1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1999-2004 Poul-Henning Kamp 5 * Copyright (c) 1999 Michael Smith 6 * Copyright (c) 1989, 1993 7 * The Regents of the University of California. All rights reserved. 8 * (c) UNIX System Laboratories, Inc. 9 * All or some portions of this file are derived from material licensed 10 * to the University of California by American Telephone and Telegraph 11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 12 * the permission of UNIX System Laboratories, Inc. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 */ 38 39 #include <sys/cdefs.h> 40 __FBSDID("$FreeBSD$"); 41 42 #include <sys/param.h> 43 #include <sys/conf.h> 44 #include <sys/smp.h> 45 #include <sys/devctl.h> 46 #include <sys/eventhandler.h> 47 #include <sys/fcntl.h> 48 #include <sys/jail.h> 49 #include <sys/kernel.h> 50 #include <sys/ktr.h> 51 #include <sys/libkern.h> 52 #include <sys/limits.h> 53 #include <sys/malloc.h> 54 #include <sys/mount.h> 55 #include <sys/mutex.h> 56 #include <sys/namei.h> 57 #include <sys/priv.h> 58 #include <sys/proc.h> 59 #include <sys/filedesc.h> 60 #include <sys/reboot.h> 61 #include <sys/sbuf.h> 62 #include <sys/syscallsubr.h> 63 #include <sys/sysproto.h> 64 #include <sys/sx.h> 65 #include <sys/sysctl.h> 66 #include <sys/sysent.h> 67 #include <sys/systm.h> 68 #include <sys/taskqueue.h> 69 #include <sys/vnode.h> 70 #include <vm/uma.h> 71 72 #include <geom/geom.h> 73 74 #include <machine/stdarg.h> 75 76 #include <security/audit/audit.h> 77 #include <security/mac/mac_framework.h> 78 79 #define VFS_MOUNTARG_SIZE_MAX (1024 * 64) 80 81 static int vfs_domount(struct thread *td, const char *fstype, char *fspath, 82 uint64_t fsflags, struct vfsoptlist **optlist); 83 static void free_mntarg(struct mntarg *ma); 84 85 static int usermount = 0; 86 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0, 87 "Unprivileged users may mount and unmount file systems"); 88 89 static bool default_autoro = false; 90 SYSCTL_BOOL(_vfs, OID_AUTO, default_autoro, CTLFLAG_RW, &default_autoro, 0, 91 "Retry failed r/w mount as r/o if no explicit ro/rw option is specified"); 92 93 static bool recursive_forced_unmount = false; 94 SYSCTL_BOOL(_vfs, OID_AUTO, recursive_forced_unmount, CTLFLAG_RW, 95 &recursive_forced_unmount, 0, "Recursively unmount stacked upper mounts" 96 " when a file system is forcibly unmounted"); 97 98 static SYSCTL_NODE(_vfs, OID_AUTO, deferred_unmount, 99 CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "deferred unmount controls"); 100 101 static unsigned int deferred_unmount_retry_limit = 10; 102 SYSCTL_UINT(_vfs_deferred_unmount, OID_AUTO, retry_limit, CTLFLAG_RW, 103 &deferred_unmount_retry_limit, 0, 104 "Maximum number of retries for deferred unmount failure"); 105 106 static int deferred_unmount_retry_delay_hz; 107 SYSCTL_INT(_vfs_deferred_unmount, OID_AUTO, retry_delay_hz, CTLFLAG_RW, 108 &deferred_unmount_retry_delay_hz, 0, 109 "Delay in units of [1/kern.hz]s when retrying a failed deferred unmount"); 110 111 static int deferred_unmount_total_retries = 0; 112 SYSCTL_INT(_vfs_deferred_unmount, OID_AUTO, total_retries, CTLFLAG_RD, 113 &deferred_unmount_total_retries, 0, 114 "Total number of retried deferred unmounts"); 115 116 MALLOC_DEFINE(M_MOUNT, "mount", "vfs mount structure"); 117 MALLOC_DEFINE(M_STATFS, "statfs", "statfs structure"); 118 static uma_zone_t mount_zone; 119 120 /* List of mounted filesystems. */ 121 struct mntlist mountlist = TAILQ_HEAD_INITIALIZER(mountlist); 122 123 /* For any iteration/modification of mountlist */ 124 struct mtx_padalign __exclusive_cache_line mountlist_mtx; 125 126 EVENTHANDLER_LIST_DEFINE(vfs_mounted); 127 EVENTHANDLER_LIST_DEFINE(vfs_unmounted); 128 129 static void vfs_deferred_unmount(void *arg, int pending); 130 static struct timeout_task deferred_unmount_task; 131 static struct mtx deferred_unmount_lock; 132 MTX_SYSINIT(deferred_unmount, &deferred_unmount_lock, "deferred_unmount", 133 MTX_DEF); 134 static STAILQ_HEAD(, mount) deferred_unmount_list = 135 STAILQ_HEAD_INITIALIZER(deferred_unmount_list); 136 TASKQUEUE_DEFINE_THREAD(deferred_unmount); 137 138 static void mount_devctl_event(const char *type, struct mount *mp, bool donew); 139 140 /* 141 * Global opts, taken by all filesystems 142 */ 143 static const char *global_opts[] = { 144 "errmsg", 145 "fstype", 146 "fspath", 147 "ro", 148 "rw", 149 "nosuid", 150 "noexec", 151 NULL 152 }; 153 154 static int 155 mount_init(void *mem, int size, int flags) 156 { 157 struct mount *mp; 158 159 mp = (struct mount *)mem; 160 mtx_init(&mp->mnt_mtx, "struct mount mtx", NULL, MTX_DEF); 161 mtx_init(&mp->mnt_listmtx, "struct mount vlist mtx", NULL, MTX_DEF); 162 lockinit(&mp->mnt_explock, PVFS, "explock", 0, 0); 163 mp->mnt_pcpu = uma_zalloc_pcpu(pcpu_zone_16, M_WAITOK | M_ZERO); 164 mp->mnt_ref = 0; 165 mp->mnt_vfs_ops = 1; 166 mp->mnt_rootvnode = NULL; 167 return (0); 168 } 169 170 static void 171 mount_fini(void *mem, int size) 172 { 173 struct mount *mp; 174 175 mp = (struct mount *)mem; 176 uma_zfree_pcpu(pcpu_zone_16, mp->mnt_pcpu); 177 lockdestroy(&mp->mnt_explock); 178 mtx_destroy(&mp->mnt_listmtx); 179 mtx_destroy(&mp->mnt_mtx); 180 } 181 182 static void 183 vfs_mount_init(void *dummy __unused) 184 { 185 TIMEOUT_TASK_INIT(taskqueue_deferred_unmount, &deferred_unmount_task, 186 0, vfs_deferred_unmount, NULL); 187 deferred_unmount_retry_delay_hz = hz; 188 mount_zone = uma_zcreate("Mountpoints", sizeof(struct mount), NULL, 189 NULL, mount_init, mount_fini, UMA_ALIGN_CACHE, UMA_ZONE_NOFREE); 190 mtx_init(&mountlist_mtx, "mountlist", NULL, MTX_DEF); 191 } 192 SYSINIT(vfs_mount, SI_SUB_VFS, SI_ORDER_ANY, vfs_mount_init, NULL); 193 194 /* 195 * --------------------------------------------------------------------- 196 * Functions for building and sanitizing the mount options 197 */ 198 199 /* Remove one mount option. */ 200 static void 201 vfs_freeopt(struct vfsoptlist *opts, struct vfsopt *opt) 202 { 203 204 TAILQ_REMOVE(opts, opt, link); 205 free(opt->name, M_MOUNT); 206 if (opt->value != NULL) 207 free(opt->value, M_MOUNT); 208 free(opt, M_MOUNT); 209 } 210 211 /* Release all resources related to the mount options. */ 212 void 213 vfs_freeopts(struct vfsoptlist *opts) 214 { 215 struct vfsopt *opt; 216 217 while (!TAILQ_EMPTY(opts)) { 218 opt = TAILQ_FIRST(opts); 219 vfs_freeopt(opts, opt); 220 } 221 free(opts, M_MOUNT); 222 } 223 224 void 225 vfs_deleteopt(struct vfsoptlist *opts, const char *name) 226 { 227 struct vfsopt *opt, *temp; 228 229 if (opts == NULL) 230 return; 231 TAILQ_FOREACH_SAFE(opt, opts, link, temp) { 232 if (strcmp(opt->name, name) == 0) 233 vfs_freeopt(opts, opt); 234 } 235 } 236 237 static int 238 vfs_isopt_ro(const char *opt) 239 { 240 241 if (strcmp(opt, "ro") == 0 || strcmp(opt, "rdonly") == 0 || 242 strcmp(opt, "norw") == 0) 243 return (1); 244 return (0); 245 } 246 247 static int 248 vfs_isopt_rw(const char *opt) 249 { 250 251 if (strcmp(opt, "rw") == 0 || strcmp(opt, "noro") == 0) 252 return (1); 253 return (0); 254 } 255 256 /* 257 * Check if options are equal (with or without the "no" prefix). 258 */ 259 static int 260 vfs_equalopts(const char *opt1, const char *opt2) 261 { 262 char *p; 263 264 /* "opt" vs. "opt" or "noopt" vs. "noopt" */ 265 if (strcmp(opt1, opt2) == 0) 266 return (1); 267 /* "noopt" vs. "opt" */ 268 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0) 269 return (1); 270 /* "opt" vs. "noopt" */ 271 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0) 272 return (1); 273 while ((p = strchr(opt1, '.')) != NULL && 274 !strncmp(opt1, opt2, ++p - opt1)) { 275 opt2 += p - opt1; 276 opt1 = p; 277 /* "foo.noopt" vs. "foo.opt" */ 278 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0) 279 return (1); 280 /* "foo.opt" vs. "foo.noopt" */ 281 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0) 282 return (1); 283 } 284 /* "ro" / "rdonly" / "norw" / "rw" / "noro" */ 285 if ((vfs_isopt_ro(opt1) || vfs_isopt_rw(opt1)) && 286 (vfs_isopt_ro(opt2) || vfs_isopt_rw(opt2))) 287 return (1); 288 return (0); 289 } 290 291 /* 292 * If a mount option is specified several times, 293 * (with or without the "no" prefix) only keep 294 * the last occurrence of it. 295 */ 296 static void 297 vfs_sanitizeopts(struct vfsoptlist *opts) 298 { 299 struct vfsopt *opt, *opt2, *tmp; 300 301 TAILQ_FOREACH_REVERSE(opt, opts, vfsoptlist, link) { 302 opt2 = TAILQ_PREV(opt, vfsoptlist, link); 303 while (opt2 != NULL) { 304 if (vfs_equalopts(opt->name, opt2->name)) { 305 tmp = TAILQ_PREV(opt2, vfsoptlist, link); 306 vfs_freeopt(opts, opt2); 307 opt2 = tmp; 308 } else { 309 opt2 = TAILQ_PREV(opt2, vfsoptlist, link); 310 } 311 } 312 } 313 } 314 315 /* 316 * Build a linked list of mount options from a struct uio. 317 */ 318 int 319 vfs_buildopts(struct uio *auio, struct vfsoptlist **options) 320 { 321 struct vfsoptlist *opts; 322 struct vfsopt *opt; 323 size_t memused, namelen, optlen; 324 unsigned int i, iovcnt; 325 int error; 326 327 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK); 328 TAILQ_INIT(opts); 329 memused = 0; 330 iovcnt = auio->uio_iovcnt; 331 for (i = 0; i < iovcnt; i += 2) { 332 namelen = auio->uio_iov[i].iov_len; 333 optlen = auio->uio_iov[i + 1].iov_len; 334 memused += sizeof(struct vfsopt) + optlen + namelen; 335 /* 336 * Avoid consuming too much memory, and attempts to overflow 337 * memused. 338 */ 339 if (memused > VFS_MOUNTARG_SIZE_MAX || 340 optlen > VFS_MOUNTARG_SIZE_MAX || 341 namelen > VFS_MOUNTARG_SIZE_MAX) { 342 error = EINVAL; 343 goto bad; 344 } 345 346 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK); 347 opt->name = malloc(namelen, M_MOUNT, M_WAITOK); 348 opt->value = NULL; 349 opt->len = 0; 350 opt->pos = i / 2; 351 opt->seen = 0; 352 353 /* 354 * Do this early, so jumps to "bad" will free the current 355 * option. 356 */ 357 TAILQ_INSERT_TAIL(opts, opt, link); 358 359 if (auio->uio_segflg == UIO_SYSSPACE) { 360 bcopy(auio->uio_iov[i].iov_base, opt->name, namelen); 361 } else { 362 error = copyin(auio->uio_iov[i].iov_base, opt->name, 363 namelen); 364 if (error) 365 goto bad; 366 } 367 /* Ensure names are null-terminated strings. */ 368 if (namelen == 0 || opt->name[namelen - 1] != '\0') { 369 error = EINVAL; 370 goto bad; 371 } 372 if (optlen != 0) { 373 opt->len = optlen; 374 opt->value = malloc(optlen, M_MOUNT, M_WAITOK); 375 if (auio->uio_segflg == UIO_SYSSPACE) { 376 bcopy(auio->uio_iov[i + 1].iov_base, opt->value, 377 optlen); 378 } else { 379 error = copyin(auio->uio_iov[i + 1].iov_base, 380 opt->value, optlen); 381 if (error) 382 goto bad; 383 } 384 } 385 } 386 vfs_sanitizeopts(opts); 387 *options = opts; 388 return (0); 389 bad: 390 vfs_freeopts(opts); 391 return (error); 392 } 393 394 /* 395 * Merge the old mount options with the new ones passed 396 * in the MNT_UPDATE case. 397 * 398 * XXX: This function will keep a "nofoo" option in the new 399 * options. E.g, if the option's canonical name is "foo", 400 * "nofoo" ends up in the mount point's active options. 401 */ 402 static void 403 vfs_mergeopts(struct vfsoptlist *toopts, struct vfsoptlist *oldopts) 404 { 405 struct vfsopt *opt, *new; 406 407 TAILQ_FOREACH(opt, oldopts, link) { 408 new = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK); 409 new->name = strdup(opt->name, M_MOUNT); 410 if (opt->len != 0) { 411 new->value = malloc(opt->len, M_MOUNT, M_WAITOK); 412 bcopy(opt->value, new->value, opt->len); 413 } else 414 new->value = NULL; 415 new->len = opt->len; 416 new->seen = opt->seen; 417 TAILQ_INSERT_HEAD(toopts, new, link); 418 } 419 vfs_sanitizeopts(toopts); 420 } 421 422 /* 423 * Mount a filesystem. 424 */ 425 #ifndef _SYS_SYSPROTO_H_ 426 struct nmount_args { 427 struct iovec *iovp; 428 unsigned int iovcnt; 429 int flags; 430 }; 431 #endif 432 int 433 sys_nmount(struct thread *td, struct nmount_args *uap) 434 { 435 struct uio *auio; 436 int error; 437 u_int iovcnt; 438 uint64_t flags; 439 440 /* 441 * Mount flags are now 64-bits. On 32-bit archtectures only 442 * 32-bits are passed in, but from here on everything handles 443 * 64-bit flags correctly. 444 */ 445 flags = uap->flags; 446 447 AUDIT_ARG_FFLAGS(flags); 448 CTR4(KTR_VFS, "%s: iovp %p with iovcnt %d and flags %d", __func__, 449 uap->iovp, uap->iovcnt, flags); 450 451 /* 452 * Filter out MNT_ROOTFS. We do not want clients of nmount() in 453 * userspace to set this flag, but we must filter it out if we want 454 * MNT_UPDATE on the root file system to work. 455 * MNT_ROOTFS should only be set by the kernel when mounting its 456 * root file system. 457 */ 458 flags &= ~MNT_ROOTFS; 459 460 iovcnt = uap->iovcnt; 461 /* 462 * Check that we have an even number of iovec's 463 * and that we have at least two options. 464 */ 465 if ((iovcnt & 1) || (iovcnt < 4)) { 466 CTR2(KTR_VFS, "%s: failed for invalid iovcnt %d", __func__, 467 uap->iovcnt); 468 return (EINVAL); 469 } 470 471 error = copyinuio(uap->iovp, iovcnt, &auio); 472 if (error) { 473 CTR2(KTR_VFS, "%s: failed for invalid uio op with %d errno", 474 __func__, error); 475 return (error); 476 } 477 error = vfs_donmount(td, flags, auio); 478 479 free(auio, M_IOV); 480 return (error); 481 } 482 483 /* 484 * --------------------------------------------------------------------- 485 * Various utility functions 486 */ 487 488 /* 489 * Get a reference on a mount point from a vnode. 490 * 491 * The vnode is allowed to be passed unlocked and race against dooming. Note in 492 * such case there are no guarantees the referenced mount point will still be 493 * associated with it after the function returns. 494 */ 495 struct mount * 496 vfs_ref_from_vp(struct vnode *vp) 497 { 498 struct mount *mp; 499 struct mount_pcpu *mpcpu; 500 501 mp = atomic_load_ptr(&vp->v_mount); 502 if (__predict_false(mp == NULL)) { 503 return (mp); 504 } 505 if (vfs_op_thread_enter(mp, mpcpu)) { 506 if (__predict_true(mp == vp->v_mount)) { 507 vfs_mp_count_add_pcpu(mpcpu, ref, 1); 508 vfs_op_thread_exit(mp, mpcpu); 509 } else { 510 vfs_op_thread_exit(mp, mpcpu); 511 mp = NULL; 512 } 513 } else { 514 MNT_ILOCK(mp); 515 if (mp == vp->v_mount) { 516 MNT_REF(mp); 517 MNT_IUNLOCK(mp); 518 } else { 519 MNT_IUNLOCK(mp); 520 mp = NULL; 521 } 522 } 523 return (mp); 524 } 525 526 void 527 vfs_ref(struct mount *mp) 528 { 529 struct mount_pcpu *mpcpu; 530 531 CTR2(KTR_VFS, "%s: mp %p", __func__, mp); 532 if (vfs_op_thread_enter(mp, mpcpu)) { 533 vfs_mp_count_add_pcpu(mpcpu, ref, 1); 534 vfs_op_thread_exit(mp, mpcpu); 535 return; 536 } 537 538 MNT_ILOCK(mp); 539 MNT_REF(mp); 540 MNT_IUNLOCK(mp); 541 } 542 543 /* 544 * Register ump as an upper mount of the mount associated with 545 * vnode vp. This registration will be tracked through 546 * mount_upper_node upper, which should be allocated by the 547 * caller and stored in per-mount data associated with mp. 548 * 549 * If successful, this function will return the mount associated 550 * with vp, and will ensure that it cannot be unmounted until 551 * ump has been unregistered as one of its upper mounts. 552 * 553 * Upon failure this function will return NULL. 554 */ 555 struct mount * 556 vfs_register_upper_from_vp(struct vnode *vp, struct mount *ump, 557 struct mount_upper_node *upper) 558 { 559 struct mount *mp; 560 561 mp = atomic_load_ptr(&vp->v_mount); 562 if (mp == NULL) 563 return (NULL); 564 MNT_ILOCK(mp); 565 if (mp != vp->v_mount || 566 ((mp->mnt_kern_flag & (MNTK_UNMOUNT | MNTK_RECURSE)) != 0)) { 567 MNT_IUNLOCK(mp); 568 return (NULL); 569 } 570 KASSERT(ump != mp, ("upper and lower mounts are identical")); 571 upper->mp = ump; 572 MNT_REF(mp); 573 TAILQ_INSERT_TAIL(&mp->mnt_uppers, upper, mnt_upper_link); 574 MNT_IUNLOCK(mp); 575 return (mp); 576 } 577 578 /* 579 * Register upper mount ump to receive vnode unlink/reclaim 580 * notifications from lower mount mp. This registration will 581 * be tracked through mount_upper_node upper, which should be 582 * allocated by the caller and stored in per-mount data 583 * associated with mp. 584 * 585 * ump must already be registered as an upper mount of mp 586 * through a call to vfs_register_upper_from_vp(). 587 */ 588 void 589 vfs_register_for_notification(struct mount *mp, struct mount *ump, 590 struct mount_upper_node *upper) 591 { 592 upper->mp = ump; 593 MNT_ILOCK(mp); 594 TAILQ_INSERT_TAIL(&mp->mnt_notify, upper, mnt_upper_link); 595 MNT_IUNLOCK(mp); 596 } 597 598 static void 599 vfs_drain_upper_locked(struct mount *mp) 600 { 601 mtx_assert(MNT_MTX(mp), MA_OWNED); 602 while (mp->mnt_upper_pending != 0) { 603 mp->mnt_kern_flag |= MNTK_UPPER_WAITER; 604 msleep(&mp->mnt_uppers, MNT_MTX(mp), 0, "mntupw", 0); 605 } 606 } 607 608 /* 609 * Undo a previous call to vfs_register_for_notification(). 610 * The mount represented by upper must be currently registered 611 * as an upper mount for mp. 612 */ 613 void 614 vfs_unregister_for_notification(struct mount *mp, 615 struct mount_upper_node *upper) 616 { 617 MNT_ILOCK(mp); 618 vfs_drain_upper_locked(mp); 619 TAILQ_REMOVE(&mp->mnt_notify, upper, mnt_upper_link); 620 MNT_IUNLOCK(mp); 621 } 622 623 /* 624 * Undo a previous call to vfs_register_upper_from_vp(). 625 * This must be done before mp can be unmounted. 626 */ 627 void 628 vfs_unregister_upper(struct mount *mp, struct mount_upper_node *upper) 629 { 630 MNT_ILOCK(mp); 631 KASSERT((mp->mnt_kern_flag & MNTK_UNMOUNT) == 0, 632 ("registered upper with pending unmount")); 633 vfs_drain_upper_locked(mp); 634 TAILQ_REMOVE(&mp->mnt_uppers, upper, mnt_upper_link); 635 if ((mp->mnt_kern_flag & MNTK_TASKQUEUE_WAITER) != 0 && 636 TAILQ_EMPTY(&mp->mnt_uppers)) { 637 mp->mnt_kern_flag &= ~MNTK_TASKQUEUE_WAITER; 638 wakeup(&mp->mnt_taskqueue_link); 639 } 640 MNT_REL(mp); 641 MNT_IUNLOCK(mp); 642 } 643 644 void 645 vfs_rel(struct mount *mp) 646 { 647 struct mount_pcpu *mpcpu; 648 649 CTR2(KTR_VFS, "%s: mp %p", __func__, mp); 650 if (vfs_op_thread_enter(mp, mpcpu)) { 651 vfs_mp_count_sub_pcpu(mpcpu, ref, 1); 652 vfs_op_thread_exit(mp, mpcpu); 653 return; 654 } 655 656 MNT_ILOCK(mp); 657 MNT_REL(mp); 658 MNT_IUNLOCK(mp); 659 } 660 661 /* 662 * Allocate and initialize the mount point struct. 663 */ 664 struct mount * 665 vfs_mount_alloc(struct vnode *vp, struct vfsconf *vfsp, const char *fspath, 666 struct ucred *cred) 667 { 668 struct mount *mp; 669 670 mp = uma_zalloc(mount_zone, M_WAITOK); 671 bzero(&mp->mnt_startzero, 672 __rangeof(struct mount, mnt_startzero, mnt_endzero)); 673 mp->mnt_kern_flag = 0; 674 mp->mnt_flag = 0; 675 mp->mnt_rootvnode = NULL; 676 mp->mnt_vnodecovered = NULL; 677 mp->mnt_op = NULL; 678 mp->mnt_vfc = NULL; 679 TAILQ_INIT(&mp->mnt_nvnodelist); 680 mp->mnt_nvnodelistsize = 0; 681 TAILQ_INIT(&mp->mnt_lazyvnodelist); 682 mp->mnt_lazyvnodelistsize = 0; 683 if (mp->mnt_ref != 0 || mp->mnt_lockref != 0 || 684 mp->mnt_writeopcount != 0) 685 panic("%s: non-zero counters on new mp %p\n", __func__, mp); 686 if (mp->mnt_vfs_ops != 1) 687 panic("%s: vfs_ops should be 1 but %d found\n", __func__, 688 mp->mnt_vfs_ops); 689 (void) vfs_busy(mp, MBF_NOWAIT); 690 atomic_add_acq_int(&vfsp->vfc_refcount, 1); 691 mp->mnt_op = vfsp->vfc_vfsops; 692 mp->mnt_vfc = vfsp; 693 mp->mnt_stat.f_type = vfsp->vfc_typenum; 694 mp->mnt_gen++; 695 strlcpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN); 696 mp->mnt_vnodecovered = vp; 697 mp->mnt_cred = crdup(cred); 698 mp->mnt_stat.f_owner = cred->cr_uid; 699 strlcpy(mp->mnt_stat.f_mntonname, fspath, MNAMELEN); 700 mp->mnt_iosize_max = DFLTPHYS; 701 #ifdef MAC 702 mac_mount_init(mp); 703 mac_mount_create(cred, mp); 704 #endif 705 arc4rand(&mp->mnt_hashseed, sizeof mp->mnt_hashseed, 0); 706 mp->mnt_upper_pending = 0; 707 TAILQ_INIT(&mp->mnt_uppers); 708 TAILQ_INIT(&mp->mnt_notify); 709 mp->mnt_taskqueue_flags = 0; 710 mp->mnt_unmount_retries = 0; 711 return (mp); 712 } 713 714 /* 715 * Destroy the mount struct previously allocated by vfs_mount_alloc(). 716 */ 717 void 718 vfs_mount_destroy(struct mount *mp) 719 { 720 721 if (mp->mnt_vfs_ops == 0) 722 panic("%s: entered with zero vfs_ops\n", __func__); 723 724 vfs_assert_mount_counters(mp); 725 726 MNT_ILOCK(mp); 727 mp->mnt_kern_flag |= MNTK_REFEXPIRE; 728 if (mp->mnt_kern_flag & MNTK_MWAIT) { 729 mp->mnt_kern_flag &= ~MNTK_MWAIT; 730 wakeup(mp); 731 } 732 while (mp->mnt_ref) 733 msleep(mp, MNT_MTX(mp), PVFS, "mntref", 0); 734 KASSERT(mp->mnt_ref == 0, 735 ("%s: invalid refcount in the drain path @ %s:%d", __func__, 736 __FILE__, __LINE__)); 737 if (mp->mnt_writeopcount != 0) 738 panic("vfs_mount_destroy: nonzero writeopcount"); 739 if (mp->mnt_secondary_writes != 0) 740 panic("vfs_mount_destroy: nonzero secondary_writes"); 741 atomic_subtract_rel_int(&mp->mnt_vfc->vfc_refcount, 1); 742 if (!TAILQ_EMPTY(&mp->mnt_nvnodelist)) { 743 struct vnode *vp; 744 745 TAILQ_FOREACH(vp, &mp->mnt_nvnodelist, v_nmntvnodes) 746 vn_printf(vp, "dangling vnode "); 747 panic("unmount: dangling vnode"); 748 } 749 KASSERT(mp->mnt_upper_pending == 0, ("mnt_upper_pending")); 750 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers")); 751 KASSERT(TAILQ_EMPTY(&mp->mnt_notify), ("mnt_notify")); 752 if (mp->mnt_nvnodelistsize != 0) 753 panic("vfs_mount_destroy: nonzero nvnodelistsize"); 754 if (mp->mnt_lazyvnodelistsize != 0) 755 panic("vfs_mount_destroy: nonzero lazyvnodelistsize"); 756 if (mp->mnt_lockref != 0) 757 panic("vfs_mount_destroy: nonzero lock refcount"); 758 MNT_IUNLOCK(mp); 759 760 if (mp->mnt_vfs_ops != 1) 761 panic("%s: vfs_ops should be 1 but %d found\n", __func__, 762 mp->mnt_vfs_ops); 763 764 if (mp->mnt_rootvnode != NULL) 765 panic("%s: mount point still has a root vnode %p\n", __func__, 766 mp->mnt_rootvnode); 767 768 if (mp->mnt_vnodecovered != NULL) 769 vrele(mp->mnt_vnodecovered); 770 #ifdef MAC 771 mac_mount_destroy(mp); 772 #endif 773 if (mp->mnt_opt != NULL) 774 vfs_freeopts(mp->mnt_opt); 775 crfree(mp->mnt_cred); 776 uma_zfree(mount_zone, mp); 777 } 778 779 static bool 780 vfs_should_downgrade_to_ro_mount(uint64_t fsflags, int error) 781 { 782 /* This is an upgrade of an exisiting mount. */ 783 if ((fsflags & MNT_UPDATE) != 0) 784 return (false); 785 /* This is already an R/O mount. */ 786 if ((fsflags & MNT_RDONLY) != 0) 787 return (false); 788 789 switch (error) { 790 case ENODEV: /* generic, geom, ... */ 791 case EACCES: /* cam/scsi, ... */ 792 case EROFS: /* md, mmcsd, ... */ 793 /* 794 * These errors can be returned by the storage layer to signal 795 * that the media is read-only. No harm in the R/O mount 796 * attempt if the error was returned for some other reason. 797 */ 798 return (true); 799 default: 800 return (false); 801 } 802 } 803 804 int 805 vfs_donmount(struct thread *td, uint64_t fsflags, struct uio *fsoptions) 806 { 807 struct vfsoptlist *optlist; 808 struct vfsopt *opt, *tmp_opt; 809 char *fstype, *fspath, *errmsg; 810 int error, fstypelen, fspathlen, errmsg_len, errmsg_pos; 811 bool autoro; 812 813 errmsg = fspath = NULL; 814 errmsg_len = fspathlen = 0; 815 errmsg_pos = -1; 816 autoro = default_autoro; 817 818 error = vfs_buildopts(fsoptions, &optlist); 819 if (error) 820 return (error); 821 822 if (vfs_getopt(optlist, "errmsg", (void **)&errmsg, &errmsg_len) == 0) 823 errmsg_pos = vfs_getopt_pos(optlist, "errmsg"); 824 825 /* 826 * We need these two options before the others, 827 * and they are mandatory for any filesystem. 828 * Ensure they are NUL terminated as well. 829 */ 830 fstypelen = 0; 831 error = vfs_getopt(optlist, "fstype", (void **)&fstype, &fstypelen); 832 if (error || fstypelen <= 0 || fstype[fstypelen - 1] != '\0') { 833 error = EINVAL; 834 if (errmsg != NULL) 835 strncpy(errmsg, "Invalid fstype", errmsg_len); 836 goto bail; 837 } 838 fspathlen = 0; 839 error = vfs_getopt(optlist, "fspath", (void **)&fspath, &fspathlen); 840 if (error || fspathlen <= 0 || fspath[fspathlen - 1] != '\0') { 841 error = EINVAL; 842 if (errmsg != NULL) 843 strncpy(errmsg, "Invalid fspath", errmsg_len); 844 goto bail; 845 } 846 847 /* 848 * We need to see if we have the "update" option 849 * before we call vfs_domount(), since vfs_domount() has special 850 * logic based on MNT_UPDATE. This is very important 851 * when we want to update the root filesystem. 852 */ 853 TAILQ_FOREACH_SAFE(opt, optlist, link, tmp_opt) { 854 int do_freeopt = 0; 855 856 if (strcmp(opt->name, "update") == 0) { 857 fsflags |= MNT_UPDATE; 858 do_freeopt = 1; 859 } 860 else if (strcmp(opt->name, "async") == 0) 861 fsflags |= MNT_ASYNC; 862 else if (strcmp(opt->name, "force") == 0) { 863 fsflags |= MNT_FORCE; 864 do_freeopt = 1; 865 } 866 else if (strcmp(opt->name, "reload") == 0) { 867 fsflags |= MNT_RELOAD; 868 do_freeopt = 1; 869 } 870 else if (strcmp(opt->name, "multilabel") == 0) 871 fsflags |= MNT_MULTILABEL; 872 else if (strcmp(opt->name, "noasync") == 0) 873 fsflags &= ~MNT_ASYNC; 874 else if (strcmp(opt->name, "noatime") == 0) 875 fsflags |= MNT_NOATIME; 876 else if (strcmp(opt->name, "atime") == 0) { 877 free(opt->name, M_MOUNT); 878 opt->name = strdup("nonoatime", M_MOUNT); 879 } 880 else if (strcmp(opt->name, "noclusterr") == 0) 881 fsflags |= MNT_NOCLUSTERR; 882 else if (strcmp(opt->name, "clusterr") == 0) { 883 free(opt->name, M_MOUNT); 884 opt->name = strdup("nonoclusterr", M_MOUNT); 885 } 886 else if (strcmp(opt->name, "noclusterw") == 0) 887 fsflags |= MNT_NOCLUSTERW; 888 else if (strcmp(opt->name, "clusterw") == 0) { 889 free(opt->name, M_MOUNT); 890 opt->name = strdup("nonoclusterw", M_MOUNT); 891 } 892 else if (strcmp(opt->name, "noexec") == 0) 893 fsflags |= MNT_NOEXEC; 894 else if (strcmp(opt->name, "exec") == 0) { 895 free(opt->name, M_MOUNT); 896 opt->name = strdup("nonoexec", M_MOUNT); 897 } 898 else if (strcmp(opt->name, "nosuid") == 0) 899 fsflags |= MNT_NOSUID; 900 else if (strcmp(opt->name, "suid") == 0) { 901 free(opt->name, M_MOUNT); 902 opt->name = strdup("nonosuid", M_MOUNT); 903 } 904 else if (strcmp(opt->name, "nosymfollow") == 0) 905 fsflags |= MNT_NOSYMFOLLOW; 906 else if (strcmp(opt->name, "symfollow") == 0) { 907 free(opt->name, M_MOUNT); 908 opt->name = strdup("nonosymfollow", M_MOUNT); 909 } 910 else if (strcmp(opt->name, "noro") == 0) { 911 fsflags &= ~MNT_RDONLY; 912 autoro = false; 913 } 914 else if (strcmp(opt->name, "rw") == 0) { 915 fsflags &= ~MNT_RDONLY; 916 autoro = false; 917 } 918 else if (strcmp(opt->name, "ro") == 0) { 919 fsflags |= MNT_RDONLY; 920 autoro = false; 921 } 922 else if (strcmp(opt->name, "rdonly") == 0) { 923 free(opt->name, M_MOUNT); 924 opt->name = strdup("ro", M_MOUNT); 925 fsflags |= MNT_RDONLY; 926 autoro = false; 927 } 928 else if (strcmp(opt->name, "autoro") == 0) { 929 do_freeopt = 1; 930 autoro = true; 931 } 932 else if (strcmp(opt->name, "suiddir") == 0) 933 fsflags |= MNT_SUIDDIR; 934 else if (strcmp(opt->name, "sync") == 0) 935 fsflags |= MNT_SYNCHRONOUS; 936 else if (strcmp(opt->name, "union") == 0) 937 fsflags |= MNT_UNION; 938 else if (strcmp(opt->name, "automounted") == 0) { 939 fsflags |= MNT_AUTOMOUNTED; 940 do_freeopt = 1; 941 } else if (strcmp(opt->name, "nocover") == 0) { 942 fsflags |= MNT_NOCOVER; 943 do_freeopt = 1; 944 } else if (strcmp(opt->name, "cover") == 0) { 945 fsflags &= ~MNT_NOCOVER; 946 do_freeopt = 1; 947 } else if (strcmp(opt->name, "emptydir") == 0) { 948 fsflags |= MNT_EMPTYDIR; 949 do_freeopt = 1; 950 } else if (strcmp(opt->name, "noemptydir") == 0) { 951 fsflags &= ~MNT_EMPTYDIR; 952 do_freeopt = 1; 953 } 954 if (do_freeopt) 955 vfs_freeopt(optlist, opt); 956 } 957 958 /* 959 * Be ultra-paranoid about making sure the type and fspath 960 * variables will fit in our mp buffers, including the 961 * terminating NUL. 962 */ 963 if (fstypelen > MFSNAMELEN || fspathlen > MNAMELEN) { 964 error = ENAMETOOLONG; 965 goto bail; 966 } 967 968 error = vfs_domount(td, fstype, fspath, fsflags, &optlist); 969 if (error == ENOENT) { 970 error = EINVAL; 971 if (errmsg != NULL) 972 strncpy(errmsg, "Invalid fstype", errmsg_len); 973 goto bail; 974 } 975 976 /* 977 * See if we can mount in the read-only mode if the error code suggests 978 * that it could be possible and the mount options allow for that. 979 * Never try it if "[no]{ro|rw}" has been explicitly requested and not 980 * overridden by "autoro". 981 */ 982 if (autoro && vfs_should_downgrade_to_ro_mount(fsflags, error)) { 983 printf("%s: R/W mount failed, possibly R/O media," 984 " trying R/O mount\n", __func__); 985 fsflags |= MNT_RDONLY; 986 error = vfs_domount(td, fstype, fspath, fsflags, &optlist); 987 } 988 bail: 989 /* copyout the errmsg */ 990 if (errmsg_pos != -1 && ((2 * errmsg_pos + 1) < fsoptions->uio_iovcnt) 991 && errmsg_len > 0 && errmsg != NULL) { 992 if (fsoptions->uio_segflg == UIO_SYSSPACE) { 993 bcopy(errmsg, 994 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, 995 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); 996 } else { 997 copyout(errmsg, 998 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, 999 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); 1000 } 1001 } 1002 1003 if (optlist != NULL) 1004 vfs_freeopts(optlist); 1005 return (error); 1006 } 1007 1008 /* 1009 * Old mount API. 1010 */ 1011 #ifndef _SYS_SYSPROTO_H_ 1012 struct mount_args { 1013 char *type; 1014 char *path; 1015 int flags; 1016 caddr_t data; 1017 }; 1018 #endif 1019 /* ARGSUSED */ 1020 int 1021 sys_mount(struct thread *td, struct mount_args *uap) 1022 { 1023 char *fstype; 1024 struct vfsconf *vfsp = NULL; 1025 struct mntarg *ma = NULL; 1026 uint64_t flags; 1027 int error; 1028 1029 /* 1030 * Mount flags are now 64-bits. On 32-bit architectures only 1031 * 32-bits are passed in, but from here on everything handles 1032 * 64-bit flags correctly. 1033 */ 1034 flags = uap->flags; 1035 1036 AUDIT_ARG_FFLAGS(flags); 1037 1038 /* 1039 * Filter out MNT_ROOTFS. We do not want clients of mount() in 1040 * userspace to set this flag, but we must filter it out if we want 1041 * MNT_UPDATE on the root file system to work. 1042 * MNT_ROOTFS should only be set by the kernel when mounting its 1043 * root file system. 1044 */ 1045 flags &= ~MNT_ROOTFS; 1046 1047 fstype = malloc(MFSNAMELEN, M_TEMP, M_WAITOK); 1048 error = copyinstr(uap->type, fstype, MFSNAMELEN, NULL); 1049 if (error) { 1050 free(fstype, M_TEMP); 1051 return (error); 1052 } 1053 1054 AUDIT_ARG_TEXT(fstype); 1055 vfsp = vfs_byname_kld(fstype, td, &error); 1056 free(fstype, M_TEMP); 1057 if (vfsp == NULL) 1058 return (ENOENT); 1059 if (((vfsp->vfc_flags & VFCF_SBDRY) != 0 && 1060 vfsp->vfc_vfsops_sd->vfs_cmount == NULL) || 1061 ((vfsp->vfc_flags & VFCF_SBDRY) == 0 && 1062 vfsp->vfc_vfsops->vfs_cmount == NULL)) 1063 return (EOPNOTSUPP); 1064 1065 ma = mount_argsu(ma, "fstype", uap->type, MFSNAMELEN); 1066 ma = mount_argsu(ma, "fspath", uap->path, MNAMELEN); 1067 ma = mount_argb(ma, flags & MNT_RDONLY, "noro"); 1068 ma = mount_argb(ma, !(flags & MNT_NOSUID), "nosuid"); 1069 ma = mount_argb(ma, !(flags & MNT_NOEXEC), "noexec"); 1070 1071 if ((vfsp->vfc_flags & VFCF_SBDRY) != 0) 1072 return (vfsp->vfc_vfsops_sd->vfs_cmount(ma, uap->data, flags)); 1073 return (vfsp->vfc_vfsops->vfs_cmount(ma, uap->data, flags)); 1074 } 1075 1076 /* 1077 * vfs_domount_first(): first file system mount (not update) 1078 */ 1079 static int 1080 vfs_domount_first( 1081 struct thread *td, /* Calling thread. */ 1082 struct vfsconf *vfsp, /* File system type. */ 1083 char *fspath, /* Mount path. */ 1084 struct vnode *vp, /* Vnode to be covered. */ 1085 uint64_t fsflags, /* Flags common to all filesystems. */ 1086 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1087 ) 1088 { 1089 struct vattr va; 1090 struct mount *mp; 1091 struct vnode *newdp, *rootvp; 1092 int error, error1; 1093 bool unmounted; 1094 1095 ASSERT_VOP_ELOCKED(vp, __func__); 1096 KASSERT((fsflags & MNT_UPDATE) == 0, ("MNT_UPDATE shouldn't be here")); 1097 1098 if ((fsflags & MNT_EMPTYDIR) != 0) { 1099 error = vfs_emptydir(vp); 1100 if (error != 0) { 1101 vput(vp); 1102 return (error); 1103 } 1104 } 1105 1106 /* 1107 * If the jail of the calling thread lacks permission for this type of 1108 * file system, or is trying to cover its own root, deny immediately. 1109 */ 1110 if (jailed(td->td_ucred) && (!prison_allow(td->td_ucred, 1111 vfsp->vfc_prison_flag) || vp == td->td_ucred->cr_prison->pr_root)) { 1112 vput(vp); 1113 return (EPERM); 1114 } 1115 1116 /* 1117 * If the user is not root, ensure that they own the directory 1118 * onto which we are attempting to mount. 1119 */ 1120 error = VOP_GETATTR(vp, &va, td->td_ucred); 1121 if (error == 0 && va.va_uid != td->td_ucred->cr_uid) 1122 error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN); 1123 if (error == 0) 1124 error = vinvalbuf(vp, V_SAVE, 0, 0); 1125 if (error == 0 && vp->v_type != VDIR) 1126 error = ENOTDIR; 1127 if (error == 0) { 1128 VI_LOCK(vp); 1129 if ((vp->v_iflag & VI_MOUNT) == 0 && vp->v_mountedhere == NULL) 1130 vp->v_iflag |= VI_MOUNT; 1131 else 1132 error = EBUSY; 1133 VI_UNLOCK(vp); 1134 } 1135 if (error != 0) { 1136 vput(vp); 1137 return (error); 1138 } 1139 vn_seqc_write_begin(vp); 1140 VOP_UNLOCK(vp); 1141 1142 /* Allocate and initialize the filesystem. */ 1143 mp = vfs_mount_alloc(vp, vfsp, fspath, td->td_ucred); 1144 /* XXXMAC: pass to vfs_mount_alloc? */ 1145 mp->mnt_optnew = *optlist; 1146 /* Set the mount level flags. */ 1147 mp->mnt_flag = (fsflags & (MNT_UPDATEMASK | MNT_ROOTFS | MNT_RDONLY)); 1148 1149 /* 1150 * Mount the filesystem. 1151 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they 1152 * get. No freeing of cn_pnbuf. 1153 */ 1154 error1 = 0; 1155 unmounted = true; 1156 if ((error = VFS_MOUNT(mp)) != 0 || 1157 (error1 = VFS_STATFS(mp, &mp->mnt_stat)) != 0 || 1158 (error1 = VFS_ROOT(mp, LK_EXCLUSIVE, &newdp)) != 0) { 1159 rootvp = NULL; 1160 if (error1 != 0) { 1161 MPASS(error == 0); 1162 rootvp = vfs_cache_root_clear(mp); 1163 if (rootvp != NULL) { 1164 vhold(rootvp); 1165 vrele(rootvp); 1166 } 1167 (void)vn_start_write(NULL, &mp, V_WAIT); 1168 MNT_ILOCK(mp); 1169 mp->mnt_kern_flag |= MNTK_UNMOUNT | MNTK_UNMOUNTF; 1170 MNT_IUNLOCK(mp); 1171 VFS_PURGE(mp); 1172 error = VFS_UNMOUNT(mp, 0); 1173 vn_finished_write(mp); 1174 if (error != 0) { 1175 printf( 1176 "failed post-mount (%d): rollback unmount returned %d\n", 1177 error1, error); 1178 unmounted = false; 1179 } 1180 error = error1; 1181 } 1182 vfs_unbusy(mp); 1183 mp->mnt_vnodecovered = NULL; 1184 if (unmounted) { 1185 /* XXXKIB wait for mnt_lockref drain? */ 1186 vfs_mount_destroy(mp); 1187 } 1188 VI_LOCK(vp); 1189 vp->v_iflag &= ~VI_MOUNT; 1190 VI_UNLOCK(vp); 1191 if (rootvp != NULL) { 1192 vn_seqc_write_end(rootvp); 1193 vdrop(rootvp); 1194 } 1195 vn_seqc_write_end(vp); 1196 vrele(vp); 1197 return (error); 1198 } 1199 vn_seqc_write_begin(newdp); 1200 VOP_UNLOCK(newdp); 1201 1202 if (mp->mnt_opt != NULL) 1203 vfs_freeopts(mp->mnt_opt); 1204 mp->mnt_opt = mp->mnt_optnew; 1205 *optlist = NULL; 1206 1207 /* 1208 * Prevent external consumers of mount options from reading mnt_optnew. 1209 */ 1210 mp->mnt_optnew = NULL; 1211 1212 MNT_ILOCK(mp); 1213 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 1214 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 1215 mp->mnt_kern_flag |= MNTK_ASYNC; 1216 else 1217 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1218 MNT_IUNLOCK(mp); 1219 1220 VI_LOCK(vp); 1221 vn_irflag_set_locked(vp, VIRF_MOUNTPOINT); 1222 vp->v_mountedhere = mp; 1223 VI_UNLOCK(vp); 1224 cache_purge(vp); 1225 1226 /* 1227 * We need to lock both vnodes. 1228 * 1229 * Use vn_lock_pair to avoid establishing an ordering between vnodes 1230 * from different filesystems. 1231 */ 1232 vn_lock_pair(vp, false, newdp, false); 1233 1234 VI_LOCK(vp); 1235 vp->v_iflag &= ~VI_MOUNT; 1236 VI_UNLOCK(vp); 1237 /* Place the new filesystem at the end of the mount list. */ 1238 mtx_lock(&mountlist_mtx); 1239 TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list); 1240 mtx_unlock(&mountlist_mtx); 1241 vfs_event_signal(NULL, VQ_MOUNT, 0); 1242 VOP_UNLOCK(vp); 1243 EVENTHANDLER_DIRECT_INVOKE(vfs_mounted, mp, newdp, td); 1244 VOP_UNLOCK(newdp); 1245 mount_devctl_event("MOUNT", mp, false); 1246 mountcheckdirs(vp, newdp); 1247 vn_seqc_write_end(vp); 1248 vn_seqc_write_end(newdp); 1249 vrele(newdp); 1250 if ((mp->mnt_flag & MNT_RDONLY) == 0) 1251 vfs_allocate_syncvnode(mp); 1252 vfs_op_exit(mp); 1253 vfs_unbusy(mp); 1254 return (0); 1255 } 1256 1257 /* 1258 * vfs_domount_update(): update of mounted file system 1259 */ 1260 static int 1261 vfs_domount_update( 1262 struct thread *td, /* Calling thread. */ 1263 struct vnode *vp, /* Mount point vnode. */ 1264 uint64_t fsflags, /* Flags common to all filesystems. */ 1265 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1266 ) 1267 { 1268 struct export_args export; 1269 struct o2export_args o2export; 1270 struct vnode *rootvp; 1271 void *bufp; 1272 struct mount *mp; 1273 int error, export_error, i, len; 1274 uint64_t flag; 1275 gid_t *grps; 1276 1277 ASSERT_VOP_ELOCKED(vp, __func__); 1278 KASSERT((fsflags & MNT_UPDATE) != 0, ("MNT_UPDATE should be here")); 1279 mp = vp->v_mount; 1280 1281 if ((vp->v_vflag & VV_ROOT) == 0) { 1282 if (vfs_copyopt(*optlist, "export", &export, sizeof(export)) 1283 == 0) 1284 error = EXDEV; 1285 else 1286 error = EINVAL; 1287 vput(vp); 1288 return (error); 1289 } 1290 1291 /* 1292 * We only allow the filesystem to be reloaded if it 1293 * is currently mounted read-only. 1294 */ 1295 flag = mp->mnt_flag; 1296 if ((fsflags & MNT_RELOAD) != 0 && (flag & MNT_RDONLY) == 0) { 1297 vput(vp); 1298 return (EOPNOTSUPP); /* Needs translation */ 1299 } 1300 /* 1301 * Only privileged root, or (if MNT_USER is set) the user that 1302 * did the original mount is permitted to update it. 1303 */ 1304 error = vfs_suser(mp, td); 1305 if (error != 0) { 1306 vput(vp); 1307 return (error); 1308 } 1309 if (vfs_busy(mp, MBF_NOWAIT)) { 1310 vput(vp); 1311 return (EBUSY); 1312 } 1313 VI_LOCK(vp); 1314 if ((vp->v_iflag & VI_MOUNT) != 0 || vp->v_mountedhere != NULL) { 1315 VI_UNLOCK(vp); 1316 vfs_unbusy(mp); 1317 vput(vp); 1318 return (EBUSY); 1319 } 1320 vp->v_iflag |= VI_MOUNT; 1321 VI_UNLOCK(vp); 1322 VOP_UNLOCK(vp); 1323 1324 vfs_op_enter(mp); 1325 vn_seqc_write_begin(vp); 1326 1327 rootvp = NULL; 1328 MNT_ILOCK(mp); 1329 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0) { 1330 MNT_IUNLOCK(mp); 1331 error = EBUSY; 1332 goto end; 1333 } 1334 mp->mnt_flag &= ~MNT_UPDATEMASK; 1335 mp->mnt_flag |= fsflags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE | 1336 MNT_SNAPSHOT | MNT_ROOTFS | MNT_UPDATEMASK | MNT_RDONLY); 1337 if ((mp->mnt_flag & MNT_ASYNC) == 0) 1338 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1339 rootvp = vfs_cache_root_clear(mp); 1340 MNT_IUNLOCK(mp); 1341 mp->mnt_optnew = *optlist; 1342 vfs_mergeopts(mp->mnt_optnew, mp->mnt_opt); 1343 1344 /* 1345 * Mount the filesystem. 1346 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they 1347 * get. No freeing of cn_pnbuf. 1348 */ 1349 error = VFS_MOUNT(mp); 1350 1351 export_error = 0; 1352 /* Process the export option. */ 1353 if (error == 0 && vfs_getopt(mp->mnt_optnew, "export", &bufp, 1354 &len) == 0) { 1355 /* Assume that there is only 1 ABI for each length. */ 1356 switch (len) { 1357 case (sizeof(struct oexport_args)): 1358 bzero(&o2export, sizeof(o2export)); 1359 /* FALLTHROUGH */ 1360 case (sizeof(o2export)): 1361 bcopy(bufp, &o2export, len); 1362 export.ex_flags = (uint64_t)o2export.ex_flags; 1363 export.ex_root = o2export.ex_root; 1364 export.ex_uid = o2export.ex_anon.cr_uid; 1365 export.ex_groups = NULL; 1366 export.ex_ngroups = o2export.ex_anon.cr_ngroups; 1367 if (export.ex_ngroups > 0) { 1368 if (export.ex_ngroups <= XU_NGROUPS) { 1369 export.ex_groups = malloc( 1370 export.ex_ngroups * sizeof(gid_t), 1371 M_TEMP, M_WAITOK); 1372 for (i = 0; i < export.ex_ngroups; i++) 1373 export.ex_groups[i] = 1374 o2export.ex_anon.cr_groups[i]; 1375 } else 1376 export_error = EINVAL; 1377 } else if (export.ex_ngroups < 0) 1378 export_error = EINVAL; 1379 export.ex_addr = o2export.ex_addr; 1380 export.ex_addrlen = o2export.ex_addrlen; 1381 export.ex_mask = o2export.ex_mask; 1382 export.ex_masklen = o2export.ex_masklen; 1383 export.ex_indexfile = o2export.ex_indexfile; 1384 export.ex_numsecflavors = o2export.ex_numsecflavors; 1385 if (export.ex_numsecflavors < MAXSECFLAVORS) { 1386 for (i = 0; i < export.ex_numsecflavors; i++) 1387 export.ex_secflavors[i] = 1388 o2export.ex_secflavors[i]; 1389 } else 1390 export_error = EINVAL; 1391 if (export_error == 0) 1392 export_error = vfs_export(mp, &export); 1393 free(export.ex_groups, M_TEMP); 1394 break; 1395 case (sizeof(export)): 1396 bcopy(bufp, &export, len); 1397 grps = NULL; 1398 if (export.ex_ngroups > 0) { 1399 if (export.ex_ngroups <= NGROUPS_MAX) { 1400 grps = malloc(export.ex_ngroups * 1401 sizeof(gid_t), M_TEMP, M_WAITOK); 1402 export_error = copyin(export.ex_groups, 1403 grps, export.ex_ngroups * 1404 sizeof(gid_t)); 1405 if (export_error == 0) 1406 export.ex_groups = grps; 1407 } else 1408 export_error = EINVAL; 1409 } else if (export.ex_ngroups == 0) 1410 export.ex_groups = NULL; 1411 else 1412 export_error = EINVAL; 1413 if (export_error == 0) 1414 export_error = vfs_export(mp, &export); 1415 free(grps, M_TEMP); 1416 break; 1417 default: 1418 export_error = EINVAL; 1419 break; 1420 } 1421 } 1422 1423 MNT_ILOCK(mp); 1424 if (error == 0) { 1425 mp->mnt_flag &= ~(MNT_UPDATE | MNT_RELOAD | MNT_FORCE | 1426 MNT_SNAPSHOT); 1427 } else { 1428 /* 1429 * If we fail, restore old mount flags. MNT_QUOTA is special, 1430 * because it is not part of MNT_UPDATEMASK, but it could have 1431 * changed in the meantime if quotactl(2) was called. 1432 * All in all we want current value of MNT_QUOTA, not the old 1433 * one. 1434 */ 1435 mp->mnt_flag = (mp->mnt_flag & MNT_QUOTA) | (flag & ~MNT_QUOTA); 1436 } 1437 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 1438 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 1439 mp->mnt_kern_flag |= MNTK_ASYNC; 1440 else 1441 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1442 MNT_IUNLOCK(mp); 1443 1444 if (error != 0) 1445 goto end; 1446 1447 mount_devctl_event("REMOUNT", mp, true); 1448 if (mp->mnt_opt != NULL) 1449 vfs_freeopts(mp->mnt_opt); 1450 mp->mnt_opt = mp->mnt_optnew; 1451 *optlist = NULL; 1452 (void)VFS_STATFS(mp, &mp->mnt_stat); 1453 /* 1454 * Prevent external consumers of mount options from reading 1455 * mnt_optnew. 1456 */ 1457 mp->mnt_optnew = NULL; 1458 1459 if ((mp->mnt_flag & MNT_RDONLY) == 0) 1460 vfs_allocate_syncvnode(mp); 1461 else 1462 vfs_deallocate_syncvnode(mp); 1463 end: 1464 vfs_op_exit(mp); 1465 if (rootvp != NULL) { 1466 vn_seqc_write_end(rootvp); 1467 vrele(rootvp); 1468 } 1469 vn_seqc_write_end(vp); 1470 vfs_unbusy(mp); 1471 VI_LOCK(vp); 1472 vp->v_iflag &= ~VI_MOUNT; 1473 VI_UNLOCK(vp); 1474 vrele(vp); 1475 return (error != 0 ? error : export_error); 1476 } 1477 1478 /* 1479 * vfs_domount(): actually attempt a filesystem mount. 1480 */ 1481 static int 1482 vfs_domount( 1483 struct thread *td, /* Calling thread. */ 1484 const char *fstype, /* Filesystem type. */ 1485 char *fspath, /* Mount path. */ 1486 uint64_t fsflags, /* Flags common to all filesystems. */ 1487 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1488 ) 1489 { 1490 struct vfsconf *vfsp; 1491 struct nameidata nd; 1492 struct vnode *vp; 1493 char *pathbuf; 1494 int error; 1495 1496 /* 1497 * Be ultra-paranoid about making sure the type and fspath 1498 * variables will fit in our mp buffers, including the 1499 * terminating NUL. 1500 */ 1501 if (strlen(fstype) >= MFSNAMELEN || strlen(fspath) >= MNAMELEN) 1502 return (ENAMETOOLONG); 1503 1504 if (jailed(td->td_ucred) || usermount == 0) { 1505 if ((error = priv_check(td, PRIV_VFS_MOUNT)) != 0) 1506 return (error); 1507 } 1508 1509 /* 1510 * Do not allow NFS export or MNT_SUIDDIR by unprivileged users. 1511 */ 1512 if (fsflags & MNT_EXPORTED) { 1513 error = priv_check(td, PRIV_VFS_MOUNT_EXPORTED); 1514 if (error) 1515 return (error); 1516 } 1517 if (fsflags & MNT_SUIDDIR) { 1518 error = priv_check(td, PRIV_VFS_MOUNT_SUIDDIR); 1519 if (error) 1520 return (error); 1521 } 1522 /* 1523 * Silently enforce MNT_NOSUID and MNT_USER for unprivileged users. 1524 */ 1525 if ((fsflags & (MNT_NOSUID | MNT_USER)) != (MNT_NOSUID | MNT_USER)) { 1526 if (priv_check(td, PRIV_VFS_MOUNT_NONUSER) != 0) 1527 fsflags |= MNT_NOSUID | MNT_USER; 1528 } 1529 1530 /* Load KLDs before we lock the covered vnode to avoid reversals. */ 1531 vfsp = NULL; 1532 if ((fsflags & MNT_UPDATE) == 0) { 1533 /* Don't try to load KLDs if we're mounting the root. */ 1534 if (fsflags & MNT_ROOTFS) { 1535 if ((vfsp = vfs_byname(fstype)) == NULL) 1536 return (ENODEV); 1537 } else { 1538 if ((vfsp = vfs_byname_kld(fstype, td, &error)) == NULL) 1539 return (error); 1540 } 1541 } 1542 1543 /* 1544 * Get vnode to be covered or mount point's vnode in case of MNT_UPDATE. 1545 */ 1546 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, 1547 UIO_SYSSPACE, fspath, td); 1548 error = namei(&nd); 1549 if (error != 0) 1550 return (error); 1551 NDFREE(&nd, NDF_ONLY_PNBUF); 1552 vp = nd.ni_vp; 1553 if ((fsflags & MNT_UPDATE) == 0) { 1554 if ((vp->v_vflag & VV_ROOT) != 0 && 1555 (fsflags & MNT_NOCOVER) != 0) { 1556 vput(vp); 1557 return (EBUSY); 1558 } 1559 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1560 strcpy(pathbuf, fspath); 1561 error = vn_path_to_global_path(td, vp, pathbuf, MNAMELEN); 1562 if (error == 0) { 1563 error = vfs_domount_first(td, vfsp, pathbuf, vp, 1564 fsflags, optlist); 1565 } 1566 free(pathbuf, M_TEMP); 1567 } else 1568 error = vfs_domount_update(td, vp, fsflags, optlist); 1569 1570 return (error); 1571 } 1572 1573 /* 1574 * Unmount a filesystem. 1575 * 1576 * Note: unmount takes a path to the vnode mounted on as argument, not 1577 * special file (as before). 1578 */ 1579 #ifndef _SYS_SYSPROTO_H_ 1580 struct unmount_args { 1581 char *path; 1582 int flags; 1583 }; 1584 #endif 1585 /* ARGSUSED */ 1586 int 1587 sys_unmount(struct thread *td, struct unmount_args *uap) 1588 { 1589 1590 return (kern_unmount(td, uap->path, uap->flags)); 1591 } 1592 1593 int 1594 kern_unmount(struct thread *td, const char *path, int flags) 1595 { 1596 struct nameidata nd; 1597 struct mount *mp; 1598 char *fsidbuf, *pathbuf; 1599 fsid_t fsid; 1600 int error; 1601 1602 AUDIT_ARG_VALUE(flags); 1603 if (jailed(td->td_ucred) || usermount == 0) { 1604 error = priv_check(td, PRIV_VFS_UNMOUNT); 1605 if (error) 1606 return (error); 1607 } 1608 1609 if (flags & MNT_BYFSID) { 1610 fsidbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1611 error = copyinstr(path, fsidbuf, MNAMELEN, NULL); 1612 if (error) { 1613 free(fsidbuf, M_TEMP); 1614 return (error); 1615 } 1616 1617 AUDIT_ARG_TEXT(fsidbuf); 1618 /* Decode the filesystem ID. */ 1619 if (sscanf(fsidbuf, "FSID:%d:%d", &fsid.val[0], &fsid.val[1]) != 2) { 1620 free(fsidbuf, M_TEMP); 1621 return (EINVAL); 1622 } 1623 1624 mp = vfs_getvfs(&fsid); 1625 free(fsidbuf, M_TEMP); 1626 if (mp == NULL) { 1627 return (ENOENT); 1628 } 1629 } else { 1630 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1631 error = copyinstr(path, pathbuf, MNAMELEN, NULL); 1632 if (error) { 1633 free(pathbuf, M_TEMP); 1634 return (error); 1635 } 1636 1637 /* 1638 * Try to find global path for path argument. 1639 */ 1640 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, 1641 UIO_SYSSPACE, pathbuf, td); 1642 if (namei(&nd) == 0) { 1643 NDFREE(&nd, NDF_ONLY_PNBUF); 1644 error = vn_path_to_global_path(td, nd.ni_vp, pathbuf, 1645 MNAMELEN); 1646 if (error == 0) 1647 vput(nd.ni_vp); 1648 } 1649 mtx_lock(&mountlist_mtx); 1650 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 1651 if (strcmp(mp->mnt_stat.f_mntonname, pathbuf) == 0) { 1652 vfs_ref(mp); 1653 break; 1654 } 1655 } 1656 mtx_unlock(&mountlist_mtx); 1657 free(pathbuf, M_TEMP); 1658 if (mp == NULL) { 1659 /* 1660 * Previously we returned ENOENT for a nonexistent path and 1661 * EINVAL for a non-mountpoint. We cannot tell these apart 1662 * now, so in the !MNT_BYFSID case return the more likely 1663 * EINVAL for compatibility. 1664 */ 1665 return (EINVAL); 1666 } 1667 } 1668 1669 /* 1670 * Don't allow unmounting the root filesystem. 1671 */ 1672 if (mp->mnt_flag & MNT_ROOTFS) { 1673 vfs_rel(mp); 1674 return (EINVAL); 1675 } 1676 error = dounmount(mp, flags, td); 1677 return (error); 1678 } 1679 1680 /* 1681 * Return error if any of the vnodes, ignoring the root vnode 1682 * and the syncer vnode, have non-zero usecount. 1683 * 1684 * This function is purely advisory - it can return false positives 1685 * and negatives. 1686 */ 1687 static int 1688 vfs_check_usecounts(struct mount *mp) 1689 { 1690 struct vnode *vp, *mvp; 1691 1692 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) { 1693 if ((vp->v_vflag & VV_ROOT) == 0 && vp->v_type != VNON && 1694 vp->v_usecount != 0) { 1695 VI_UNLOCK(vp); 1696 MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp); 1697 return (EBUSY); 1698 } 1699 VI_UNLOCK(vp); 1700 } 1701 1702 return (0); 1703 } 1704 1705 static void 1706 dounmount_cleanup(struct mount *mp, struct vnode *coveredvp, int mntkflags) 1707 { 1708 1709 mtx_assert(MNT_MTX(mp), MA_OWNED); 1710 mp->mnt_kern_flag &= ~mntkflags; 1711 if ((mp->mnt_kern_flag & MNTK_MWAIT) != 0) { 1712 mp->mnt_kern_flag &= ~MNTK_MWAIT; 1713 wakeup(mp); 1714 } 1715 vfs_op_exit_locked(mp); 1716 MNT_IUNLOCK(mp); 1717 if (coveredvp != NULL) { 1718 VOP_UNLOCK(coveredvp); 1719 vdrop(coveredvp); 1720 } 1721 vn_finished_write(mp); 1722 } 1723 1724 /* 1725 * There are various reference counters associated with the mount point. 1726 * Normally it is permitted to modify them without taking the mnt ilock, 1727 * but this behavior can be temporarily disabled if stable value is needed 1728 * or callers are expected to block (e.g. to not allow new users during 1729 * forced unmount). 1730 */ 1731 void 1732 vfs_op_enter(struct mount *mp) 1733 { 1734 struct mount_pcpu *mpcpu; 1735 int cpu; 1736 1737 MNT_ILOCK(mp); 1738 mp->mnt_vfs_ops++; 1739 if (mp->mnt_vfs_ops > 1) { 1740 MNT_IUNLOCK(mp); 1741 return; 1742 } 1743 vfs_op_barrier_wait(mp); 1744 CPU_FOREACH(cpu) { 1745 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1746 1747 mp->mnt_ref += mpcpu->mntp_ref; 1748 mpcpu->mntp_ref = 0; 1749 1750 mp->mnt_lockref += mpcpu->mntp_lockref; 1751 mpcpu->mntp_lockref = 0; 1752 1753 mp->mnt_writeopcount += mpcpu->mntp_writeopcount; 1754 mpcpu->mntp_writeopcount = 0; 1755 } 1756 if (mp->mnt_ref <= 0 || mp->mnt_lockref < 0 || mp->mnt_writeopcount < 0) 1757 panic("%s: invalid count(s) on mp %p: ref %d lockref %d writeopcount %d\n", 1758 __func__, mp, mp->mnt_ref, mp->mnt_lockref, mp->mnt_writeopcount); 1759 MNT_IUNLOCK(mp); 1760 vfs_assert_mount_counters(mp); 1761 } 1762 1763 void 1764 vfs_op_exit_locked(struct mount *mp) 1765 { 1766 1767 mtx_assert(MNT_MTX(mp), MA_OWNED); 1768 1769 if (mp->mnt_vfs_ops <= 0) 1770 panic("%s: invalid vfs_ops count %d for mp %p\n", 1771 __func__, mp->mnt_vfs_ops, mp); 1772 mp->mnt_vfs_ops--; 1773 } 1774 1775 void 1776 vfs_op_exit(struct mount *mp) 1777 { 1778 1779 MNT_ILOCK(mp); 1780 vfs_op_exit_locked(mp); 1781 MNT_IUNLOCK(mp); 1782 } 1783 1784 struct vfs_op_barrier_ipi { 1785 struct mount *mp; 1786 struct smp_rendezvous_cpus_retry_arg srcra; 1787 }; 1788 1789 static void 1790 vfs_op_action_func(void *arg) 1791 { 1792 struct vfs_op_barrier_ipi *vfsopipi; 1793 struct mount *mp; 1794 1795 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra); 1796 mp = vfsopipi->mp; 1797 1798 if (!vfs_op_thread_entered(mp)) 1799 smp_rendezvous_cpus_done(arg); 1800 } 1801 1802 static void 1803 vfs_op_wait_func(void *arg, int cpu) 1804 { 1805 struct vfs_op_barrier_ipi *vfsopipi; 1806 struct mount *mp; 1807 struct mount_pcpu *mpcpu; 1808 1809 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra); 1810 mp = vfsopipi->mp; 1811 1812 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1813 while (atomic_load_int(&mpcpu->mntp_thread_in_ops)) 1814 cpu_spinwait(); 1815 } 1816 1817 void 1818 vfs_op_barrier_wait(struct mount *mp) 1819 { 1820 struct vfs_op_barrier_ipi vfsopipi; 1821 1822 vfsopipi.mp = mp; 1823 1824 smp_rendezvous_cpus_retry(all_cpus, 1825 smp_no_rendezvous_barrier, 1826 vfs_op_action_func, 1827 smp_no_rendezvous_barrier, 1828 vfs_op_wait_func, 1829 &vfsopipi.srcra); 1830 } 1831 1832 #ifdef DIAGNOSTIC 1833 void 1834 vfs_assert_mount_counters(struct mount *mp) 1835 { 1836 struct mount_pcpu *mpcpu; 1837 int cpu; 1838 1839 if (mp->mnt_vfs_ops == 0) 1840 return; 1841 1842 CPU_FOREACH(cpu) { 1843 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1844 if (mpcpu->mntp_ref != 0 || 1845 mpcpu->mntp_lockref != 0 || 1846 mpcpu->mntp_writeopcount != 0) 1847 vfs_dump_mount_counters(mp); 1848 } 1849 } 1850 1851 void 1852 vfs_dump_mount_counters(struct mount *mp) 1853 { 1854 struct mount_pcpu *mpcpu; 1855 int ref, lockref, writeopcount; 1856 int cpu; 1857 1858 printf("%s: mp %p vfs_ops %d\n", __func__, mp, mp->mnt_vfs_ops); 1859 1860 printf(" ref : "); 1861 ref = mp->mnt_ref; 1862 CPU_FOREACH(cpu) { 1863 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1864 printf("%d ", mpcpu->mntp_ref); 1865 ref += mpcpu->mntp_ref; 1866 } 1867 printf("\n"); 1868 printf(" lockref : "); 1869 lockref = mp->mnt_lockref; 1870 CPU_FOREACH(cpu) { 1871 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1872 printf("%d ", mpcpu->mntp_lockref); 1873 lockref += mpcpu->mntp_lockref; 1874 } 1875 printf("\n"); 1876 printf("writeopcount: "); 1877 writeopcount = mp->mnt_writeopcount; 1878 CPU_FOREACH(cpu) { 1879 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1880 printf("%d ", mpcpu->mntp_writeopcount); 1881 writeopcount += mpcpu->mntp_writeopcount; 1882 } 1883 printf("\n"); 1884 1885 printf("counter struct total\n"); 1886 printf("ref %-5d %-5d\n", mp->mnt_ref, ref); 1887 printf("lockref %-5d %-5d\n", mp->mnt_lockref, lockref); 1888 printf("writeopcount %-5d %-5d\n", mp->mnt_writeopcount, writeopcount); 1889 1890 panic("invalid counts on struct mount"); 1891 } 1892 #endif 1893 1894 int 1895 vfs_mount_fetch_counter(struct mount *mp, enum mount_counter which) 1896 { 1897 struct mount_pcpu *mpcpu; 1898 int cpu, sum; 1899 1900 switch (which) { 1901 case MNT_COUNT_REF: 1902 sum = mp->mnt_ref; 1903 break; 1904 case MNT_COUNT_LOCKREF: 1905 sum = mp->mnt_lockref; 1906 break; 1907 case MNT_COUNT_WRITEOPCOUNT: 1908 sum = mp->mnt_writeopcount; 1909 break; 1910 } 1911 1912 CPU_FOREACH(cpu) { 1913 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1914 switch (which) { 1915 case MNT_COUNT_REF: 1916 sum += mpcpu->mntp_ref; 1917 break; 1918 case MNT_COUNT_LOCKREF: 1919 sum += mpcpu->mntp_lockref; 1920 break; 1921 case MNT_COUNT_WRITEOPCOUNT: 1922 sum += mpcpu->mntp_writeopcount; 1923 break; 1924 } 1925 } 1926 return (sum); 1927 } 1928 1929 static bool 1930 deferred_unmount_enqueue(struct mount *mp, uint64_t flags, bool requeue, 1931 int timeout_ticks) 1932 { 1933 bool enqueued; 1934 1935 enqueued = false; 1936 mtx_lock(&deferred_unmount_lock); 1937 if ((mp->mnt_taskqueue_flags & MNT_DEFERRED) == 0 || requeue) { 1938 mp->mnt_taskqueue_flags = flags | MNT_DEFERRED; 1939 STAILQ_INSERT_TAIL(&deferred_unmount_list, mp, 1940 mnt_taskqueue_link); 1941 enqueued = true; 1942 } 1943 mtx_unlock(&deferred_unmount_lock); 1944 1945 if (enqueued) { 1946 taskqueue_enqueue_timeout(taskqueue_deferred_unmount, 1947 &deferred_unmount_task, timeout_ticks); 1948 } 1949 1950 return (enqueued); 1951 } 1952 1953 /* 1954 * Taskqueue handler for processing async/recursive unmounts 1955 */ 1956 static void 1957 vfs_deferred_unmount(void *argi __unused, int pending __unused) 1958 { 1959 STAILQ_HEAD(, mount) local_unmounts; 1960 uint64_t flags; 1961 struct mount *mp, *tmp; 1962 int error; 1963 unsigned int retries; 1964 bool unmounted; 1965 1966 STAILQ_INIT(&local_unmounts); 1967 mtx_lock(&deferred_unmount_lock); 1968 STAILQ_CONCAT(&local_unmounts, &deferred_unmount_list); 1969 mtx_unlock(&deferred_unmount_lock); 1970 1971 STAILQ_FOREACH_SAFE(mp, &local_unmounts, mnt_taskqueue_link, tmp) { 1972 flags = mp->mnt_taskqueue_flags; 1973 KASSERT((flags & MNT_DEFERRED) != 0, 1974 ("taskqueue unmount without MNT_DEFERRED")); 1975 error = dounmount(mp, flags, curthread); 1976 if (error != 0) { 1977 MNT_ILOCK(mp); 1978 unmounted = ((mp->mnt_kern_flag & MNTK_REFEXPIRE) != 0); 1979 MNT_IUNLOCK(mp); 1980 1981 /* 1982 * The deferred unmount thread is the only thread that 1983 * modifies the retry counts, so locking/atomics aren't 1984 * needed here. 1985 */ 1986 retries = (mp->mnt_unmount_retries)++; 1987 deferred_unmount_total_retries++; 1988 if (!unmounted && retries < deferred_unmount_retry_limit) { 1989 deferred_unmount_enqueue(mp, flags, true, 1990 -deferred_unmount_retry_delay_hz); 1991 } else { 1992 if (retries >= deferred_unmount_retry_limit) { 1993 printf("giving up on deferred unmount " 1994 "of %s after %d retries, error %d\n", 1995 mp->mnt_stat.f_mntonname, retries, error); 1996 } 1997 vfs_rel(mp); 1998 } 1999 } 2000 } 2001 } 2002 2003 /* 2004 * Do the actual filesystem unmount. 2005 */ 2006 int 2007 dounmount(struct mount *mp, uint64_t flags, struct thread *td) 2008 { 2009 struct mount_upper_node *upper; 2010 struct vnode *coveredvp, *rootvp; 2011 int error; 2012 uint64_t async_flag; 2013 int mnt_gen_r; 2014 unsigned int retries; 2015 2016 KASSERT((flags & MNT_DEFERRED) == 0 || 2017 (flags & (MNT_RECURSE | MNT_FORCE)) == (MNT_RECURSE | MNT_FORCE), 2018 ("MNT_DEFERRED requires MNT_RECURSE | MNT_FORCE")); 2019 2020 /* 2021 * If the caller has explicitly requested the unmount to be handled by 2022 * the taskqueue and we're not already in taskqueue context, queue 2023 * up the unmount request and exit. This is done prior to any 2024 * credential checks; MNT_DEFERRED should be used only for kernel- 2025 * initiated unmounts and will therefore be processed with the 2026 * (kernel) credentials of the taskqueue thread. Still, callers 2027 * should be sure this is the behavior they want. 2028 */ 2029 if ((flags & MNT_DEFERRED) != 0 && 2030 taskqueue_member(taskqueue_deferred_unmount, curthread) == 0) { 2031 if (!deferred_unmount_enqueue(mp, flags, false, 0)) 2032 vfs_rel(mp); 2033 return (EINPROGRESS); 2034 } 2035 2036 /* 2037 * Only privileged root, or (if MNT_USER is set) the user that did the 2038 * original mount is permitted to unmount this filesystem. 2039 * This check should be made prior to queueing up any recursive 2040 * unmounts of upper filesystems. Those unmounts will be executed 2041 * with kernel thread credentials and are expected to succeed, so 2042 * we must at least ensure the originating context has sufficient 2043 * privilege to unmount the base filesystem before proceeding with 2044 * the uppers. 2045 */ 2046 error = vfs_suser(mp, td); 2047 if (error != 0) { 2048 KASSERT((flags & MNT_DEFERRED) == 0, 2049 ("taskqueue unmount with insufficient privilege")); 2050 vfs_rel(mp); 2051 return (error); 2052 } 2053 2054 if (recursive_forced_unmount && ((flags & MNT_FORCE) != 0)) 2055 flags |= MNT_RECURSE; 2056 2057 if ((flags & MNT_RECURSE) != 0) { 2058 KASSERT((flags & MNT_FORCE) != 0, 2059 ("MNT_RECURSE requires MNT_FORCE")); 2060 2061 MNT_ILOCK(mp); 2062 /* 2063 * Set MNTK_RECURSE to prevent new upper mounts from being 2064 * added, and note that an operation on the uppers list is in 2065 * progress. This will ensure that unregistration from the 2066 * uppers list, and therefore any pending unmount of the upper 2067 * FS, can't complete until after we finish walking the list. 2068 */ 2069 mp->mnt_kern_flag |= MNTK_RECURSE; 2070 mp->mnt_upper_pending++; 2071 TAILQ_FOREACH(upper, &mp->mnt_uppers, mnt_upper_link) { 2072 retries = upper->mp->mnt_unmount_retries; 2073 if (retries > deferred_unmount_retry_limit) { 2074 error = EBUSY; 2075 continue; 2076 } 2077 MNT_IUNLOCK(mp); 2078 2079 vfs_ref(upper->mp); 2080 if (!deferred_unmount_enqueue(upper->mp, flags, 2081 false, 0)) 2082 vfs_rel(upper->mp); 2083 MNT_ILOCK(mp); 2084 } 2085 mp->mnt_upper_pending--; 2086 if ((mp->mnt_kern_flag & MNTK_UPPER_WAITER) != 0 && 2087 mp->mnt_upper_pending == 0) { 2088 mp->mnt_kern_flag &= ~MNTK_UPPER_WAITER; 2089 wakeup(&mp->mnt_uppers); 2090 } 2091 2092 /* 2093 * If we're not on the taskqueue, wait until the uppers list 2094 * is drained before proceeding with unmount. Otherwise, if 2095 * we are on the taskqueue and there are still pending uppers, 2096 * just re-enqueue on the end of the taskqueue. 2097 */ 2098 if ((flags & MNT_DEFERRED) == 0) { 2099 while (error == 0 && !TAILQ_EMPTY(&mp->mnt_uppers)) { 2100 mp->mnt_kern_flag |= MNTK_TASKQUEUE_WAITER; 2101 error = msleep(&mp->mnt_taskqueue_link, 2102 MNT_MTX(mp), PCATCH, "umntqw", 0); 2103 } 2104 if (error != 0) { 2105 MNT_REL(mp); 2106 MNT_IUNLOCK(mp); 2107 return (error); 2108 } 2109 } else if (!TAILQ_EMPTY(&mp->mnt_uppers)) { 2110 MNT_IUNLOCK(mp); 2111 if (error == 0) 2112 deferred_unmount_enqueue(mp, flags, true, 0); 2113 return (error); 2114 } 2115 MNT_IUNLOCK(mp); 2116 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers not empty")); 2117 } 2118 2119 /* Allow the taskqueue to safely re-enqueue on failure */ 2120 if ((flags & MNT_DEFERRED) != 0) 2121 vfs_ref(mp); 2122 2123 if ((coveredvp = mp->mnt_vnodecovered) != NULL) { 2124 mnt_gen_r = mp->mnt_gen; 2125 VI_LOCK(coveredvp); 2126 vholdl(coveredvp); 2127 vn_lock(coveredvp, LK_EXCLUSIVE | LK_INTERLOCK | LK_RETRY); 2128 /* 2129 * Check for mp being unmounted while waiting for the 2130 * covered vnode lock. 2131 */ 2132 if (coveredvp->v_mountedhere != mp || 2133 coveredvp->v_mountedhere->mnt_gen != mnt_gen_r) { 2134 VOP_UNLOCK(coveredvp); 2135 vdrop(coveredvp); 2136 vfs_rel(mp); 2137 return (EBUSY); 2138 } 2139 } 2140 2141 vfs_op_enter(mp); 2142 2143 vn_start_write(NULL, &mp, V_WAIT | V_MNTREF); 2144 MNT_ILOCK(mp); 2145 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0 || 2146 (mp->mnt_flag & MNT_UPDATE) != 0 || 2147 !TAILQ_EMPTY(&mp->mnt_uppers)) { 2148 dounmount_cleanup(mp, coveredvp, 0); 2149 return (EBUSY); 2150 } 2151 mp->mnt_kern_flag |= MNTK_UNMOUNT; 2152 rootvp = vfs_cache_root_clear(mp); 2153 if (coveredvp != NULL) 2154 vn_seqc_write_begin(coveredvp); 2155 if (flags & MNT_NONBUSY) { 2156 MNT_IUNLOCK(mp); 2157 error = vfs_check_usecounts(mp); 2158 MNT_ILOCK(mp); 2159 if (error != 0) { 2160 vn_seqc_write_end(coveredvp); 2161 dounmount_cleanup(mp, coveredvp, MNTK_UNMOUNT); 2162 if (rootvp != NULL) { 2163 vn_seqc_write_end(rootvp); 2164 vrele(rootvp); 2165 } 2166 return (error); 2167 } 2168 } 2169 /* Allow filesystems to detect that a forced unmount is in progress. */ 2170 if (flags & MNT_FORCE) { 2171 mp->mnt_kern_flag |= MNTK_UNMOUNTF; 2172 MNT_IUNLOCK(mp); 2173 /* 2174 * Must be done after setting MNTK_UNMOUNTF and before 2175 * waiting for mnt_lockref to become 0. 2176 */ 2177 VFS_PURGE(mp); 2178 MNT_ILOCK(mp); 2179 } 2180 error = 0; 2181 if (mp->mnt_lockref) { 2182 mp->mnt_kern_flag |= MNTK_DRAINING; 2183 error = msleep(&mp->mnt_lockref, MNT_MTX(mp), PVFS, 2184 "mount drain", 0); 2185 } 2186 MNT_IUNLOCK(mp); 2187 KASSERT(mp->mnt_lockref == 0, 2188 ("%s: invalid lock refcount in the drain path @ %s:%d", 2189 __func__, __FILE__, __LINE__)); 2190 KASSERT(error == 0, 2191 ("%s: invalid return value for msleep in the drain path @ %s:%d", 2192 __func__, __FILE__, __LINE__)); 2193 2194 /* 2195 * We want to keep the vnode around so that we can vn_seqc_write_end 2196 * after we are done with unmount. Downgrade our reference to a mere 2197 * hold count so that we don't interefere with anything. 2198 */ 2199 if (rootvp != NULL) { 2200 vhold(rootvp); 2201 vrele(rootvp); 2202 } 2203 2204 if (mp->mnt_flag & MNT_EXPUBLIC) 2205 vfs_setpublicfs(NULL, NULL, NULL); 2206 2207 vfs_periodic(mp, MNT_WAIT); 2208 MNT_ILOCK(mp); 2209 async_flag = mp->mnt_flag & MNT_ASYNC; 2210 mp->mnt_flag &= ~MNT_ASYNC; 2211 mp->mnt_kern_flag &= ~MNTK_ASYNC; 2212 MNT_IUNLOCK(mp); 2213 vfs_deallocate_syncvnode(mp); 2214 error = VFS_UNMOUNT(mp, flags); 2215 vn_finished_write(mp); 2216 /* 2217 * If we failed to flush the dirty blocks for this mount point, 2218 * undo all the cdir/rdir and rootvnode changes we made above. 2219 * Unless we failed to do so because the device is reporting that 2220 * it doesn't exist anymore. 2221 */ 2222 if (error && error != ENXIO) { 2223 MNT_ILOCK(mp); 2224 if ((mp->mnt_flag & MNT_RDONLY) == 0) { 2225 MNT_IUNLOCK(mp); 2226 vfs_allocate_syncvnode(mp); 2227 MNT_ILOCK(mp); 2228 } 2229 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF); 2230 mp->mnt_flag |= async_flag; 2231 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 2232 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 2233 mp->mnt_kern_flag |= MNTK_ASYNC; 2234 if (mp->mnt_kern_flag & MNTK_MWAIT) { 2235 mp->mnt_kern_flag &= ~MNTK_MWAIT; 2236 wakeup(mp); 2237 } 2238 vfs_op_exit_locked(mp); 2239 MNT_IUNLOCK(mp); 2240 if (coveredvp) { 2241 vn_seqc_write_end(coveredvp); 2242 VOP_UNLOCK(coveredvp); 2243 vdrop(coveredvp); 2244 } 2245 if (rootvp != NULL) { 2246 vn_seqc_write_end(rootvp); 2247 vdrop(rootvp); 2248 } 2249 return (error); 2250 } 2251 2252 mtx_lock(&mountlist_mtx); 2253 TAILQ_REMOVE(&mountlist, mp, mnt_list); 2254 mtx_unlock(&mountlist_mtx); 2255 EVENTHANDLER_DIRECT_INVOKE(vfs_unmounted, mp, td); 2256 if (coveredvp != NULL) { 2257 VI_LOCK(coveredvp); 2258 vn_irflag_unset_locked(coveredvp, VIRF_MOUNTPOINT); 2259 coveredvp->v_mountedhere = NULL; 2260 vn_seqc_write_end_locked(coveredvp); 2261 VI_UNLOCK(coveredvp); 2262 VOP_UNLOCK(coveredvp); 2263 vdrop(coveredvp); 2264 } 2265 mount_devctl_event("UNMOUNT", mp, false); 2266 if (rootvp != NULL) { 2267 vn_seqc_write_end(rootvp); 2268 vdrop(rootvp); 2269 } 2270 vfs_event_signal(NULL, VQ_UNMOUNT, 0); 2271 if (rootvnode != NULL && mp == rootvnode->v_mount) { 2272 vrele(rootvnode); 2273 rootvnode = NULL; 2274 } 2275 if (mp == rootdevmp) 2276 rootdevmp = NULL; 2277 if ((flags & MNT_DEFERRED) != 0) 2278 vfs_rel(mp); 2279 vfs_mount_destroy(mp); 2280 return (0); 2281 } 2282 2283 /* 2284 * Report errors during filesystem mounting. 2285 */ 2286 void 2287 vfs_mount_error(struct mount *mp, const char *fmt, ...) 2288 { 2289 struct vfsoptlist *moptlist = mp->mnt_optnew; 2290 va_list ap; 2291 int error, len; 2292 char *errmsg; 2293 2294 error = vfs_getopt(moptlist, "errmsg", (void **)&errmsg, &len); 2295 if (error || errmsg == NULL || len <= 0) 2296 return; 2297 2298 va_start(ap, fmt); 2299 vsnprintf(errmsg, (size_t)len, fmt, ap); 2300 va_end(ap); 2301 } 2302 2303 void 2304 vfs_opterror(struct vfsoptlist *opts, const char *fmt, ...) 2305 { 2306 va_list ap; 2307 int error, len; 2308 char *errmsg; 2309 2310 error = vfs_getopt(opts, "errmsg", (void **)&errmsg, &len); 2311 if (error || errmsg == NULL || len <= 0) 2312 return; 2313 2314 va_start(ap, fmt); 2315 vsnprintf(errmsg, (size_t)len, fmt, ap); 2316 va_end(ap); 2317 } 2318 2319 /* 2320 * --------------------------------------------------------------------- 2321 * Functions for querying mount options/arguments from filesystems. 2322 */ 2323 2324 /* 2325 * Check that no unknown options are given 2326 */ 2327 int 2328 vfs_filteropt(struct vfsoptlist *opts, const char **legal) 2329 { 2330 struct vfsopt *opt; 2331 char errmsg[255]; 2332 const char **t, *p, *q; 2333 int ret = 0; 2334 2335 TAILQ_FOREACH(opt, opts, link) { 2336 p = opt->name; 2337 q = NULL; 2338 if (p[0] == 'n' && p[1] == 'o') 2339 q = p + 2; 2340 for(t = global_opts; *t != NULL; t++) { 2341 if (strcmp(*t, p) == 0) 2342 break; 2343 if (q != NULL) { 2344 if (strcmp(*t, q) == 0) 2345 break; 2346 } 2347 } 2348 if (*t != NULL) 2349 continue; 2350 for(t = legal; *t != NULL; t++) { 2351 if (strcmp(*t, p) == 0) 2352 break; 2353 if (q != NULL) { 2354 if (strcmp(*t, q) == 0) 2355 break; 2356 } 2357 } 2358 if (*t != NULL) 2359 continue; 2360 snprintf(errmsg, sizeof(errmsg), 2361 "mount option <%s> is unknown", p); 2362 ret = EINVAL; 2363 } 2364 if (ret != 0) { 2365 TAILQ_FOREACH(opt, opts, link) { 2366 if (strcmp(opt->name, "errmsg") == 0) { 2367 strncpy((char *)opt->value, errmsg, opt->len); 2368 break; 2369 } 2370 } 2371 if (opt == NULL) 2372 printf("%s\n", errmsg); 2373 } 2374 return (ret); 2375 } 2376 2377 /* 2378 * Get a mount option by its name. 2379 * 2380 * Return 0 if the option was found, ENOENT otherwise. 2381 * If len is non-NULL it will be filled with the length 2382 * of the option. If buf is non-NULL, it will be filled 2383 * with the address of the option. 2384 */ 2385 int 2386 vfs_getopt(struct vfsoptlist *opts, const char *name, void **buf, int *len) 2387 { 2388 struct vfsopt *opt; 2389 2390 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL")); 2391 2392 TAILQ_FOREACH(opt, opts, link) { 2393 if (strcmp(name, opt->name) == 0) { 2394 opt->seen = 1; 2395 if (len != NULL) 2396 *len = opt->len; 2397 if (buf != NULL) 2398 *buf = opt->value; 2399 return (0); 2400 } 2401 } 2402 return (ENOENT); 2403 } 2404 2405 int 2406 vfs_getopt_pos(struct vfsoptlist *opts, const char *name) 2407 { 2408 struct vfsopt *opt; 2409 2410 if (opts == NULL) 2411 return (-1); 2412 2413 TAILQ_FOREACH(opt, opts, link) { 2414 if (strcmp(name, opt->name) == 0) { 2415 opt->seen = 1; 2416 return (opt->pos); 2417 } 2418 } 2419 return (-1); 2420 } 2421 2422 int 2423 vfs_getopt_size(struct vfsoptlist *opts, const char *name, off_t *value) 2424 { 2425 char *opt_value, *vtp; 2426 quad_t iv; 2427 int error, opt_len; 2428 2429 error = vfs_getopt(opts, name, (void **)&opt_value, &opt_len); 2430 if (error != 0) 2431 return (error); 2432 if (opt_len == 0 || opt_value == NULL) 2433 return (EINVAL); 2434 if (opt_value[0] == '\0' || opt_value[opt_len - 1] != '\0') 2435 return (EINVAL); 2436 iv = strtoq(opt_value, &vtp, 0); 2437 if (vtp == opt_value || (vtp[0] != '\0' && vtp[1] != '\0')) 2438 return (EINVAL); 2439 if (iv < 0) 2440 return (EINVAL); 2441 switch (vtp[0]) { 2442 case 't': case 'T': 2443 iv *= 1024; 2444 /* FALLTHROUGH */ 2445 case 'g': case 'G': 2446 iv *= 1024; 2447 /* FALLTHROUGH */ 2448 case 'm': case 'M': 2449 iv *= 1024; 2450 /* FALLTHROUGH */ 2451 case 'k': case 'K': 2452 iv *= 1024; 2453 case '\0': 2454 break; 2455 default: 2456 return (EINVAL); 2457 } 2458 *value = iv; 2459 2460 return (0); 2461 } 2462 2463 char * 2464 vfs_getopts(struct vfsoptlist *opts, const char *name, int *error) 2465 { 2466 struct vfsopt *opt; 2467 2468 *error = 0; 2469 TAILQ_FOREACH(opt, opts, link) { 2470 if (strcmp(name, opt->name) != 0) 2471 continue; 2472 opt->seen = 1; 2473 if (opt->len == 0 || 2474 ((char *)opt->value)[opt->len - 1] != '\0') { 2475 *error = EINVAL; 2476 return (NULL); 2477 } 2478 return (opt->value); 2479 } 2480 *error = ENOENT; 2481 return (NULL); 2482 } 2483 2484 int 2485 vfs_flagopt(struct vfsoptlist *opts, const char *name, uint64_t *w, 2486 uint64_t val) 2487 { 2488 struct vfsopt *opt; 2489 2490 TAILQ_FOREACH(opt, opts, link) { 2491 if (strcmp(name, opt->name) == 0) { 2492 opt->seen = 1; 2493 if (w != NULL) 2494 *w |= val; 2495 return (1); 2496 } 2497 } 2498 if (w != NULL) 2499 *w &= ~val; 2500 return (0); 2501 } 2502 2503 int 2504 vfs_scanopt(struct vfsoptlist *opts, const char *name, const char *fmt, ...) 2505 { 2506 va_list ap; 2507 struct vfsopt *opt; 2508 int ret; 2509 2510 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL")); 2511 2512 TAILQ_FOREACH(opt, opts, link) { 2513 if (strcmp(name, opt->name) != 0) 2514 continue; 2515 opt->seen = 1; 2516 if (opt->len == 0 || opt->value == NULL) 2517 return (0); 2518 if (((char *)opt->value)[opt->len - 1] != '\0') 2519 return (0); 2520 va_start(ap, fmt); 2521 ret = vsscanf(opt->value, fmt, ap); 2522 va_end(ap); 2523 return (ret); 2524 } 2525 return (0); 2526 } 2527 2528 int 2529 vfs_setopt(struct vfsoptlist *opts, const char *name, void *value, int len) 2530 { 2531 struct vfsopt *opt; 2532 2533 TAILQ_FOREACH(opt, opts, link) { 2534 if (strcmp(name, opt->name) != 0) 2535 continue; 2536 opt->seen = 1; 2537 if (opt->value == NULL) 2538 opt->len = len; 2539 else { 2540 if (opt->len != len) 2541 return (EINVAL); 2542 bcopy(value, opt->value, len); 2543 } 2544 return (0); 2545 } 2546 return (ENOENT); 2547 } 2548 2549 int 2550 vfs_setopt_part(struct vfsoptlist *opts, const char *name, void *value, int len) 2551 { 2552 struct vfsopt *opt; 2553 2554 TAILQ_FOREACH(opt, opts, link) { 2555 if (strcmp(name, opt->name) != 0) 2556 continue; 2557 opt->seen = 1; 2558 if (opt->value == NULL) 2559 opt->len = len; 2560 else { 2561 if (opt->len < len) 2562 return (EINVAL); 2563 opt->len = len; 2564 bcopy(value, opt->value, len); 2565 } 2566 return (0); 2567 } 2568 return (ENOENT); 2569 } 2570 2571 int 2572 vfs_setopts(struct vfsoptlist *opts, const char *name, const char *value) 2573 { 2574 struct vfsopt *opt; 2575 2576 TAILQ_FOREACH(opt, opts, link) { 2577 if (strcmp(name, opt->name) != 0) 2578 continue; 2579 opt->seen = 1; 2580 if (opt->value == NULL) 2581 opt->len = strlen(value) + 1; 2582 else if (strlcpy(opt->value, value, opt->len) >= opt->len) 2583 return (EINVAL); 2584 return (0); 2585 } 2586 return (ENOENT); 2587 } 2588 2589 /* 2590 * Find and copy a mount option. 2591 * 2592 * The size of the buffer has to be specified 2593 * in len, if it is not the same length as the 2594 * mount option, EINVAL is returned. 2595 * Returns ENOENT if the option is not found. 2596 */ 2597 int 2598 vfs_copyopt(struct vfsoptlist *opts, const char *name, void *dest, int len) 2599 { 2600 struct vfsopt *opt; 2601 2602 KASSERT(opts != NULL, ("vfs_copyopt: caller passed 'opts' as NULL")); 2603 2604 TAILQ_FOREACH(opt, opts, link) { 2605 if (strcmp(name, opt->name) == 0) { 2606 opt->seen = 1; 2607 if (len != opt->len) 2608 return (EINVAL); 2609 bcopy(opt->value, dest, opt->len); 2610 return (0); 2611 } 2612 } 2613 return (ENOENT); 2614 } 2615 2616 int 2617 __vfs_statfs(struct mount *mp, struct statfs *sbp) 2618 { 2619 2620 /* 2621 * Filesystems only fill in part of the structure for updates, we 2622 * have to read the entirety first to get all content. 2623 */ 2624 if (sbp != &mp->mnt_stat) 2625 memcpy(sbp, &mp->mnt_stat, sizeof(*sbp)); 2626 2627 /* 2628 * Set these in case the underlying filesystem fails to do so. 2629 */ 2630 sbp->f_version = STATFS_VERSION; 2631 sbp->f_namemax = NAME_MAX; 2632 sbp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; 2633 2634 return (mp->mnt_op->vfs_statfs(mp, sbp)); 2635 } 2636 2637 void 2638 vfs_mountedfrom(struct mount *mp, const char *from) 2639 { 2640 2641 bzero(mp->mnt_stat.f_mntfromname, sizeof mp->mnt_stat.f_mntfromname); 2642 strlcpy(mp->mnt_stat.f_mntfromname, from, 2643 sizeof mp->mnt_stat.f_mntfromname); 2644 } 2645 2646 /* 2647 * --------------------------------------------------------------------- 2648 * This is the api for building mount args and mounting filesystems from 2649 * inside the kernel. 2650 * 2651 * The API works by accumulation of individual args. First error is 2652 * latched. 2653 * 2654 * XXX: should be documented in new manpage kernel_mount(9) 2655 */ 2656 2657 /* A memory allocation which must be freed when we are done */ 2658 struct mntaarg { 2659 SLIST_ENTRY(mntaarg) next; 2660 }; 2661 2662 /* The header for the mount arguments */ 2663 struct mntarg { 2664 struct iovec *v; 2665 int len; 2666 int error; 2667 SLIST_HEAD(, mntaarg) list; 2668 }; 2669 2670 /* 2671 * Add a boolean argument. 2672 * 2673 * flag is the boolean value. 2674 * name must start with "no". 2675 */ 2676 struct mntarg * 2677 mount_argb(struct mntarg *ma, int flag, const char *name) 2678 { 2679 2680 KASSERT(name[0] == 'n' && name[1] == 'o', 2681 ("mount_argb(...,%s): name must start with 'no'", name)); 2682 2683 return (mount_arg(ma, name + (flag ? 2 : 0), NULL, 0)); 2684 } 2685 2686 /* 2687 * Add an argument printf style 2688 */ 2689 struct mntarg * 2690 mount_argf(struct mntarg *ma, const char *name, const char *fmt, ...) 2691 { 2692 va_list ap; 2693 struct mntaarg *maa; 2694 struct sbuf *sb; 2695 int len; 2696 2697 if (ma == NULL) { 2698 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2699 SLIST_INIT(&ma->list); 2700 } 2701 if (ma->error) 2702 return (ma); 2703 2704 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2), 2705 M_MOUNT, M_WAITOK); 2706 ma->v[ma->len].iov_base = (void *)(uintptr_t)name; 2707 ma->v[ma->len].iov_len = strlen(name) + 1; 2708 ma->len++; 2709 2710 sb = sbuf_new_auto(); 2711 va_start(ap, fmt); 2712 sbuf_vprintf(sb, fmt, ap); 2713 va_end(ap); 2714 sbuf_finish(sb); 2715 len = sbuf_len(sb) + 1; 2716 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO); 2717 SLIST_INSERT_HEAD(&ma->list, maa, next); 2718 bcopy(sbuf_data(sb), maa + 1, len); 2719 sbuf_delete(sb); 2720 2721 ma->v[ma->len].iov_base = maa + 1; 2722 ma->v[ma->len].iov_len = len; 2723 ma->len++; 2724 2725 return (ma); 2726 } 2727 2728 /* 2729 * Add an argument which is a userland string. 2730 */ 2731 struct mntarg * 2732 mount_argsu(struct mntarg *ma, const char *name, const void *val, int len) 2733 { 2734 struct mntaarg *maa; 2735 char *tbuf; 2736 2737 if (val == NULL) 2738 return (ma); 2739 if (ma == NULL) { 2740 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2741 SLIST_INIT(&ma->list); 2742 } 2743 if (ma->error) 2744 return (ma); 2745 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO); 2746 SLIST_INSERT_HEAD(&ma->list, maa, next); 2747 tbuf = (void *)(maa + 1); 2748 ma->error = copyinstr(val, tbuf, len, NULL); 2749 return (mount_arg(ma, name, tbuf, -1)); 2750 } 2751 2752 /* 2753 * Plain argument. 2754 * 2755 * If length is -1, treat value as a C string. 2756 */ 2757 struct mntarg * 2758 mount_arg(struct mntarg *ma, const char *name, const void *val, int len) 2759 { 2760 2761 if (ma == NULL) { 2762 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2763 SLIST_INIT(&ma->list); 2764 } 2765 if (ma->error) 2766 return (ma); 2767 2768 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2), 2769 M_MOUNT, M_WAITOK); 2770 ma->v[ma->len].iov_base = (void *)(uintptr_t)name; 2771 ma->v[ma->len].iov_len = strlen(name) + 1; 2772 ma->len++; 2773 2774 ma->v[ma->len].iov_base = (void *)(uintptr_t)val; 2775 if (len < 0) 2776 ma->v[ma->len].iov_len = strlen(val) + 1; 2777 else 2778 ma->v[ma->len].iov_len = len; 2779 ma->len++; 2780 return (ma); 2781 } 2782 2783 /* 2784 * Free a mntarg structure 2785 */ 2786 static void 2787 free_mntarg(struct mntarg *ma) 2788 { 2789 struct mntaarg *maa; 2790 2791 while (!SLIST_EMPTY(&ma->list)) { 2792 maa = SLIST_FIRST(&ma->list); 2793 SLIST_REMOVE_HEAD(&ma->list, next); 2794 free(maa, M_MOUNT); 2795 } 2796 free(ma->v, M_MOUNT); 2797 free(ma, M_MOUNT); 2798 } 2799 2800 /* 2801 * Mount a filesystem 2802 */ 2803 int 2804 kernel_mount(struct mntarg *ma, uint64_t flags) 2805 { 2806 struct uio auio; 2807 int error; 2808 2809 KASSERT(ma != NULL, ("kernel_mount NULL ma")); 2810 KASSERT(ma->v != NULL, ("kernel_mount NULL ma->v")); 2811 KASSERT(!(ma->len & 1), ("kernel_mount odd ma->len (%d)", ma->len)); 2812 2813 auio.uio_iov = ma->v; 2814 auio.uio_iovcnt = ma->len; 2815 auio.uio_segflg = UIO_SYSSPACE; 2816 2817 error = ma->error; 2818 if (!error) 2819 error = vfs_donmount(curthread, flags, &auio); 2820 free_mntarg(ma); 2821 return (error); 2822 } 2823 2824 /* 2825 * A printflike function to mount a filesystem. 2826 */ 2827 int 2828 kernel_vmount(int flags, ...) 2829 { 2830 struct mntarg *ma = NULL; 2831 va_list ap; 2832 const char *cp; 2833 const void *vp; 2834 int error; 2835 2836 va_start(ap, flags); 2837 for (;;) { 2838 cp = va_arg(ap, const char *); 2839 if (cp == NULL) 2840 break; 2841 vp = va_arg(ap, const void *); 2842 ma = mount_arg(ma, cp, vp, (vp != NULL ? -1 : 0)); 2843 } 2844 va_end(ap); 2845 2846 error = kernel_mount(ma, flags); 2847 return (error); 2848 } 2849 2850 /* Map from mount options to printable formats. */ 2851 static struct mntoptnames optnames[] = { 2852 MNTOPT_NAMES 2853 }; 2854 2855 #define DEVCTL_LEN 1024 2856 static void 2857 mount_devctl_event(const char *type, struct mount *mp, bool donew) 2858 { 2859 const uint8_t *cp; 2860 struct mntoptnames *fp; 2861 struct sbuf sb; 2862 struct statfs *sfp = &mp->mnt_stat; 2863 char *buf; 2864 2865 buf = malloc(DEVCTL_LEN, M_MOUNT, M_NOWAIT); 2866 if (buf == NULL) 2867 return; 2868 sbuf_new(&sb, buf, DEVCTL_LEN, SBUF_FIXEDLEN); 2869 sbuf_cpy(&sb, "mount-point=\""); 2870 devctl_safe_quote_sb(&sb, sfp->f_mntonname); 2871 sbuf_cat(&sb, "\" mount-dev=\""); 2872 devctl_safe_quote_sb(&sb, sfp->f_mntfromname); 2873 sbuf_cat(&sb, "\" mount-type=\""); 2874 devctl_safe_quote_sb(&sb, sfp->f_fstypename); 2875 sbuf_cat(&sb, "\" fsid=0x"); 2876 cp = (const uint8_t *)&sfp->f_fsid.val[0]; 2877 for (int i = 0; i < sizeof(sfp->f_fsid); i++) 2878 sbuf_printf(&sb, "%02x", cp[i]); 2879 sbuf_printf(&sb, " owner=%u flags=\"", sfp->f_owner); 2880 for (fp = optnames; fp->o_opt != 0; fp++) { 2881 if ((mp->mnt_flag & fp->o_opt) != 0) { 2882 sbuf_cat(&sb, fp->o_name); 2883 sbuf_putc(&sb, ';'); 2884 } 2885 } 2886 sbuf_putc(&sb, '"'); 2887 sbuf_finish(&sb); 2888 2889 /* 2890 * Options are not published because the form of the options depends on 2891 * the file system and may include binary data. In addition, they don't 2892 * necessarily provide enough useful information to be actionable when 2893 * devd processes them. 2894 */ 2895 2896 if (sbuf_error(&sb) == 0) 2897 devctl_notify("VFS", "FS", type, sbuf_data(&sb)); 2898 sbuf_delete(&sb); 2899 free(buf, M_MOUNT); 2900 } 2901 2902 /* 2903 * Suspend write operations on all local writeable filesystems. Does 2904 * full sync of them in the process. 2905 * 2906 * Iterate over the mount points in reverse order, suspending most 2907 * recently mounted filesystems first. It handles a case where a 2908 * filesystem mounted from a md(4) vnode-backed device should be 2909 * suspended before the filesystem that owns the vnode. 2910 */ 2911 void 2912 suspend_all_fs(void) 2913 { 2914 struct mount *mp; 2915 int error; 2916 2917 mtx_lock(&mountlist_mtx); 2918 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 2919 error = vfs_busy(mp, MBF_MNTLSTLOCK | MBF_NOWAIT); 2920 if (error != 0) 2921 continue; 2922 if ((mp->mnt_flag & (MNT_RDONLY | MNT_LOCAL)) != MNT_LOCAL || 2923 (mp->mnt_kern_flag & MNTK_SUSPEND) != 0) { 2924 mtx_lock(&mountlist_mtx); 2925 vfs_unbusy(mp); 2926 continue; 2927 } 2928 error = vfs_write_suspend(mp, 0); 2929 if (error == 0) { 2930 MNT_ILOCK(mp); 2931 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0); 2932 mp->mnt_kern_flag |= MNTK_SUSPEND_ALL; 2933 MNT_IUNLOCK(mp); 2934 mtx_lock(&mountlist_mtx); 2935 } else { 2936 printf("suspend of %s failed, error %d\n", 2937 mp->mnt_stat.f_mntonname, error); 2938 mtx_lock(&mountlist_mtx); 2939 vfs_unbusy(mp); 2940 } 2941 } 2942 mtx_unlock(&mountlist_mtx); 2943 } 2944 2945 void 2946 resume_all_fs(void) 2947 { 2948 struct mount *mp; 2949 2950 mtx_lock(&mountlist_mtx); 2951 TAILQ_FOREACH(mp, &mountlist, mnt_list) { 2952 if ((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0) 2953 continue; 2954 mtx_unlock(&mountlist_mtx); 2955 MNT_ILOCK(mp); 2956 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND) != 0); 2957 mp->mnt_kern_flag &= ~MNTK_SUSPEND_ALL; 2958 MNT_IUNLOCK(mp); 2959 vfs_write_resume(mp, 0); 2960 mtx_lock(&mountlist_mtx); 2961 vfs_unbusy(mp); 2962 } 2963 mtx_unlock(&mountlist_mtx); 2964 } 2965