ma, !(flags & MNT_NOEXEC), "noexec"); 1070 1071 if ((vfsp->vfc_flags & VFCF_SBDRY) != 0) 1072 return (vfsp->vfc_vfsops_sd->vfs_cmount(ma, uap->data, flags)); 1073 return (vfsp->vfc_vfsops->vfs_cmount(ma, uap->data, flags)); 1074 } 1075 1076 /* 1077 * vfs_domount_first(): first file system mount (not update) 1078 */ 1079 static int 1080 vfs_domount_first( 1081 struct thread *td, /* Calling thread. */ 1082 struct vfsconf *vfsp, /* File system type. */ 1083 char *fspath, /* Mount path. */ 1084 struct vnode *vp, /* Vnode to be covered. */ 1085 uint64_t fsflags, /* Flags common to all filesystems. */ 1086 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1087 ) 1088 { 1089 struct vattr va; 1090 struct mount *mp; 1091 struct vnode *newdp, *rootvp; 1092 int error, error1; 1093 bool unmounted; 1094 1095 ASSERT_VOP_ELOCKED(vp, __func__); 1096 KASSERT((fsflags & MNT_UPDATE) == 0, ("MNT_UPDATE shouldn't be here")); 1097 1098 /* 1099 * If the jail of the calling thread lacks permission for this type of 1100 * file system, or is trying to cover its own root, deny immediately. 1101 */ 1102 if (jailed(td->td_ucred) && (!prison_allow(td->td_ucred, 1103 vfsp->vfc_prison_flag) || vp == td->td_ucred->cr_prison->pr_root)) { 1104 vput(vp); 1105 return (EPERM); 1106 } 1107 1108 /* 1109 * If the user is not root, ensure that they own the directory 1110 * onto which we are attempting to mount. 1111 */ 1112 error = VOP_GETATTR(vp, &va, td->td_ucred); 1113 if (error == 0 && va.va_uid != td->td_ucred->cr_uid) 1114 error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN); 1115 if (error == 0) 1116 error = vinvalbuf(vp, V_SAVE, 0, 0); 1117 if (vfsp->vfc_flags & VFCF_FILEMOUNT) { 1118 if (error == 0 && vp->v_type != VDIR && vp->v_type != VREG) 1119 error = EINVAL; 1120 /* 1121 * For file mounts, ensure that there is only one hardlink to the file. 1122 */ 1123 if (error == 0 && vp->v_type == VREG && va.va_nlink != 1) 1124 error = EINVAL; 1125 } else { 1126 if (error == 0 && vp->v_type != VDIR) 1127 error = ENOTDIR; 1128 } 1129 if (error == 0 && (fsflags & MNT_EMPTYDIR) != 0) 1130 error = vfs_emptydir(vp); 1131 if (error == 0) { 1132 VI_LOCK(vp); 1133 if ((vp->v_iflag & VI_MOUNT) == 0 && vp->v_mountedhere == NULL) 1134 vp->v_iflag |= VI_MOUNT; 1135 else 1136 error = EBUSY; 1137 VI_UNLOCK(vp); 1138 } 1139 if (error != 0) { 1140 vput(vp); 1141 return (error); 1142 } 1143 vn_seqc_write_begin(vp); 1144 VOP_UNLOCK(vp); 1145 1146 /* Allocate and initialize the filesystem. */ 1147 mp = vfs_mount_alloc(vp, vfsp, fspath, td->td_ucred); 1148 /* XXXMAC: pass to vfs_mount_alloc? */ 1149 mp->mnt_optnew = *optlist; 1150 /* Set the mount level flags. */ 1151 mp->mnt_flag = (fsflags & 1152 (MNT_UPDATEMASK | MNT_ROOTFS | MNT_RDONLY | MNT_FORCE)); 1153 1154 /* 1155 * Mount the filesystem. 1156 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they 1157 * get. No freeing of cn_pnbuf. 1158 */ 1159 error1 = 0; 1160 unmounted = true; 1161 if ((error = VFS_MOUNT(mp)) != 0 || 1162 (error1 = VFS_STATFS(mp, &mp->mnt_stat)) != 0 || 1163 (error1 = VFS_ROOT(mp, LK_EXCLUSIVE, &newdp)) != 0) { 1164 rootvp = NULL; 1165 if (error1 != 0) { 1166 MPASS(error == 0); 1167 rootvp = vfs_cache_root_clear(mp); 1168 if (rootvp != NULL) { 1169 vhold(rootvp); 1170 vrele(rootvp); 1171 } 1172 (void)vn_start_write(NULL, &mp, V_WAIT); 1173 MNT_ILOCK(mp); 1174 mp->mnt_kern_flag |= MNTK_UNMOUNT | MNTK_UNMOUNTF; 1175 MNT_IUNLOCK(mp); 1176 VFS_PURGE(mp); 1177 error = VFS_UNMOUNT(mp, 0); 1178 vn_finished_write(mp); 1179 if (error != 0) { 1180 printf( 1181 "failed post-mount (%d): rollback unmount returned %d\n", 1182 error1, error); 1183 unmounted = false; 1184 } 1185 error = error1; 1186 } 1187 vfs_unbusy(mp); 1188 mp->mnt_vnodecovered = NULL; 1189 if (unmounted) { 1190 /* XXXKIB wait for mnt_lockref drain? */ 1191 vfs_mount_destroy(mp); 1192 } 1193 VI_LOCK(vp); 1194 vp->v_iflag &= ~VI_MOUNT; 1195 VI_UNLOCK(vp); 1196 if (rootvp != NULL) { 1197 vn_seqc_write_end(rootvp); 1198 vdrop(rootvp); 1199 } 1200 vn_seqc_write_end(vp); 1201 vrele(vp); 1202 return (error); 1203 } 1204 vn_seqc_write_begin(newdp); 1205 VOP_UNLOCK(newdp); 1206 1207 if (mp->mnt_opt != NULL) 1208 vfs_freeopts(mp->mnt_opt); 1209 mp->mnt_opt = mp->mnt_optnew; 1210 *optlist = NULL; 1211 1212 /* 1213 * Prevent external consumers of mount options from reading mnt_optnew. 1214 */ 1215 mp->mnt_optnew = NULL; 1216 1217 MNT_ILOCK(mp); 1218 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 1219 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 1220 mp->mnt_kern_flag |= MNTK_ASYNC; 1221 else 1222 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1223 MNT_IUNLOCK(mp); 1224 1225 /* 1226 * VIRF_MOUNTPOINT and v_mountedhere need to be set under the 1227 * vp lock to satisfy vfs_lookup() requirements. 1228 */ 1229 VOP_LOCK(vp, LK_EXCLUSIVE | LK_RETRY); 1230 VI_LOCK(vp); 1231 vn_irflag_set_locked(vp, VIRF_MOUNTPOINT); 1232 vp->v_mountedhere = mp; 1233 VI_UNLOCK(vp); 1234 VOP_UNLOCK(vp); 1235 cache_purge(vp); 1236 1237 /* 1238 * We need to lock both vnodes. 1239 * 1240 * Use vn_lock_pair to avoid establishing an ordering between vnodes 1241 * from different filesystems. 1242 */ 1243 vn_lock_pair(vp, false, newdp, false); 1244 1245 VI_LOCK(vp); 1246 vp->v_iflag &= ~VI_MOUNT; 1247 VI_UNLOCK(vp); 1248 /* Place the new filesystem at the end of the mount list. */ 1249 mtx_lock(&mountlist_mtx); 1250 TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list); 1251 mtx_unlock(&mountlist_mtx); 1252 vfs_event_signal(NULL, VQ_MOUNT, 0); 1253 VOP_UNLOCK(vp); 1254 EVENTHANDLER_DIRECT_INVOKE(vfs_mounted, mp, newdp, td); 1255 VOP_UNLOCK(newdp); 1256 mount_devctl_event("MOUNT", mp, false); 1257 mountcheckdirs(vp, newdp); 1258 vn_seqc_write_end(vp); 1259 vn_seqc_write_end(newdp); 1260 vrele(newdp); 1261 if ((mp->mnt_flag & MNT_RDONLY) == 0) 1262 vfs_allocate_syncvnode(mp); 1263 vfs_op_exit(mp); 1264 vfs_unbusy(mp); 1265 return (0); 1266 } 1267 1268 /* 1269 * vfs_domount_update(): update of mounted file system 1270 */ 1271 static int 1272 vfs_domount_update( 1273 struct thread *td, /* Calling thread. */ 1274 struct vnode *vp, /* Mount point vnode. */ 1275 uint64_t fsflags, /* Flags common to all filesystems. */ 1276 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1277 ) 1278 { 1279 struct export_args export; 1280 struct o2export_args o2export; 1281 struct vnode *rootvp; 1282 void *bufp; 1283 struct mount *mp; 1284 int error, export_error, i, len; 1285 uint64_t flag; 1286 gid_t *grps; 1287 1288 ASSERT_VOP_ELOCKED(vp, __func__); 1289 KASSERT((fsflags & MNT_UPDATE) != 0, ("MNT_UPDATE should be here")); 1290 mp = vp->v_mount; 1291 1292 if ((vp->v_vflag & VV_ROOT) == 0) { 1293 if (vfs_copyopt(*optlist, "export", &export, sizeof(export)) 1294 == 0) 1295 error = EXDEV; 1296 else 1297 error = EINVAL; 1298 vput(vp); 1299 return (error); 1300 } 1301 1302 /* 1303 * We only allow the filesystem to be reloaded if it 1304 * is currently mounted read-only. 1305 */ 1306 flag = mp->mnt_flag; 1307 if ((fsflags & MNT_RELOAD) != 0 && (flag & MNT_RDONLY) == 0) { 1308 vput(vp); 1309 return (EOPNOTSUPP); /* Needs translation */ 1310 } 1311 /* 1312 * Only privileged root, or (if MNT_USER is set) the user that 1313 * did the original mount is permitted to update it. 1314 */ 1315 error = vfs_suser(mp, td); 1316 if (error != 0) { 1317 vput(vp); 1318 return (error); 1319 } 1320 if (vfs_busy(mp, MBF_NOWAIT)) { 1321 vput(vp); 1322 return (EBUSY); 1323 } 1324 VI_LOCK(vp); 1325 if ((vp->v_iflag & VI_MOUNT) != 0 || vp->v_mountedhere != NULL) { 1326 VI_UNLOCK(vp); 1327 vfs_unbusy(mp); 1328 vput(vp); 1329 return (EBUSY); 1330 } 1331 vp->v_iflag |= VI_MOUNT; 1332 VI_UNLOCK(vp); 1333 VOP_UNLOCK(vp); 1334 1335 vfs_op_enter(mp); 1336 vn_seqc_write_begin(vp); 1337 1338 rootvp = NULL; 1339 MNT_ILOCK(mp); 1340 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0) { 1341 MNT_IUNLOCK(mp); 1342 error = EBUSY; 1343 goto end; 1344 } 1345 mp->mnt_flag &= ~MNT_UPDATEMASK; 1346 mp->mnt_flag |= fsflags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE | 1347 MNT_SNAPSHOT | MNT_ROOTFS | MNT_UPDATEMASK | MNT_RDONLY); 1348 if ((mp->mnt_flag & MNT_ASYNC) == 0) 1349 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1350 rootvp = vfs_cache_root_clear(mp); 1351 MNT_IUNLOCK(mp); 1352 mp->mnt_optnew = *optlist; 1353 vfs_mergeopts(mp->mnt_optnew, mp->mnt_opt); 1354 1355 /* 1356 * Mount the filesystem. 1357 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they 1358 * get. No freeing of cn_pnbuf. 1359 */ 1360 error = VFS_MOUNT(mp); 1361 1362 export_error = 0; 1363 /* Process the export option. */ 1364 if (error == 0 && vfs_getopt(mp->mnt_optnew, "export", &bufp, 1365 &len) == 0) { 1366 /* Assume that there is only 1 ABI for each length. */ 1367 switch (len) { 1368 case (sizeof(struct oexport_args)): 1369 bzero(&o2export, sizeof(o2export)); 1370 /* FALLTHROUGH */ 1371 case (sizeof(o2export)): 1372 bcopy(bufp, &o2export, len); 1373 export.ex_flags = (uint64_t)o2export.ex_flags; 1374 export.ex_root = o2export.ex_root; 1375 export.ex_uid = o2export.ex_anon.cr_uid; 1376 export.ex_groups = NULL; 1377 export.ex_ngroups = o2export.ex_anon.cr_ngroups; 1378 if (export.ex_ngroups > 0) { 1379 if (export.ex_ngroups <= XU_NGROUPS) { 1380 export.ex_groups = malloc( 1381 export.ex_ngroups * sizeof(gid_t), 1382 M_TEMP, M_WAITOK); 1383 for (i = 0; i < export.ex_ngroups; i++) 1384 export.ex_groups[i] = 1385 o2export.ex_anon.cr_groups[i]; 1386 } else 1387 export_error = EINVAL; 1388 } else if (export.ex_ngroups < 0) 1389 export_error = EINVAL; 1390 export.ex_addr = o2export.ex_addr; 1391 export.ex_addrlen = o2export.ex_addrlen; 1392 export.ex_mask = o2export.ex_mask; 1393 export.ex_masklen = o2export.ex_masklen; 1394 export.ex_indexfile = o2export.ex_indexfile; 1395 export.ex_numsecflavors = o2export.ex_numsecflavors; 1396 if (export.ex_numsecflavors < MAXSECFLAVORS) { 1397 for (i = 0; i < export.ex_numsecflavors; i++) 1398 export.ex_secflavors[i] = 1399 o2export.ex_secflavors[i]; 1400 } else 1401 export_error = EINVAL; 1402 if (export_error == 0) 1403 export_error = vfs_export(mp, &export, true); 1404 free(export.ex_groups, M_TEMP); 1405 break; 1406 case (sizeof(export)): 1407 bcopy(bufp, &export, len); 1408 grps = NULL; 1409 if (export.ex_ngroups > 0) { 1410 if (export.ex_ngroups <= NGROUPS_MAX) { 1411 grps = malloc(export.ex_ngroups * 1412 sizeof(gid_t), M_TEMP, M_WAITOK); 1413 export_error = copyin(export.ex_groups, 1414 grps, export.ex_ngroups * 1415 sizeof(gid_t)); 1416 if (export_error == 0) 1417 export.ex_groups = grps; 1418 } else 1419 export_error = EINVAL; 1420 } else if (export.ex_ngroups == 0) 1421 export.ex_groups = NULL; 1422 else 1423 export_error = EINVAL; 1424 if (export_error == 0) 1425 export_error = vfs_export(mp, &export, true); 1426 free(grps, M_TEMP); 1427 break; 1428 default: 1429 export_error = EINVAL; 1430 break; 1431 } 1432 } 1433 1434 MNT_ILOCK(mp); 1435 if (error == 0) { 1436 mp->mnt_flag &= ~(MNT_UPDATE | MNT_RELOAD | MNT_FORCE | 1437 MNT_SNAPSHOT); 1438 } else { 1439 /* 1440 * If we fail, restore old mount flags. MNT_QUOTA is special, 1441 * because it is not part of MNT_UPDATEMASK, but it could have 1442 * changed in the meantime if quotactl(2) was called. 1443 * All in all we want current value of MNT_QUOTA, not the old 1444 * one. 1445 */ 1446 mp->mnt_flag = (mp->mnt_flag & MNT_QUOTA) | (flag & ~MNT_QUOTA); 1447 } 1448 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 1449 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 1450 mp->mnt_kern_flag |= MNTK_ASYNC; 1451 else 1452 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1453 MNT_IUNLOCK(mp); 1454 1455 if (error != 0) 1456 goto end; 1457 1458 mount_devctl_event("REMOUNT", mp, true); 1459 if (mp->mnt_opt != NULL) 1460 vfs_freeopts(mp->mnt_opt); 1461 mp->mnt_opt = mp->mnt_optnew; 1462 *optlist = NULL; 1463 (void)VFS_STATFS(mp, &mp->mnt_stat); 1464 /* 1465 * Prevent external consumers of mount options from reading 1466 * mnt_optnew. 1467 */ 1468 mp->mnt_optnew = NULL; 1469 1470 if ((mp->mnt_flag & MNT_RDONLY) == 0) 1471 vfs_allocate_syncvnode(mp); 1472 else 1473 vfs_deallocate_syncvnode(mp); 1474 end: 1475 vfs_op_exit(mp); 1476 if (rootvp != NULL) { 1477 vn_seqc_write_end(rootvp); 1478 vrele(rootvp); 1479 } 1480 vn_seqc_write_end(vp); 1481 vfs_unbusy(mp); 1482 VI_LOCK(vp); 1483 vp->v_iflag &= ~VI_MOUNT; 1484 VI_UNLOCK(vp); 1485 vrele(vp); 1486 return (error != 0 ? error : export_error); 1487 } 1488 1489 /* 1490 * vfs_domount(): actually attempt a filesystem mount. 1491 */ 1492 static int 1493 vfs_domount( 1494 struct thread *td, /* Calling thread. */ 1495 const char *fstype, /* Filesystem type. */ 1496 char *fspath, /* Mount path. */ 1497 uint64_t fsflags, /* Flags common to all filesystems. */ 1498 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1499 ) 1500 { 1501 struct vfsconf *vfsp; 1502 struct nameidata nd; 1503 struct vnode *vp; 1504 char *pathbuf; 1505 int error; 1506 1507 /* 1508 * Be ultra-paranoid about making sure the type and fspath 1509 * variables will fit in our mp buffers, including the 1510 * terminating NUL. 1511 */ 1512 if (strlen(fstype) >= MFSNAMELEN || strlen(fspath) >= MNAMELEN) 1513 return (ENAMETOOLONG); 1514 1515 if (jailed(td->td_ucred) || usermount == 0) { 1516 if ((error = priv_check(td, PRIV_VFS_MOUNT)) != 0) 1517 return (error); 1518 } 1519 1520 /* 1521 * Do not allow NFS export or MNT_SUIDDIR by unprivileged users. 1522 */ 1523 if (fsflags & MNT_EXPORTED) { 1524 error = priv_check(td, PRIV_VFS_MOUNT_EXPORTED); 1525 if (error) 1526 return (error); 1527 } 1528 if (fsflags & MNT_SUIDDIR) { 1529 error = priv_check(td, PRIV_VFS_MOUNT_SUIDDIR); 1530 if (error) 1531 return (error); 1532 } 1533 /* 1534 * Silently enforce MNT_NOSUID and MNT_USER for unprivileged users. 1535 */ 1536 if ((fsflags & (MNT_NOSUID | MNT_USER)) != (MNT_NOSUID | MNT_USER)) { 1537 if (priv_check(td, PRIV_VFS_MOUNT_NONUSER) != 0) 1538 fsflags |= MNT_NOSUID | MNT_USER; 1539 } 1540 1541 /* Load KLDs before we lock the covered vnode to avoid reversals. */ 1542 vfsp = NULL; 1543 if ((fsflags & MNT_UPDATE) == 0) { 1544 /* Don't try to load KLDs if we're mounting the root. */ 1545 if (fsflags & MNT_ROOTFS) { 1546 if ((vfsp = vfs_byname(fstype)) == NULL) 1547 return (ENODEV); 1548 } else { 1549 if ((vfsp = vfs_byname_kld(fstype, td, &error)) == NULL) 1550 return (error); 1551 } 1552 } 1553 1554 /* 1555 * Get vnode to be covered or mount point's vnode in case of MNT_UPDATE. 1556 */ 1557 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1 | WANTPARENT, 1558 UIO_SYSSPACE, fspath); 1559 error = namei(&nd); 1560 if (error != 0) 1561 return (error); 1562 vp = nd.ni_vp; 1563 /* 1564 * Don't allow stacking file mounts to work around problems with the way 1565 * that namei sets nd.ni_dvp to vp_crossmp for these. 1566 */ 1567 if (vp->v_type == VREG) 1568 fsflags |= MNT_NOCOVER; 1569 if ((fsflags & MNT_UPDATE) == 0) { 1570 if ((vp->v_vflag & VV_ROOT) != 0 && 1571 (fsflags & MNT_NOCOVER) != 0) { 1572 vput(vp); 1573 error = EBUSY; 1574 goto out; 1575 } 1576 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1577 strcpy(pathbuf, fspath); 1578 /* 1579 * Note: we allow any vnode type here. If the path sanity check 1580 * succeeds, the type will be validated in vfs_domount_first 1581 * above. 1582 */ 1583 if (vp->v_type == VDIR) 1584 error = vn_path_to_global_path(td, vp, pathbuf, 1585 MNAMELEN); 1586 else 1587 error = vn_path_to_global_path_hardlink(td, vp, 1588 nd.ni_dvp, pathbuf, MNAMELEN, 1589 nd.ni_cnd.cn_nameptr, nd.ni_cnd.cn_namelen); 1590 if (error == 0) { 1591 error = vfs_domount_first(td, vfsp, pathbuf, vp, 1592 fsflags, optlist); 1593 } 1594 free(pathbuf, M_TEMP); 1595 } else 1596 error = vfs_domount_update(td, vp, fsflags, optlist); 1597 1598 out: 1599 NDFREE_PNBUF(&nd); 1600 vrele(nd.ni_dvp); 1601 1602 return (error); 1603 } 1604 1605 /* 1606 * Unmount a filesystem. 1607 * 1608 * Note: unmount takes a path to the vnode mounted on as argument, not 1609 * special file (as before). 1610 */ 1611 #ifndef _SYS_SYSPROTO_H_ 1612 struct unmount_args { 1613 char *path; 1614 int flags; 1615 }; 1616 #endif 1617 /* ARGSUSED */ 1618 int 1619 sys_unmount(struct thread *td, struct unmount_args *uap) 1620 { 1621 1622 return (kern_unmount(td, uap->path, uap->flags)); 1623 } 1624 1625 int 1626 kern_unmount(struct thread *td, const char *path, int flags) 1627 { 1628 struct nameidata nd; 1629 struct mount *mp; 1630 char *fsidbuf, *pathbuf; 1631 fsid_t fsid; 1632 int error; 1633 1634 AUDIT_ARG_VALUE(flags); 1635 if (jailed(td->td_ucred) || usermount == 0) { 1636 error = priv_check(td, PRIV_VFS_UNMOUNT); 1637 if (error) 1638 return (error); 1639 } 1640 1641 if (flags & MNT_BYFSID) { 1642 fsidbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1643 error = copyinstr(path, fsidbuf, MNAMELEN, NULL); 1644 if (error) { 1645 free(fsidbuf, M_TEMP); 1646 return (error); 1647 } 1648 1649 AUDIT_ARG_TEXT(fsidbuf); 1650 /* Decode the filesystem ID. */ 1651 if (sscanf(fsidbuf, "FSID:%d:%d", &fsid.val[0], &fsid.val[1]) != 2) { 1652 free(fsidbuf, M_TEMP); 1653 return (EINVAL); 1654 } 1655 1656 mp = vfs_getvfs(&fsid); 1657 free(fsidbuf, M_TEMP); 1658 if (mp == NULL) { 1659 return (ENOENT); 1660 } 1661 } else { 1662 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1663 error = copyinstr(path, pathbuf, MNAMELEN, NULL); 1664 if (error) { 1665 free(pathbuf, M_TEMP); 1666 return (error); 1667 } 1668 1669 /* 1670 * Try to find global path for path argument. 1671 */ 1672 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, 1673 UIO_SYSSPACE, pathbuf); 1674 if (namei(&nd) == 0) { 1675 NDFREE_PNBUF(&nd); 1676 error = vn_path_to_global_path(td, nd.ni_vp, pathbuf, 1677 MNAMELEN); 1678 if (error == 0) 1679 vput(nd.ni_vp); 1680 } 1681 mtx_lock(&mountlist_mtx); 1682 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 1683 if (strcmp(mp->mnt_stat.f_mntonname, pathbuf) == 0) { 1684 vfs_ref(mp); 1685 break; 1686 } 1687 } 1688 mtx_unlock(&mountlist_mtx); 1689 free(pathbuf, M_TEMP); 1690 if (mp == NULL) { 1691 /* 1692 * Previously we returned ENOENT for a nonexistent path and 1693 * EINVAL for a non-mountpoint. We cannot tell these apart 1694 * now, so in the !MNT_BYFSID case return the more likely 1695 * EINVAL for compatibility. 1696 */ 1697 return (EINVAL); 1698 } 1699 } 1700 1701 /* 1702 * Don't allow unmounting the root filesystem. 1703 */ 1704 if (mp->mnt_flag & MNT_ROOTFS) { 1705 vfs_rel(mp); 1706 return (EINVAL); 1707 } 1708 error = dounmount(mp, flags, td); 1709 return (error); 1710 } 1711 1712 /* 1713 * Return error if any of the vnodes, ignoring the root vnode 1714 * and the syncer vnode, have non-zero usecount. 1715 * 1716 * This function is purely advisory - it can return false positives 1717 * and negatives. 1718 */ 1719 static int 1720 vfs_check_usecounts(struct mount *mp) 1721 { 1722 struct vnode *vp, *mvp; 1723 1724 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) { 1725 if ((vp->v_vflag & VV_ROOT) == 0 && vp->v_type != VNON && 1726 vp->v_usecount != 0) { 1727 VI_UNLOCK(vp); 1728 MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp); 1729 return (EBUSY); 1730 } 1731 VI_UNLOCK(vp); 1732 } 1733 1734 return (0); 1735 } 1736 1737 static void 1738 dounmount_cleanup(struct mount *mp, struct vnode *coveredvp, int mntkflags) 1739 { 1740 1741 mtx_assert(MNT_MTX(mp), MA_OWNED); 1742 mp->mnt_kern_flag &= ~mntkflags; 1743 if ((mp->mnt_kern_flag & MNTK_MWAIT) != 0) { 1744 mp->mnt_kern_flag &= ~MNTK_MWAIT; 1745 wakeup(mp); 1746 } 1747 vfs_op_exit_locked(mp); 1748 MNT_IUNLOCK(mp); 1749 if (coveredvp != NULL) { 1750 VOP_UNLOCK(coveredvp); 1751 vdrop(coveredvp); 1752 } 1753 vn_finished_write(mp); 1754 vfs_rel(mp); 1755 } 1756 1757 /* 1758 * There are various reference counters associated with the mount point. 1759 * Normally it is permitted to modify them without taking the mnt ilock, 1760 * but this behavior can be temporarily disabled if stable value is needed 1761 * or callers are expected to block (e.g. to not allow new users during 1762 * forced unmount). 1763 */ 1764 void 1765 vfs_op_enter(struct mount *mp) 1766 { 1767 struct mount_pcpu *mpcpu; 1768 int cpu; 1769 1770 MNT_ILOCK(mp); 1771 mp->mnt_vfs_ops++; 1772 if (mp->mnt_vfs_ops > 1) { 1773 MNT_IUNLOCK(mp); 1774 return; 1775 } 1776 vfs_op_barrier_wait(mp); 1777 CPU_FOREACH(cpu) { 1778 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1779 1780 mp->mnt_ref += mpcpu->mntp_ref; 1781 mpcpu->mntp_ref = 0; 1782 1783 mp->mnt_lockref += mpcpu->mntp_lockref; 1784 mpcpu->mntp_lockref = 0; 1785 1786 mp->mnt_writeopcount += mpcpu->mntp_writeopcount; 1787 mpcpu->mntp_writeopcount = 0; 1788 } 1789 MPASSERT(mp->mnt_ref > 0 && mp->mnt_lockref >= 0 && 1790 mp->mnt_writeopcount >= 0, mp, 1791 ("invalid count(s): ref %d lockref %d writeopcount %d", 1792 mp->mnt_ref, mp->mnt_lockref, mp->mnt_writeopcount)); 1793 MNT_IUNLOCK(mp); 1794 vfs_assert_mount_counters(mp); 1795 } 1796 1797 void 1798 vfs_op_exit_locked(struct mount *mp) 1799 { 1800 1801 mtx_assert(MNT_MTX(mp), MA_OWNED); 1802 1803 MPASSERT(mp->mnt_vfs_ops > 0, mp, 1804 ("invalid vfs_ops count %d", mp->mnt_vfs_ops)); 1805 MPASSERT(mp->mnt_vfs_ops > 1 || 1806 (mp->mnt_kern_flag & (MNTK_UNMOUNT | MNTK_SUSPEND)) == 0, mp, 1807 ("vfs_ops too low %d in unmount or suspend", mp->mnt_vfs_ops)); 1808 mp->mnt_vfs_ops--; 1809 } 1810 1811 void 1812 vfs_op_exit(struct mount *mp) 1813 { 1814 1815 MNT_ILOCK(mp); 1816 vfs_op_exit_locked(mp); 1817 MNT_IUNLOCK(mp); 1818 } 1819 1820 struct vfs_op_barrier_ipi { 1821 struct mount *mp; 1822 struct smp_rendezvous_cpus_retry_arg srcra; 1823 }; 1824 1825 static void 1826 vfs_op_action_func(void *arg) 1827 { 1828 struct vfs_op_barrier_ipi *vfsopipi; 1829 struct mount *mp; 1830 1831 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra); 1832 mp = vfsopipi->mp; 1833 1834 if (!vfs_op_thread_entered(mp)) 1835 smp_rendezvous_cpus_done(arg); 1836 } 1837 1838 static void 1839 vfs_op_wait_func(void *arg, int cpu) 1840 { 1841 struct vfs_op_barrier_ipi *vfsopipi; 1842 struct mount *mp; 1843 struct mount_pcpu *mpcpu; 1844 1845 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra); 1846 mp = vfsopipi->mp; 1847 1848 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1849 while (atomic_load_int(&mpcpu->mntp_thread_in_ops)) 1850 cpu_spinwait(); 1851 } 1852 1853 void 1854 vfs_op_barrier_wait(struct mount *mp) 1855 { 1856 struct vfs_op_barrier_ipi vfsopipi; 1857 1858 vfsopipi.mp = mp; 1859 1860 smp_rendezvous_cpus_retry(all_cpus, 1861 smp_no_rendezvous_barrier, 1862 vfs_op_action_func, 1863 smp_no_rendezvous_barrier, 1864 vfs_op_wait_func, 1865 &vfsopipi.srcra); 1866 } 1867 1868 #ifdef DIAGNOSTIC 1869 void 1870 vfs_assert_mount_counters(struct mount *mp) 1871 { 1872 struct mount_pcpu *mpcpu; 1873 int cpu; 1874 1875 if (mp->mnt_vfs_ops == 0) 1876 return; 1877 1878 CPU_FOREACH(cpu) { 1879 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1880 if (mpcpu->mntp_ref != 0 || 1881 mpcpu->mntp_lockref != 0 || 1882 mpcpu->mntp_writeopcount != 0) 1883 vfs_dump_mount_counters(mp); 1884 } 1885 } 1886 1887 void 1888 vfs_dump_mount_counters(struct mount *mp) 1889 { 1890 struct mount_pcpu *mpcpu; 1891 int ref, lockref, writeopcount; 1892 int cpu; 1893 1894 printf("%s: mp %p vfs_ops %d\n", __func__, mp, mp->mnt_vfs_ops); 1895 1896 printf(" ref : "); 1897 ref = mp->mnt_ref; 1898 CPU_FOREACH(cpu) { 1899 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1900 printf("%d ", mpcpu->mntp_ref); 1901 ref += mpcpu->mntp_ref; 1902 } 1903 printf("\n"); 1904 printf(" lockref : "); 1905 lockref = mp->mnt_lockref; 1906 CPU_FOREACH(cpu) { 1907 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1908 printf("%d ", mpcpu->mntp_lockref); 1909 lockref += mpcpu->mntp_lockref; 1910 } 1911 printf("\n"); 1912 printf("writeopcount: "); 1913 writeopcount = mp->mnt_writeopcount; 1914 CPU_FOREACH(cpu) { 1915 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1916 printf("%d ", mpcpu->mntp_writeopcount); 1917 writeopcount += mpcpu->mntp_writeopcount; 1918 } 1919 printf("\n"); 1920 1921 printf("counter struct total\n"); 1922 printf("ref %-5d %-5d\n", mp->mnt_ref, ref); 1923 printf("lockref %-5d %-5d\n", mp->mnt_lockref, lockref); 1924 printf("writeopcount %-5d %-5d\n", mp->mnt_writeopcount, writeopcount); 1925 1926 panic("invalid counts on struct mount"); 1927 } 1928 #endif 1929 1930 int 1931 vfs_mount_fetch_counter(struct mount *mp, enum mount_counter which) 1932 { 1933 struct mount_pcpu *mpcpu; 1934 int cpu, sum; 1935 1936 switch (which) { 1937 case MNT_COUNT_REF: 1938 sum = mp->mnt_ref; 1939 break; 1940 case MNT_COUNT_LOCKREF: 1941 sum = mp->mnt_lockref; 1942 break; 1943 case MNT_COUNT_WRITEOPCOUNT: 1944 sum = mp->mnt_writeopcount; 1945 break; 1946 } 1947 1948 CPU_FOREACH(cpu) { 1949 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1950 switch (which) { 1951 case MNT_COUNT_REF: 1952 sum += mpcpu->mntp_ref; 1953 break; 1954 case MNT_COUNT_LOCKREF: 1955 sum += mpcpu->mntp_lockref; 1956 break; 1957 case MNT_COUNT_WRITEOPCOUNT: 1958 sum += mpcpu->mntp_writeopcount; 1959 break; 1960 } 1961 } 1962 return (sum); 1963 } 1964 1965 static bool 1966 deferred_unmount_enqueue(struct mount *mp, uint64_t flags, bool requeue, 1967 int timeout_ticks) 1968 { 1969 bool enqueued; 1970 1971 enqueued = false; 1972 mtx_lock(&deferred_unmount_lock); 1973 if ((mp->mnt_taskqueue_flags & MNT_DEFERRED) == 0 || requeue) { 1974 mp->mnt_taskqueue_flags = flags | MNT_DEFERRED; 1975 STAILQ_INSERT_TAIL(&deferred_unmount_list, mp, 1976 mnt_taskqueue_link); 1977 enqueued = true; 1978 } 1979 mtx_unlock(&deferred_unmount_lock); 1980 1981 if (enqueued) { 1982 taskqueue_enqueue_timeout(taskqueue_deferred_unmount, 1983 &deferred_unmount_task, timeout_ticks); 1984 } 1985 1986 return (enqueued); 1987 } 1988 1989 /* 1990 * Taskqueue handler for processing async/recursive unmounts 1991 */ 1992 static void 1993 vfs_deferred_unmount(void *argi __unused, int pending __unused) 1994 { 1995 STAILQ_HEAD(, mount) local_unmounts; 1996 uint64_t flags; 1997 struct mount *mp, *tmp; 1998 int error; 1999 unsigned int retries; 2000 bool unmounted; 2001 2002 STAILQ_INIT(&local_unmounts); 2003 mtx_lock(&deferred_unmount_lock); 2004 STAILQ_CONCAT(&local_unmounts, &deferred_unmount_list); 2005 mtx_unlock(&deferred_unmount_lock); 2006 2007 STAILQ_FOREACH_SAFE(mp, &local_unmounts, mnt_taskqueue_link, tmp) { 2008 flags = mp->mnt_taskqueue_flags; 2009 KASSERT((flags & MNT_DEFERRED) != 0, 2010 ("taskqueue unmount without MNT_DEFERRED")); 2011 error = dounmount(mp, flags, curthread); 2012 if (error != 0) { 2013 MNT_ILOCK(mp); 2014 unmounted = ((mp->mnt_kern_flag & MNTK_REFEXPIRE) != 0); 2015 MNT_IUNLOCK(mp); 2016 2017 /* 2018 * The deferred unmount thread is the only thread that 2019 * modifies the retry counts, so locking/atomics aren't 2020 * needed here. 2021 */ 2022 retries = (mp->mnt_unmount_retries)++; 2023 deferred_unmount_total_retries++; 2024 if (!unmounted && retries < deferred_unmount_retry_limit) { 2025 deferred_unmount_enqueue(mp, flags, true, 2026 -deferred_unmount_retry_delay_hz); 2027 } else { 2028 if (retries >= deferred_unmount_retry_limit) { 2029 printf("giving up on deferred unmount " 2030 "of %s after %d retries, error %d\n", 2031 mp->mnt_stat.f_mntonname, retries, error); 2032 } 2033 vfs_rel(mp); 2034 } 2035 } 2036 } 2037 } 2038 2039 /* 2040 * Do the actual filesystem unmount. 2041 */ 2042 int 2043 dounmount(struct mount *mp, uint64_t flags, struct thread *td) 2044 { 2045 struct mount_upper_node *upper; 2046 struct vnode *coveredvp, *rootvp; 2047 int error; 2048 uint64_t async_flag; 2049 int mnt_gen_r; 2050 unsigned int retries; 2051 2052 KASSERT((flags & MNT_DEFERRED) == 0 || 2053 (flags & (MNT_RECURSE | MNT_FORCE)) == (MNT_RECURSE | MNT_FORCE), 2054 ("MNT_DEFERRED requires MNT_RECURSE | MNT_FORCE")); 2055 2056 /* 2057 * If the caller has explicitly requested the unmount to be handled by 2058 * the taskqueue and we're not already in taskqueue context, queue 2059 * up the unmount request and exit. This is done prior to any 2060 * credential checks; MNT_DEFERRED should be used only for kernel- 2061 * initiated unmounts and will therefore be processed with the 2062 * (kernel) credentials of the taskqueue thread. Still, callers 2063 * should be sure this is the behavior they want. 2064 */ 2065 if ((flags & MNT_DEFERRED) != 0 && 2066 taskqueue_member(taskqueue_deferred_unmount, curthread) == 0) { 2067 if (!deferred_unmount_enqueue(mp, flags, false, 0)) 2068 vfs_rel(mp); 2069 return (EINPROGRESS); 2070 } 2071 2072 /* 2073 * Only privileged root, or (if MNT_USER is set) the user that did the 2074 * original mount is permitted to unmount this filesystem. 2075 * This check should be made prior to queueing up any recursive 2076 * unmounts of upper filesystems. Those unmounts will be executed 2077 * with kernel thread credentials and are expected to succeed, so 2078 * we must at least ensure the originating context has sufficient 2079 * privilege to unmount the base filesystem before proceeding with 2080 * the uppers. 2081 */ 2082 error = vfs_suser(mp, td); 2083 if (error != 0) { 2084 KASSERT((flags & MNT_DEFERRED) == 0, 2085 ("taskqueue unmount with insufficient privilege")); 2086 vfs_rel(mp); 2087 return (error); 2088 } 2089 2090 if (recursive_forced_unmount && ((flags & MNT_FORCE) != 0)) 2091 flags |= MNT_RECURSE; 2092 2093 if ((flags & MNT_RECURSE) != 0) { 2094 KASSERT((flags & MNT_FORCE) != 0, 2095 ("MNT_RECURSE requires MNT_FORCE")); 2096 2097 MNT_ILOCK(mp); 2098 /* 2099 * Set MNTK_RECURSE to prevent new upper mounts from being 2100 * added, and note that an operation on the uppers list is in 2101 * progress. This will ensure that unregistration from the 2102 * uppers list, and therefore any pending unmount of the upper 2103 * FS, can't complete until after we finish walking the list. 2104 */ 2105 mp->mnt_kern_flag |= MNTK_RECURSE; 2106 mp->mnt_upper_pending++; 2107 TAILQ_FOREACH(upper, &mp->mnt_uppers, mnt_upper_link) { 2108 retries = upper->mp->mnt_unmount_retries; 2109 if (retries > deferred_unmount_retry_limit) { 2110 error = EBUSY; 2111 continue; 2112 } 2113 MNT_IUNLOCK(mp); 2114 2115 vfs_ref(upper->mp); 2116 if (!deferred_unmount_enqueue(upper->mp, flags, 2117 false, 0)) 2118 vfs_rel(upper->mp); 2119 MNT_ILOCK(mp); 2120 } 2121 mp->mnt_upper_pending--; 2122 if ((mp->mnt_kern_flag & MNTK_UPPER_WAITER) != 0 && 2123 mp->mnt_upper_pending == 0) { 2124 mp->mnt_kern_flag &= ~MNTK_UPPER_WAITER; 2125 wakeup(&mp->mnt_uppers); 2126 } 2127 2128 /* 2129 * If we're not on the taskqueue, wait until the uppers list 2130 * is drained before proceeding with unmount. Otherwise, if 2131 * we are on the taskqueue and there are still pending uppers, 2132 * just re-enqueue on the end of the taskqueue. 2133 */ 2134 if ((flags & MNT_DEFERRED) == 0) { 2135 while (error == 0 && !TAILQ_EMPTY(&mp->mnt_uppers)) { 2136 mp->mnt_kern_flag |= MNTK_TASKQUEUE_WAITER; 2137 error = msleep(&mp->mnt_taskqueue_link, 2138 MNT_MTX(mp), PCATCH, "umntqw", 0); 2139 } 2140 if (error != 0) { 2141 MNT_REL(mp); 2142 MNT_IUNLOCK(mp); 2143 return (error); 2144 } 2145 } else if (!TAILQ_EMPTY(&mp->mnt_uppers)) { 2146 MNT_IUNLOCK(mp); 2147 if (error == 0) 2148 deferred_unmount_enqueue(mp, flags, true, 0); 2149 return (error); 2150 } 2151 MNT_IUNLOCK(mp); 2152 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers not empty")); 2153 } 2154 2155 /* Allow the taskqueue to safely re-enqueue on failure */ 2156 if ((flags & MNT_DEFERRED) != 0) 2157 vfs_ref(mp); 2158 2159 if ((coveredvp = mp->mnt_vnodecovered) != NULL) { 2160 mnt_gen_r = mp->mnt_gen; 2161 VI_LOCK(coveredvp); 2162 vholdl(coveredvp); 2163 vn_lock(coveredvp, LK_EXCLUSIVE | LK_INTERLOCK | LK_RETRY); 2164 /* 2165 * Check for mp being unmounted while waiting for the 2166 * covered vnode lock. 2167 */ 2168 if (coveredvp->v_mountedhere != mp || 2169 coveredvp->v_mountedhere->mnt_gen != mnt_gen_r) { 2170 VOP_UNLOCK(coveredvp); 2171 vdrop(coveredvp); 2172 vfs_rel(mp); 2173 return (EBUSY); 2174 } 2175 } 2176 2177 vfs_op_enter(mp); 2178 2179 vn_start_write(NULL, &mp, V_WAIT); 2180 MNT_ILOCK(mp); 2181 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0 || 2182 (mp->mnt_flag & MNT_UPDATE) != 0 || 2183 !TAILQ_EMPTY(&mp->mnt_uppers)) { 2184 dounmount_cleanup(mp, coveredvp, 0); 2185 return (EBUSY); 2186 } 2187 mp->mnt_kern_flag |= MNTK_UNMOUNT; 2188 rootvp = vfs_cache_root_clear(mp); 2189 if (coveredvp != NULL) 2190 vn_seqc_write_begin(coveredvp); 2191 if (flags & MNT_NONBUSY) { 2192 MNT_IUNLOCK(mp); 2193 error = vfs_check_usecounts(mp); 2194 MNT_ILOCK(mp); 2195 if (error != 0) { 2196 vn_seqc_write_end(coveredvp); 2197 dounmount_cleanup(mp, coveredvp, MNTK_UNMOUNT); 2198 if (rootvp != NULL) { 2199 vn_seqc_write_end(rootvp); 2200 vrele(rootvp); 2201 } 2202 return (error); 2203 } 2204 } 2205 /* Allow filesystems to detect that a forced unmount is in progress. */ 2206 if (flags & MNT_FORCE) { 2207 mp->mnt_kern_flag |= MNTK_UNMOUNTF; 2208 MNT_IUNLOCK(mp); 2209 /* 2210 * Must be done after setting MNTK_UNMOUNTF and before 2211 * waiting for mnt_lockref to become 0. 2212 */ 2213 VFS_PURGE(mp); 2214 MNT_ILOCK(mp); 2215 } 2216 error = 0; 2217 if (mp->mnt_lockref) { 2218 mp->mnt_kern_flag |= MNTK_DRAINING; 2219 error = msleep(&mp->mnt_lockref, MNT_MTX(mp), PVFS, 2220 "mount drain", 0); 2221 } 2222 MNT_IUNLOCK(mp); 2223 KASSERT(mp->mnt_lockref == 0, 2224 ("%s: invalid lock refcount in the drain path @ %s:%d", 2225 __func__, __FILE__, __LINE__)); 2226 KASSERT(error == 0, 2227 ("%s: invalid return value for msleep in the drain path @ %s:%d", 2228 __func__, __FILE__, __LINE__)); 2229 2230 /* 2231 * We want to keep the vnode around so that we can vn_seqc_write_end 2232 * after we are done with unmount. Downgrade our reference to a mere 2233 * hold count so that we don't interefere with anything. 2234 */ 2235 if (rootvp != NULL) { 2236 vhold(rootvp); 2237 vrele(rootvp); 2238 } 2239 2240 if (mp->mnt_flag & MNT_EXPUBLIC) 2241 vfs_setpublicfs(NULL, NULL, NULL); 2242 2243 vfs_periodic(mp, MNT_WAIT); 2244 MNT_ILOCK(mp); 2245 async_flag = mp->mnt_flag & MNT_ASYNC; 2246 mp->mnt_flag &= ~MNT_ASYNC; 2247 mp->mnt_kern_flag &= ~MNTK_ASYNC; 2248 MNT_IUNLOCK(mp); 2249 vfs_deallocate_syncvnode(mp); 2250 error = VFS_UNMOUNT(mp, flags); 2251 vn_finished_write(mp); 2252 vfs_rel(mp); 2253 /* 2254 * If we failed to flush the dirty blocks for this mount point, 2255 * undo all the cdir/rdir and rootvnode changes we made above. 2256 * Unless we failed to do so because the device is reporting that 2257 * it doesn't exist anymore. 2258 */ 2259 if (error && error != ENXIO) { 2260 MNT_ILOCK(mp); 2261 if ((mp->mnt_flag & MNT_RDONLY) == 0) { 2262 MNT_IUNLOCK(mp); 2263 vfs_allocate_syncvnode(mp); 2264 MNT_ILOCK(mp); 2265 } 2266 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF); 2267 mp->mnt_flag |= async_flag; 2268 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 2269 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 2270 mp->mnt_kern_flag |= MNTK_ASYNC; 2271 if (mp->mnt_kern_flag & MNTK_MWAIT) { 2272 mp->mnt_kern_flag &= ~MNTK_MWAIT; 2273 wakeup(mp); 2274 } 2275 vfs_op_exit_locked(mp); 2276 MNT_IUNLOCK(mp); 2277 if (coveredvp) { 2278 vn_seqc_write_end(coveredvp); 2279 VOP_UNLOCK(coveredvp); 2280 vdrop(coveredvp); 2281 } 2282 if (rootvp != NULL) { 2283 vn_seqc_write_end(rootvp); 2284 vdrop(rootvp); 2285 } 2286 return (error); 2287 } 2288 2289 mtx_lock(&mountlist_mtx); 2290 TAILQ_REMOVE(&mountlist, mp, mnt_list); 2291 mtx_unlock(&mountlist_mtx); 2292 EVENTHANDLER_DIRECT_INVOKE(vfs_unmounted, mp, td); 2293 if (coveredvp != NULL) { 2294 VI_LOCK(coveredvp); 2295 vn_irflag_unset_locked(coveredvp, VIRF_MOUNTPOINT); 2296 coveredvp->v_mountedhere = NULL; 2297 vn_seqc_write_end_locked(coveredvp); 2298 VI_UNLOCK(coveredvp); 2299 VOP_UNLOCK(coveredvp); 2300 vdrop(coveredvp); 2301 } 2302 mount_devctl_event("UNMOUNT", mp, false); 2303 if (rootvp != NULL) { 2304 vn_seqc_write_end(rootvp); 2305 vdrop(rootvp); 2306 } 2307 vfs_event_signal(NULL, VQ_UNMOUNT, 0); 2308 if (rootvnode != NULL && mp == rootvnode->v_mount) { 2309 vrele(rootvnode); 2310 rootvnode = NULL; 2311 } 2312 if (mp == rootdevmp) 2313 rootdevmp = NULL; 2314 if ((flags & MNT_DEFERRED) != 0) 2315 vfs_rel(mp); 2316 vfs_mount_destroy(mp); 2317 return (0); 2318 } 2319 2320 /* 2321 * Report errors during filesystem mounting. 2322 */ 2323 void 2324 vfs_mount_error(struct mount *mp, const char *fmt, ...) 2325 { 2326 struct vfsoptlist *moptlist = mp->mnt_optnew; 2327 va_list ap; 2328 int error, len; 2329 char *errmsg; 2330 2331 error = vfs_getopt(moptlist, "errmsg", (void **)&errmsg, &len); 2332 if (error || errmsg == NULL || len <= 0) 2333 return; 2334 2335 va_start(ap, fmt); 2336 vsnprintf(errmsg, (size_t)len, fmt, ap); 2337 va_end(ap); 2338 } 2339 2340 void 2341 vfs_opterror(struct vfsoptlist *opts, const char *fmt, ...) 2342 { 2343 va_list ap; 2344 int error, len; 2345 char *errmsg; 2346 2347 error = vfs_getopt(opts, "errmsg", (void **)&errmsg, &len); 2348 if (error || errmsg == NULL || len <= 0) 2349 return; 2350 2351 va_start(ap, fmt); 2352 vsnprintf(errmsg, (size_t)len, fmt, ap); 2353 va_end(ap); 2354 } 2355 2356 /* 2357 * --------------------------------------------------------------------- 2358 * Functions for querying mount options/arguments from filesystems. 2359 */ 2360 2361 /* 2362 * Check that no unknown options are given 2363 */ 2364 int 2365 vfs_filteropt(struct vfsoptlist *opts, const char **legal) 2366 { 2367 struct vfsopt *opt; 2368 char errmsg[255]; 2369 const char **t, *p, *q; 2370 int ret = 0; 2371 2372 TAILQ_FOREACH(opt, opts, link) { 2373 p = opt->name; 2374 q = NULL; 2375 if (p[0] == 'n' && p[1] == 'o') 2376 q = p + 2; 2377 for(t = global_opts; *t != NULL; t++) { 2378 if (strcmp(*t, p) == 0) 2379 break; 2380 if (q != NULL) { 2381 if (strcmp(*t, q) == 0) 2382 break; 2383 } 2384 } 2385 if (*t != NULL) 2386 continue; 2387 for(t = legal; *t != NULL; t++) { 2388 if (strcmp(*t, p) == 0) 2389 break; 2390 if (q != NULL) { 2391 if (strcmp(*t, q) == 0) 2392 break; 2393 } 2394 } 2395 if (*t != NULL) 2396 continue; 2397 snprintf(errmsg, sizeof(errmsg), 2398 "mount option <%s> is unknown", p); 2399 ret = EINVAL; 2400 } 2401 if (ret != 0) { 2402 TAILQ_FOREACH(opt, opts, link) { 2403 if (strcmp(opt->name, "errmsg") == 0) { 2404 strncpy((char *)opt->value, errmsg, opt->len); 2405 break; 2406 } 2407 } 2408 if (opt == NULL) 2409 printf("%s\n", errmsg); 2410 } 2411 return (ret); 2412 } 2413 2414 /* 2415 * Get a mount option by its name. 2416 * 2417 * Return 0 if the option was found, ENOENT otherwise. 2418 * If len is non-NULL it will be filled with the length 2419 * of the option. If buf is non-NULL, it will be filled 2420 * with the address of the option. 2421 */ 2422 int 2423 vfs_getopt(struct vfsoptlist *opts, const char *name, void **buf, int *len) 2424 { 2425 struct vfsopt *opt; 2426 2427 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL")); 2428 2429 TAILQ_FOREACH(opt, opts, link) { 2430 if (strcmp(name, opt->name) == 0) { 2431 opt->seen = 1; 2432 if (len != NULL) 2433 *len = opt->len; 2434 if (buf != NULL) 2435 *buf = opt->value; 2436 return (0); 2437 } 2438 } 2439 return (ENOENT); 2440 } 2441 2442 int 2443 vfs_getopt_pos(struct vfsoptlist *opts, const char *name) 2444 { 2445 struct vfsopt *opt; 2446 2447 if (opts == NULL) 2448 return (-1); 2449 2450 TAILQ_FOREACH(opt, opts, link) { 2451 if (strcmp(name, opt->name) == 0) { 2452 opt->seen = 1; 2453 return (opt->pos); 2454 } 2455 } 2456 return (-1); 2457 } 2458 2459 int 2460 vfs_getopt_size(struct vfsoptlist *opts, const char *name, off_t *value) 2461 { 2462 char *opt_value, *vtp; 2463 quad_t iv; 2464 int error, opt_len; 2465 2466 error = vfs_getopt(opts, name, (void **)&opt_value, &opt_len); 2467 if (error != 0) 2468 return (error); 2469 if (opt_len == 0 || opt_value == NULL) 2470 return (EINVAL); 2471 if (opt_value[0] == '\0' || opt_value[opt_len - 1] != '\0') 2472 return (EINVAL); 2473 iv = strtoq(opt_value, &vtp, 0); 2474 if (vtp == opt_value || (vtp[0] != '\0' && vtp[1] != '\0')) 2475 return (EINVAL); 2476 if (iv < 0) 2477 return (EINVAL); 2478 switch (vtp[0]) { 2479 case 't': case 'T': 2480 iv *= 1024; 2481 /* FALLTHROUGH */ 2482 case 'g': case 'G': 2483 iv *= 1024; 2484 /* FALLTHROUGH */ 2485 case 'm': case 'M': 2486 iv *= 1024; 2487 /* FALLTHROUGH */ 2488 case 'k': case 'K': 2489 iv *= 1024; 2490 case '\0': 2491 break; 2492 default: 2493 return (EINVAL); 2494 } 2495 *value = iv; 2496 2497 return (0); 2498 } 2499 2500 char * 2501 vfs_getopts(struct vfsoptlist *opts, const char *name, int *error) 2502 { 2503 struct vfsopt *opt; 2504 2505 *error = 0; 2506 TAILQ_FOREACH(opt, opts, link) { 2507 if (strcmp(name, opt->name) != 0) 2508 continue; 2509 opt->seen = 1; 2510 if (opt->len == 0 || 2511 ((char *)opt->value)[opt->len - 1] != '\0') { 2512 *error = EINVAL; 2513 return (NULL); 2514 } 2515 return (opt->value); 2516 } 2517 *error = ENOENT; 2518 return (NULL); 2519 } 2520 2521 int 2522 vfs_flagopt(struct vfsoptlist *opts, const char *name, uint64_t *w, 2523 uint64_t val) 2524 { 2525 struct vfsopt *opt; 2526 2527 TAILQ_FOREACH(opt, opts, link) { 2528 if (strcmp(name, opt->name) == 0) { 2529 opt->seen = 1; 2530 if (w != NULL) 2531 *w |= val; 2532 return (1); 2533 } 2534 } 2535 if (w != NULL) 2536 *w &= ~val; 2537 return (0); 2538 } 2539 2540 int 2541 vfs_scanopt(struct vfsoptlist *opts, const char *name, const char *fmt, ...) 2542 { 2543 va_list ap; 2544 struct vfsopt *opt; 2545 int ret; 2546 2547 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL")); 2548 2549 TAILQ_FOREACH(opt, opts, link) { 2550 if (strcmp(name, opt->name) != 0) 2551 continue; 2552 opt->seen = 1; 2553 if (opt->len == 0 || opt->value == NULL) 2554 return (0); 2555 if (((char *)opt->value)[opt->len - 1] != '\0') 2556 return (0); 2557 va_start(ap, fmt); 2558 ret = vsscanf(opt->value, fmt, ap); 2559 va_end(ap); 2560 return (ret); 2561 } 2562 return (0); 2563 } 2564 2565 int 2566 vfs_setopt(struct vfsoptlist *opts, const char *name, void *value, int len) 2567 { 2568 struct vfsopt *opt; 2569 2570 TAILQ_FOREACH(opt, opts, link) { 2571 if (strcmp(name, opt->name) != 0) 2572 continue; 2573 opt->seen = 1; 2574 if (opt->value == NULL) 2575 opt->len = len; 2576 else { 2577 if (opt->len != len) 2578 return (EINVAL); 2579 bcopy(value, opt->value, len); 2580 } 2581 return (0); 2582 } 2583 return (ENOENT); 2584 } 2585 2586 int 2587 vfs_setopt_part(struct vfsoptlist *opts, const char *name, void *value, int len) 2588 { 2589 struct vfsopt *opt; 2590 2591 TAILQ_FOREACH(opt, opts, link) { 2592 if (strcmp(name, opt->name) != 0) 2593 continue; 2594 opt->seen = 1; 2595 if (opt->value == NULL) 2596 opt->len = len; 2597 else { 2598 if (opt->len < len) 2599 return (EINVAL); 2600 opt->len = len; 2601 bcopy(value, opt->value, len); 2602 } 2603 return (0); 2604 } 2605 return (ENOENT); 2606 } 2607 2608 int 2609 vfs_setopts(struct vfsoptlist *opts, const char *name, const char *value) 2610 { 2611 struct vfsopt *opt; 2612 2613 TAILQ_FOREACH(opt, opts, link) { 2614 if (strcmp(name, opt->name) != 0) 2615 continue; 2616 opt->seen = 1; 2617 if (opt->value == NULL) 2618 opt->len = strlen(value) + 1; 2619 else if (strlcpy(opt->value, value, opt->len) >= opt->len) 2620 return (EINVAL); 2621 return (0); 2622 } 2623 return (ENOENT); 2624 } 2625 2626 /* 2627 * Find and copy a mount option. 2628 * 2629 * The size of the buffer has to be specified 2630 * in len, if it is not the same length as the 2631 * mount option, EINVAL is returned. 2632 * Returns ENOENT if the option is not found. 2633 */ 2634 int 2635 vfs_copyopt(struct vfsoptlist *opts, const char *name, void *dest, int len) 2636 { 2637 struct vfsopt *opt; 2638 2639 KASSERT(opts != NULL, ("vfs_copyopt: caller passed 'opts' as NULL")); 2640 2641 TAILQ_FOREACH(opt, opts, link) { 2642 if (strcmp(name, opt->name) == 0) { 2643 opt->seen = 1; 2644 if (len != opt->len) 2645 return (EINVAL); 2646 bcopy(opt->value, dest, opt->len); 2647 return (0); 2648 } 2649 } 2650 return (ENOENT); 2651 } 2652 2653 int 2654 __vfs_statfs(struct mount *mp, struct statfs *sbp) 2655 { 2656 /* 2657 * Filesystems only fill in part of the structure for updates, we 2658 * have to read the entirety first to get all content. 2659 */ 2660 if (sbp != &mp->mnt_stat) 2661 memcpy(sbp, &mp->mnt_stat, sizeof(*sbp)); 2662 2663 /* 2664 * Set these in case the underlying filesystem fails to do so. 2665 */ 2666 sbp->f_version = STATFS_VERSION; 2667 sbp->f_namemax = NAME_MAX; 2668 sbp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; 2669 sbp->f_nvnodelistsize = mp->mnt_nvnodelistsize; 2670 2671 return (mp->mnt_op->vfs_statfs(mp, sbp)); 2672 } 2673 2674 void 2675 vfs_mountedfrom(struct mount *mp, const char *from) 2676 { 2677 2678 bzero(mp->mnt_stat.f_mntfromname, sizeof mp->mnt_stat.f_mntfromname); 2679 strlcpy(mp->mnt_stat.f_mntfromname, from, 2680 sizeof mp->mnt_stat.f_mntfromname); 2681 } 2682 2683 /* 2684 * --------------------------------------------------------------------- 2685 * This is the api for building mount args and mounting filesystems from 2686 * inside the kernel. 2687 * 2688 * The API works by accumulation of individual args. First error is 2689 * latched. 2690 * 2691 * XXX: should be documented in new manpage kernel_mount(9) 2692 */ 2693 2694 /* A memory allocation which must be freed when we are done */ 2695 struct mntaarg { 2696 SLIST_ENTRY(mntaarg) next; 2697 }; 2698 2699 /* The header for the mount arguments */ 2700 struct mntarg { 2701 struct iovec *v; 2702 int len; 2703 int error; 2704 SLIST_HEAD(, mntaarg) list; 2705 }; 2706 2707 /* 2708 * Add a boolean argument. 2709 * 2710 * flag is the boolean value. 2711 * name must start with "no". 2712 */ 2713 struct mntarg * 2714 mount_argb(struct mntarg *ma, int flag, const char *name) 2715 { 2716 2717 KASSERT(name[0] == 'n' && name[1] == 'o', 2718 ("mount_argb(...,%s): name must start with 'no'", name)); 2719 2720 return (mount_arg(ma, name + (flag ? 2 : 0), NULL, 0)); 2721 } 2722 2723 /* 2724 * Add an argument printf style 2725 */ 2726 struct mntarg * 2727 mount_argf(struct mntarg *ma, const char *name, const char *fmt, ...) 2728 { 2729 va_list ap; 2730 struct mntaarg *maa; 2731 struct sbuf *sb; 2732 int len; 2733 2734 if (ma == NULL) { 2735 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2736 SLIST_INIT(&ma->list); 2737 } 2738 if (ma->error) 2739 return (ma); 2740 2741 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2), 2742 M_MOUNT, M_WAITOK); 2743 ma->v[ma->len].iov_base = (void *)(uintptr_t)name; 2744 ma->v[ma->len].iov_len = strlen(name) + 1; 2745 ma->len++; 2746 2747 sb = sbuf_new_auto(); 2748 va_start(ap, fmt); 2749 sbuf_vprintf(sb, fmt, ap); 2750 va_end(ap); 2751 sbuf_finish(sb); 2752 len = sbuf_len(sb) + 1; 2753 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO); 2754 SLIST_INSERT_HEAD(&ma->list, maa, next); 2755 bcopy(sbuf_data(sb), maa + 1, len); 2756 sbuf_delete(sb); 2757 2758 ma->v[ma->len].iov_base = maa + 1; 2759 ma->v[ma->len].iov_len = len; 2760 ma->len++; 2761 2762 return (ma); 2763 } 2764 2765 /* 2766 * Add an argument which is a userland string. 2767 */ 2768 struct mntarg * 2769 mount_argsu(struct mntarg *ma, const char *name, const void *val, int len) 2770 { 2771 struct mntaarg *maa; 2772 char *tbuf; 2773 2774 if (val == NULL) 2775 return (ma); 2776 if (ma == NULL) { 2777 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2778 SLIST_INIT(&ma->list); 2779 } 2780 if (ma->error) 2781 return (ma); 2782 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO); 2783 SLIST_INSERT_HEAD(&ma->list, maa, next); 2784 tbuf = (void *)(maa + 1); 2785 ma->error = copyinstr(val, tbuf, len, NULL); 2786 return (mount_arg(ma, name, tbuf, -1)); 2787 } 2788 2789 /* 2790 * Plain argument. 2791 * 2792 * If length is -1, treat value as a C string. 2793 */ 2794 struct mntarg * 2795 mount_arg(struct mntarg *ma, const char *name, const void *val, int len) 2796 { 2797 2798 if (ma == NULL) { 2799 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2800 SLIST_INIT(&ma->list); 2801 } 2802 if (ma->error) 2803 return (ma); 2804 2805 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2), 2806 M_MOUNT, M_WAITOK); 2807 ma->v[ma->len].iov_base = (void *)(uintptr_t)name; 2808 ma->v[ma->len].iov_len = strlen(name) + 1; 2809 ma->len++; 2810 2811 ma->v[ma->len].iov_base = (void *)(uintptr_t)val; 2812 if (len < 0) 2813 ma->v[ma->len].iov_len = strlen(val) + 1; 2814 else 2815 ma->v[ma->len].iov_len = len; 2816 ma->len++; 2817 return (ma); 2818 } 2819 2820 /* 2821 * Free a mntarg structure 2822 */ 2823 static void 2824 free_mntarg(struct mntarg *ma) 2825 { 2826 struct mntaarg *maa; 2827 2828 while (!SLIST_EMPTY(&ma->list)) { 2829 maa = SLIST_FIRST(&ma->list); 2830 SLIST_REMOVE_HEAD(&ma->list, next); 2831 free(maa, M_MOUNT); 2832 } 2833 free(ma->v, M_MOUNT); 2834 free(ma, M_MOUNT); 2835 } 2836 2837 /* 2838 * Mount a filesystem 2839 */ 2840 int 2841 kernel_mount(struct mntarg *ma, uint64_t flags) 2842 { 2843 struct uio auio; 2844 int error; 2845 2846 KASSERT(ma != NULL, ("kernel_mount NULL ma")); 2847 KASSERT(ma->error != 0 || ma->v != NULL, ("kernel_mount NULL ma->v")); 2848 KASSERT(!(ma->len & 1), ("kernel_mount odd ma->len (%d)", ma->len)); 2849 2850 error = ma->error; 2851 if (error == 0) { 2852 auio.uio_iov = ma->v; 2853 auio.uio_iovcnt = ma->len; 2854 auio.uio_segflg = UIO_SYSSPACE; 2855 error = vfs_donmount(curthread, flags, &auio); 2856 } 2857 free_mntarg(ma); 2858 return (error); 2859 } 2860 2861 /* Map from mount options to printable formats. */ 2862 static struct mntoptnames optnames[] = { 2863 MNTOPT_NAMES 2864 }; 2865 2866 #define DEVCTL_LEN 1024 2867 static void 2868 mount_devctl_event(const char *type, struct mount *mp, bool donew) 2869 { 2870 const uint8_t *cp; 2871 struct mntoptnames *fp; 2872 struct sbuf sb; 2873 struct statfs *sfp = &mp->mnt_stat; 2874 char *buf; 2875 2876 buf = malloc(DEVCTL_LEN, M_MOUNT, M_NOWAIT); 2877 if (buf == NULL) 2878 return; 2879 sbuf_new(&sb, buf, DEVCTL_LEN, SBUF_FIXEDLEN); 2880 sbuf_cpy(&sb, "mount-point=\""); 2881 devctl_safe_quote_sb(&sb, sfp->f_mntonname); 2882 sbuf_cat(&sb, "\" mount-dev=\""); 2883 devctl_safe_quote_sb(&sb, sfp->f_mntfromname); 2884 sbuf_cat(&sb, "\" mount-type=\""); 2885 devctl_safe_quote_sb(&sb, sfp->f_fstypename); 2886 sbuf_cat(&sb, "\" fsid=0x"); 2887 cp = (const uint8_t *)&sfp->f_fsid.val[0]; 2888 for (int i = 0; i < sizeof(sfp->f_fsid); i++) 2889 sbuf_printf(&sb, "%02x", cp[i]); 2890 sbuf_printf(&sb, " owner=%u flags=\"", sfp->f_owner); 2891 for (fp = optnames; fp->o_opt != 0; fp++) { 2892 if ((mp->mnt_flag & fp->o_opt) != 0) { 2893 sbuf_cat(&sb, fp->o_name); 2894 sbuf_putc(&sb, ';'); 2895 } 2896 } 2897 sbuf_putc(&sb, '"'); 2898 sbuf_finish(&sb); 2899 2900 /* 2901 * Options are not published because the form of the options depends on 2902 * the file system and may include binary data. In addition, they don't 2903 * necessarily provide enough useful information to be actionable when 2904 * devd processes them. 2905 */ 2906 2907 if (sbuf_error(&sb) == 0) 2908 devctl_notify("VFS", "FS", type, sbuf_data(&sb)); 2909 sbuf_delete(&sb); 2910 free(buf, M_MOUNT); 2911 } 2912 2913 /* 2914 * Force remount specified mount point to read-only. The argument 2915 * must be busied to avoid parallel unmount attempts. 2916 * 2917 * Intended use is to prevent further writes if some metadata 2918 * inconsistency is detected. Note that the function still flushes 2919 * all cached metadata and data for the mount point, which might be 2920 * not always suitable. 2921 */ 2922 int 2923 vfs_remount_ro(struct mount *mp) 2924 { 2925 struct vfsoptlist *opts; 2926 struct vfsopt *opt; 2927 struct vnode *vp_covered, *rootvp; 2928 int error; 2929 2930 KASSERT(mp->mnt_lockref > 0, 2931 ("vfs_remount_ro: mp %p is not busied", mp)); 2932 KASSERT((mp->mnt_kern_flag & MNTK_UNMOUNT) == 0, 2933 ("vfs_remount_ro: mp %p is being unmounted (and busy?)", mp)); 2934 2935 rootvp = NULL; 2936 vp_covered = mp->mnt_vnodecovered; 2937 error = vget(vp_covered, LK_EXCLUSIVE | LK_NOWAIT); 2938 if (error != 0) 2939 return (error); 2940 VI_LOCK(vp_covered); 2941 if ((vp_covered->v_iflag & VI_MOUNT) != 0) { 2942 VI_UNLOCK(vp_covered); 2943 vput(vp_covered); 2944 return (EBUSY); 2945 } 2946 vp_covered->v_iflag |= VI_MOUNT; 2947 VI_UNLOCK(vp_covered); 2948 vfs_op_enter(mp); 2949 vn_seqc_write_begin(vp_covered); 2950 2951 MNT_ILOCK(mp); 2952 if ((mp->mnt_flag & MNT_RDONLY) != 0) { 2953 MNT_IUNLOCK(mp); 2954 error = EBUSY; 2955 goto out; 2956 } 2957 mp->mnt_flag |= MNT_UPDATE | MNT_FORCE | MNT_RDONLY; 2958 rootvp = vfs_cache_root_clear(mp); 2959 MNT_IUNLOCK(mp); 2960 2961 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK | M_ZERO); 2962 TAILQ_INIT(opts); 2963 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK | M_ZERO); 2964 opt->name = strdup("ro", M_MOUNT); 2965 opt->value = NULL; 2966 TAILQ_INSERT_TAIL(opts, opt, link); 2967 vfs_mergeopts(opts, mp->mnt_opt); 2968 mp->mnt_optnew = opts; 2969 2970 error = VFS_MOUNT(mp); 2971 2972 if (error == 0) { 2973 MNT_ILOCK(mp); 2974 mp->mnt_flag &= ~(MNT_UPDATE | MNT_FORCE); 2975 MNT_IUNLOCK(mp); 2976 vfs_deallocate_syncvnode(mp); 2977 if (mp->mnt_opt != NULL) 2978 vfs_freeopts(mp->mnt_opt); 2979 mp->mnt_opt = mp->mnt_optnew; 2980 } else { 2981 MNT_ILOCK(mp); 2982 mp->mnt_flag &= ~(MNT_UPDATE | MNT_FORCE | MNT_RDONLY); 2983 MNT_IUNLOCK(mp); 2984 vfs_freeopts(mp->mnt_optnew); 2985 } 2986 mp->mnt_optnew = NULL; 2987 2988 out: 2989 vfs_op_exit(mp); 2990 VI_LOCK(vp_covered); 2991 vp_covered->v_iflag &= ~VI_MOUNT; 2992 VI_UNLOCK(vp_covered); 2993 vput(vp_covered); 2994 vn_seqc_write_end(vp_covered); 2995 if (rootvp != NULL) { 2996 vn_seqc_write_end(rootvp); 2997 vrele(rootvp); 2998 } 2999 return (error); 3000 } 3001 3002 /* 3003 * Suspend write operations on all local writeable filesystems. Does 3004 * full sync of them in the process. 3005 * 3006 * Iterate over the mount points in reverse order, suspending most 3007 * recently mounted filesystems first. It handles a case where a 3008 * filesystem mounted from a md(4) vnode-backed device should be 3009 * suspended before the filesystem that owns the vnode. 3010 */ 3011 void 3012 suspend_all_fs(void) 3013 { 3014 struct mount *mp; 3015 int error; 3016 3017 mtx_lock(&mountlist_mtx); 3018 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 3019 error = vfs_busy(mp, MBF_MNTLSTLOCK | MBF_NOWAIT); 3020 if (error != 0) 3021 continue; 3022 if ((mp->mnt_flag & (MNT_RDONLY | MNT_LOCAL)) != MNT_LOCAL || 3023 (mp->mnt_kern_flag & MNTK_SUSPEND) != 0) { 3024 mtx_lock(&mountlist_mtx); 3025 vfs_unbusy(mp); 3026 continue; 3027 } 3028 error = vfs_write_suspend(mp, 0); 3029 if (error == 0) { 3030 MNT_ILOCK(mp); 3031 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0); 3032 mp->mnt_kern_flag |= MNTK_SUSPEND_ALL; 3033 MNT_IUNLOCK(mp); 3034 mtx_lock(&mountlist_mtx); 3035 } else { 3036 printf("suspend of %s failed, error %d\n", 3037 mp->mnt_stat.f_mntonname, error); 3038 mtx_lock(&mountlist_mtx); 3039 vfs_unbusy(mp); 3040 } 3041 } 3042 mtx_unlock(&mountlist_mtx); 3043 } 3044 3045 void 3046 resume_all_fs(void) 3047 { 3048 struct mount *mp; 3049 3050 mtx_lock(&mountlist_mtx); 3051 TAILQ_FOREACH(mp, &mountlist, mnt_list) { 3052 if ((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0) 3053 continue; 3054 mtx_unlock(&mountlist_mtx); 3055 MNT_ILOCK(mp); 3056 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND) != 0); 3057 mp->mnt_kern_flag &= ~MNTK_SUSPEND_ALL; 3058 MNT_IUNLOCK(mp); 3059 vfs_write_resume(mp, 0); 3060 mtx_lock(&mountlist_mtx); 3061 vfs_unbusy(mp); 3062 } 3063 mtx_unlock(&mountlist_mtx); 3064 } 3065