1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1999-2004 Poul-Henning Kamp 5 * Copyright (c) 1999 Michael Smith 6 * Copyright (c) 1989, 1993 7 * The Regents of the University of California. All rights reserved. 8 * (c) UNIX System Laboratories, Inc. 9 * All or some portions of this file are derived from material licensed 10 * to the University of California by American Telephone and Telegraph 11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 12 * the permission of UNIX System Laboratories, Inc. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 */ 38 39 #include <sys/param.h> 40 #include <sys/conf.h> 41 #include <sys/smp.h> 42 #include <sys/devctl.h> 43 #include <sys/eventhandler.h> 44 #include <sys/fcntl.h> 45 #include <sys/jail.h> 46 #include <sys/kernel.h> 47 #include <sys/ktr.h> 48 #include <sys/libkern.h> 49 #include <sys/limits.h> 50 #include <sys/malloc.h> 51 #include <sys/mount.h> 52 #include <sys/mutex.h> 53 #include <sys/namei.h> 54 #include <sys/priv.h> 55 #include <sys/proc.h> 56 #include <sys/filedesc.h> 57 #include <sys/reboot.h> 58 #include <sys/sbuf.h> 59 #include <sys/stdarg.h> 60 #include <sys/syscallsubr.h> 61 #include <sys/sysproto.h> 62 #include <sys/sx.h> 63 #include <sys/sysctl.h> 64 #include <sys/systm.h> 65 #include <sys/taskqueue.h> 66 #include <sys/vnode.h> 67 #include <vm/uma.h> 68 69 #include <geom/geom.h> 70 71 #include <security/audit/audit.h> 72 #include <security/mac/mac_framework.h> 73 74 #define VFS_MOUNTARG_SIZE_MAX (1024 * 64) 75 76 static int vfs_domount(struct thread *td, const char *fstype, char *fspath, 77 uint64_t fsflags, bool jail_export, 78 struct vfsoptlist **optlist); 79 static void free_mntarg(struct mntarg *ma); 80 81 static int usermount = 0; 82 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0, 83 "Unprivileged users may mount and unmount file systems"); 84 85 static bool default_autoro = false; 86 SYSCTL_BOOL(_vfs, OID_AUTO, default_autoro, CTLFLAG_RW, &default_autoro, 0, 87 "Retry failed r/w mount as r/o if no explicit ro/rw option is specified"); 88 89 static bool recursive_forced_unmount = false; 90 SYSCTL_BOOL(_vfs, OID_AUTO, recursive_forced_unmount, CTLFLAG_RW, 91 &recursive_forced_unmount, 0, "Recursively unmount stacked upper mounts" 92 " when a file system is forcibly unmounted"); 93 94 static SYSCTL_NODE(_vfs, OID_AUTO, deferred_unmount, 95 CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "deferred unmount controls"); 96 97 static unsigned int deferred_unmount_retry_limit = 10; 98 SYSCTL_UINT(_vfs_deferred_unmount, OID_AUTO, retry_limit, CTLFLAG_RW, 99 &deferred_unmount_retry_limit, 0, 100 "Maximum number of retries for deferred unmount failure"); 101 102 static int deferred_unmount_retry_delay_hz; 103 SYSCTL_INT(_vfs_deferred_unmount, OID_AUTO, retry_delay_hz, CTLFLAG_RW, 104 &deferred_unmount_retry_delay_hz, 0, 105 "Delay in units of [1/kern.hz]s when retrying a failed deferred unmount"); 106 107 static int deferred_unmount_total_retries = 0; 108 SYSCTL_INT(_vfs_deferred_unmount, OID_AUTO, total_retries, CTLFLAG_RD, 109 &deferred_unmount_total_retries, 0, 110 "Total number of retried deferred unmounts"); 111 112 MALLOC_DEFINE(M_MOUNT, "mount", "vfs mount structure"); 113 MALLOC_DEFINE(M_STATFS, "statfs", "statfs structure"); 114 static uma_zone_t mount_zone; 115 116 /* List of mounted filesystems. */ 117 struct mntlist mountlist = TAILQ_HEAD_INITIALIZER(mountlist); 118 119 /* For any iteration/modification of mountlist */ 120 struct mtx_padalign __exclusive_cache_line mountlist_mtx; 121 122 EVENTHANDLER_LIST_DEFINE(vfs_mounted); 123 EVENTHANDLER_LIST_DEFINE(vfs_unmounted); 124 125 static void vfs_deferred_unmount(void *arg, int pending); 126 static struct timeout_task deferred_unmount_task; 127 static struct mtx deferred_unmount_lock; 128 MTX_SYSINIT(deferred_unmount, &deferred_unmount_lock, "deferred_unmount", 129 MTX_DEF); 130 static STAILQ_HEAD(, mount) deferred_unmount_list = 131 STAILQ_HEAD_INITIALIZER(deferred_unmount_list); 132 TASKQUEUE_DEFINE_THREAD(deferred_unmount); 133 134 static void mount_devctl_event(const char *type, struct mount *mp, bool donew); 135 136 /* 137 * Global opts, taken by all filesystems 138 */ 139 static const char *global_opts[] = { 140 "errmsg", 141 "fstype", 142 "fspath", 143 "ro", 144 "rw", 145 "nosuid", 146 "noexec", 147 NULL 148 }; 149 150 static int 151 mount_init(void *mem, int size, int flags) 152 { 153 struct mount *mp; 154 155 mp = (struct mount *)mem; 156 mtx_init(&mp->mnt_mtx, "struct mount mtx", NULL, MTX_DEF); 157 mtx_init(&mp->mnt_listmtx, "struct mount vlist mtx", NULL, MTX_DEF); 158 lockinit(&mp->mnt_explock, PVFS, "explock", 0, 0); 159 lockinit(&mp->mnt_renamelock, PVFS, "rename", 0, 0); 160 mp->mnt_pcpu = uma_zalloc_pcpu(pcpu_zone_16, M_WAITOK | M_ZERO); 161 mp->mnt_ref = 0; 162 mp->mnt_vfs_ops = 1; 163 mp->mnt_rootvnode = NULL; 164 return (0); 165 } 166 167 static void 168 mount_fini(void *mem, int size) 169 { 170 struct mount *mp; 171 172 mp = (struct mount *)mem; 173 uma_zfree_pcpu(pcpu_zone_16, mp->mnt_pcpu); 174 lockdestroy(&mp->mnt_renamelock); 175 lockdestroy(&mp->mnt_explock); 176 mtx_destroy(&mp->mnt_listmtx); 177 mtx_destroy(&mp->mnt_mtx); 178 } 179 180 static void 181 vfs_mount_init(void *dummy __unused) 182 { 183 TIMEOUT_TASK_INIT(taskqueue_deferred_unmount, &deferred_unmount_task, 184 0, vfs_deferred_unmount, NULL); 185 deferred_unmount_retry_delay_hz = hz; 186 mount_zone = uma_zcreate("Mountpoints", sizeof(struct mount), NULL, 187 NULL, mount_init, mount_fini, UMA_ALIGN_CACHE, UMA_ZONE_NOFREE); 188 mtx_init(&mountlist_mtx, "mountlist", NULL, MTX_DEF); 189 } 190 SYSINIT(vfs_mount, SI_SUB_VFS, SI_ORDER_ANY, vfs_mount_init, NULL); 191 192 /* 193 * --------------------------------------------------------------------- 194 * Functions for building and sanitizing the mount options 195 */ 196 197 /* Remove one mount option. */ 198 static void 199 vfs_freeopt(struct vfsoptlist *opts, struct vfsopt *opt) 200 { 201 202 TAILQ_REMOVE(opts, opt, link); 203 free(opt->name, M_MOUNT); 204 if (opt->value != NULL) 205 free(opt->value, M_MOUNT); 206 free(opt, M_MOUNT); 207 } 208 209 /* Release all resources related to the mount options. */ 210 void 211 vfs_freeopts(struct vfsoptlist *opts) 212 { 213 struct vfsopt *opt; 214 215 while (!TAILQ_EMPTY(opts)) { 216 opt = TAILQ_FIRST(opts); 217 vfs_freeopt(opts, opt); 218 } 219 free(opts, M_MOUNT); 220 } 221 222 void 223 vfs_deleteopt(struct vfsoptlist *opts, const char *name) 224 { 225 struct vfsopt *opt, *temp; 226 227 if (opts == NULL) 228 return; 229 TAILQ_FOREACH_SAFE(opt, opts, link, temp) { 230 if (strcmp(opt->name, name) == 0) 231 vfs_freeopt(opts, opt); 232 } 233 } 234 235 static int 236 vfs_isopt_ro(const char *opt) 237 { 238 239 if (strcmp(opt, "ro") == 0 || strcmp(opt, "rdonly") == 0 || 240 strcmp(opt, "norw") == 0) 241 return (1); 242 return (0); 243 } 244 245 static int 246 vfs_isopt_rw(const char *opt) 247 { 248 249 if (strcmp(opt, "rw") == 0 || strcmp(opt, "noro") == 0) 250 return (1); 251 return (0); 252 } 253 254 /* 255 * Check if options are equal (with or without the "no" prefix). 256 */ 257 static int 258 vfs_equalopts(const char *opt1, const char *opt2) 259 { 260 char *p; 261 262 /* "opt" vs. "opt" or "noopt" vs. "noopt" */ 263 if (strcmp(opt1, opt2) == 0) 264 return (1); 265 /* "noopt" vs. "opt" */ 266 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0) 267 return (1); 268 /* "opt" vs. "noopt" */ 269 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0) 270 return (1); 271 while ((p = strchr(opt1, '.')) != NULL && 272 !strncmp(opt1, opt2, ++p - opt1)) { 273 opt2 += p - opt1; 274 opt1 = p; 275 /* "foo.noopt" vs. "foo.opt" */ 276 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0) 277 return (1); 278 /* "foo.opt" vs. "foo.noopt" */ 279 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0) 280 return (1); 281 } 282 /* "ro" / "rdonly" / "norw" / "rw" / "noro" */ 283 if ((vfs_isopt_ro(opt1) || vfs_isopt_rw(opt1)) && 284 (vfs_isopt_ro(opt2) || vfs_isopt_rw(opt2))) 285 return (1); 286 return (0); 287 } 288 289 /* 290 * If a mount option is specified several times, 291 * (with or without the "no" prefix) only keep 292 * the last occurrence of it. 293 */ 294 static void 295 vfs_sanitizeopts(struct vfsoptlist *opts) 296 { 297 struct vfsopt *opt, *opt2, *tmp; 298 299 TAILQ_FOREACH_REVERSE(opt, opts, vfsoptlist, link) { 300 opt2 = TAILQ_PREV(opt, vfsoptlist, link); 301 while (opt2 != NULL) { 302 if (vfs_equalopts(opt->name, opt2->name)) { 303 tmp = TAILQ_PREV(opt2, vfsoptlist, link); 304 vfs_freeopt(opts, opt2); 305 opt2 = tmp; 306 } else { 307 opt2 = TAILQ_PREV(opt2, vfsoptlist, link); 308 } 309 } 310 } 311 } 312 313 /* 314 * Build a linked list of mount options from a struct uio. 315 */ 316 int 317 vfs_buildopts(struct uio *auio, struct vfsoptlist **options) 318 { 319 struct vfsoptlist *opts; 320 struct vfsopt *opt; 321 size_t memused, namelen, optlen; 322 unsigned int i, iovcnt; 323 int error; 324 325 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK); 326 TAILQ_INIT(opts); 327 memused = 0; 328 iovcnt = auio->uio_iovcnt; 329 for (i = 0; i < iovcnt; i += 2) { 330 namelen = auio->uio_iov[i].iov_len; 331 optlen = auio->uio_iov[i + 1].iov_len; 332 memused += sizeof(struct vfsopt) + optlen + namelen; 333 /* 334 * Avoid consuming too much memory, and attempts to overflow 335 * memused. 336 */ 337 if (memused > VFS_MOUNTARG_SIZE_MAX || 338 optlen > VFS_MOUNTARG_SIZE_MAX || 339 namelen > VFS_MOUNTARG_SIZE_MAX) { 340 error = EINVAL; 341 goto bad; 342 } 343 344 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK); 345 opt->name = malloc(namelen, M_MOUNT, M_WAITOK); 346 opt->value = NULL; 347 opt->len = 0; 348 opt->pos = i / 2; 349 opt->seen = 0; 350 351 /* 352 * Do this early, so jumps to "bad" will free the current 353 * option. 354 */ 355 TAILQ_INSERT_TAIL(opts, opt, link); 356 357 if (auio->uio_segflg == UIO_SYSSPACE) { 358 bcopy(auio->uio_iov[i].iov_base, opt->name, namelen); 359 } else { 360 error = copyin(auio->uio_iov[i].iov_base, opt->name, 361 namelen); 362 if (error) 363 goto bad; 364 } 365 /* Ensure names are null-terminated strings. */ 366 if (namelen == 0 || opt->name[namelen - 1] != '\0') { 367 error = EINVAL; 368 goto bad; 369 } 370 if (optlen != 0) { 371 opt->len = optlen; 372 opt->value = malloc(optlen, M_MOUNT, M_WAITOK); 373 if (auio->uio_segflg == UIO_SYSSPACE) { 374 bcopy(auio->uio_iov[i + 1].iov_base, opt->value, 375 optlen); 376 } else { 377 error = copyin(auio->uio_iov[i + 1].iov_base, 378 opt->value, optlen); 379 if (error) 380 goto bad; 381 } 382 } 383 } 384 vfs_sanitizeopts(opts); 385 *options = opts; 386 return (0); 387 bad: 388 vfs_freeopts(opts); 389 return (error); 390 } 391 392 /* 393 * Merge the old mount options with the new ones passed 394 * in the MNT_UPDATE case. 395 * 396 * XXX: This function will keep a "nofoo" option in the new 397 * options. E.g, if the option's canonical name is "foo", 398 * "nofoo" ends up in the mount point's active options. 399 */ 400 static void 401 vfs_mergeopts(struct vfsoptlist *toopts, struct vfsoptlist *oldopts) 402 { 403 struct vfsopt *opt, *new; 404 405 TAILQ_FOREACH(opt, oldopts, link) { 406 new = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK); 407 new->name = strdup(opt->name, M_MOUNT); 408 if (opt->len != 0) { 409 new->value = malloc(opt->len, M_MOUNT, M_WAITOK); 410 bcopy(opt->value, new->value, opt->len); 411 } else 412 new->value = NULL; 413 new->len = opt->len; 414 new->seen = opt->seen; 415 TAILQ_INSERT_HEAD(toopts, new, link); 416 } 417 vfs_sanitizeopts(toopts); 418 } 419 420 /* 421 * Mount a filesystem. 422 */ 423 #ifndef _SYS_SYSPROTO_H_ 424 struct nmount_args { 425 struct iovec *iovp; 426 unsigned int iovcnt; 427 int flags; 428 }; 429 #endif 430 int 431 sys_nmount(struct thread *td, struct nmount_args *uap) 432 { 433 struct uio *auio; 434 int error; 435 u_int iovcnt; 436 uint64_t flags; 437 438 /* 439 * Mount flags are now 64-bits. On 32-bit archtectures only 440 * 32-bits are passed in, but from here on everything handles 441 * 64-bit flags correctly. 442 */ 443 flags = uap->flags; 444 445 AUDIT_ARG_FFLAGS(flags); 446 CTR4(KTR_VFS, "%s: iovp %p with iovcnt %d and flags %d", __func__, 447 uap->iovp, uap->iovcnt, flags); 448 449 /* 450 * Filter out MNT_ROOTFS. We do not want clients of nmount() in 451 * userspace to set this flag, but we must filter it out if we want 452 * MNT_UPDATE on the root file system to work. 453 * MNT_ROOTFS should only be set by the kernel when mounting its 454 * root file system. 455 */ 456 flags &= ~MNT_ROOTFS; 457 458 iovcnt = uap->iovcnt; 459 /* 460 * Check that we have an even number of iovec's 461 * and that we have at least two options. 462 */ 463 if ((iovcnt & 1) || (iovcnt < 4)) { 464 CTR2(KTR_VFS, "%s: failed for invalid iovcnt %d", __func__, 465 uap->iovcnt); 466 return (EINVAL); 467 } 468 469 error = copyinuio(uap->iovp, iovcnt, &auio); 470 if (error) { 471 CTR2(KTR_VFS, "%s: failed for invalid uio op with %d errno", 472 __func__, error); 473 return (error); 474 } 475 error = vfs_donmount(td, flags, auio); 476 477 freeuio(auio); 478 return (error); 479 } 480 481 /* 482 * --------------------------------------------------------------------- 483 * Various utility functions 484 */ 485 486 /* 487 * Get a reference on a mount point from a vnode. 488 * 489 * The vnode is allowed to be passed unlocked and race against dooming. Note in 490 * such case there are no guarantees the referenced mount point will still be 491 * associated with it after the function returns. 492 */ 493 struct mount * 494 vfs_ref_from_vp(struct vnode *vp) 495 { 496 struct mount *mp; 497 struct mount_pcpu *mpcpu; 498 499 mp = atomic_load_ptr(&vp->v_mount); 500 if (__predict_false(mp == NULL)) { 501 return (mp); 502 } 503 if (vfs_op_thread_enter(mp, mpcpu)) { 504 if (__predict_true(mp == vp->v_mount)) { 505 vfs_mp_count_add_pcpu(mpcpu, ref, 1); 506 vfs_op_thread_exit(mp, mpcpu); 507 } else { 508 vfs_op_thread_exit(mp, mpcpu); 509 mp = NULL; 510 } 511 } else { 512 MNT_ILOCK(mp); 513 if (mp == vp->v_mount) { 514 MNT_REF(mp); 515 MNT_IUNLOCK(mp); 516 } else { 517 MNT_IUNLOCK(mp); 518 mp = NULL; 519 } 520 } 521 return (mp); 522 } 523 524 void 525 vfs_ref(struct mount *mp) 526 { 527 struct mount_pcpu *mpcpu; 528 529 CTR2(KTR_VFS, "%s: mp %p", __func__, mp); 530 if (vfs_op_thread_enter(mp, mpcpu)) { 531 vfs_mp_count_add_pcpu(mpcpu, ref, 1); 532 vfs_op_thread_exit(mp, mpcpu); 533 return; 534 } 535 536 MNT_ILOCK(mp); 537 MNT_REF(mp); 538 MNT_IUNLOCK(mp); 539 } 540 541 /* 542 * Register ump as an upper mount of the mount associated with 543 * vnode vp. This registration will be tracked through 544 * mount_upper_node upper, which should be allocated by the 545 * caller and stored in per-mount data associated with mp. 546 * 547 * If successful, this function will return the mount associated 548 * with vp, and will ensure that it cannot be unmounted until 549 * ump has been unregistered as one of its upper mounts. 550 * 551 * Upon failure this function will return NULL. 552 */ 553 struct mount * 554 vfs_register_upper_from_vp(struct vnode *vp, struct mount *ump, 555 struct mount_upper_node *upper) 556 { 557 struct mount *mp; 558 559 mp = atomic_load_ptr(&vp->v_mount); 560 if (mp == NULL) 561 return (NULL); 562 MNT_ILOCK(mp); 563 if (mp != vp->v_mount || 564 ((mp->mnt_kern_flag & (MNTK_UNMOUNT | MNTK_RECURSE)) != 0)) { 565 MNT_IUNLOCK(mp); 566 return (NULL); 567 } 568 KASSERT(ump != mp, ("upper and lower mounts are identical")); 569 upper->mp = ump; 570 MNT_REF(mp); 571 TAILQ_INSERT_TAIL(&mp->mnt_uppers, upper, mnt_upper_link); 572 MNT_IUNLOCK(mp); 573 return (mp); 574 } 575 576 /* 577 * Register upper mount ump to receive vnode unlink/reclaim 578 * notifications from lower mount mp. This registration will 579 * be tracked through mount_upper_node upper, which should be 580 * allocated by the caller and stored in per-mount data 581 * associated with mp. 582 * 583 * ump must already be registered as an upper mount of mp 584 * through a call to vfs_register_upper_from_vp(). 585 */ 586 void 587 vfs_register_for_notification(struct mount *mp, struct mount *ump, 588 struct mount_upper_node *upper) 589 { 590 upper->mp = ump; 591 MNT_ILOCK(mp); 592 TAILQ_INSERT_TAIL(&mp->mnt_notify, upper, mnt_upper_link); 593 MNT_IUNLOCK(mp); 594 } 595 596 static void 597 vfs_drain_upper_locked(struct mount *mp) 598 { 599 mtx_assert(MNT_MTX(mp), MA_OWNED); 600 while (mp->mnt_upper_pending != 0) { 601 mp->mnt_kern_flag |= MNTK_UPPER_WAITER; 602 msleep(&mp->mnt_uppers, MNT_MTX(mp), 0, "mntupw", 0); 603 } 604 } 605 606 /* 607 * Undo a previous call to vfs_register_for_notification(). 608 * The mount represented by upper must be currently registered 609 * as an upper mount for mp. 610 */ 611 void 612 vfs_unregister_for_notification(struct mount *mp, 613 struct mount_upper_node *upper) 614 { 615 MNT_ILOCK(mp); 616 vfs_drain_upper_locked(mp); 617 TAILQ_REMOVE(&mp->mnt_notify, upper, mnt_upper_link); 618 MNT_IUNLOCK(mp); 619 } 620 621 /* 622 * Undo a previous call to vfs_register_upper_from_vp(). 623 * This must be done before mp can be unmounted. 624 */ 625 void 626 vfs_unregister_upper(struct mount *mp, struct mount_upper_node *upper) 627 { 628 MNT_ILOCK(mp); 629 KASSERT((mp->mnt_kern_flag & MNTK_UNMOUNT) == 0, 630 ("registered upper with pending unmount")); 631 vfs_drain_upper_locked(mp); 632 TAILQ_REMOVE(&mp->mnt_uppers, upper, mnt_upper_link); 633 if ((mp->mnt_kern_flag & MNTK_TASKQUEUE_WAITER) != 0 && 634 TAILQ_EMPTY(&mp->mnt_uppers)) { 635 mp->mnt_kern_flag &= ~MNTK_TASKQUEUE_WAITER; 636 wakeup(&mp->mnt_taskqueue_link); 637 } 638 MNT_REL(mp); 639 MNT_IUNLOCK(mp); 640 } 641 642 void 643 vfs_rel(struct mount *mp) 644 { 645 struct mount_pcpu *mpcpu; 646 647 CTR2(KTR_VFS, "%s: mp %p", __func__, mp); 648 if (vfs_op_thread_enter(mp, mpcpu)) { 649 vfs_mp_count_sub_pcpu(mpcpu, ref, 1); 650 vfs_op_thread_exit(mp, mpcpu); 651 return; 652 } 653 654 MNT_ILOCK(mp); 655 MNT_REL(mp); 656 MNT_IUNLOCK(mp); 657 } 658 659 /* 660 * Allocate and initialize the mount point struct. 661 */ 662 struct mount * 663 vfs_mount_alloc(struct vnode *vp, struct vfsconf *vfsp, const char *fspath, 664 struct ucred *cred) 665 { 666 struct mount *mp; 667 668 mp = uma_zalloc(mount_zone, M_WAITOK); 669 bzero(&mp->mnt_startzero, 670 __rangeof(struct mount, mnt_startzero, mnt_endzero)); 671 mp->mnt_kern_flag = 0; 672 mp->mnt_flag = 0; 673 mp->mnt_rootvnode = NULL; 674 mp->mnt_vnodecovered = NULL; 675 mp->mnt_op = NULL; 676 mp->mnt_vfc = NULL; 677 TAILQ_INIT(&mp->mnt_nvnodelist); 678 mp->mnt_nvnodelistsize = 0; 679 TAILQ_INIT(&mp->mnt_lazyvnodelist); 680 mp->mnt_lazyvnodelistsize = 0; 681 MPPASS(mp->mnt_ref == 0 && mp->mnt_lockref == 0 && 682 mp->mnt_writeopcount == 0, mp); 683 MPASSERT(mp->mnt_vfs_ops == 1, mp, 684 ("vfs_ops should be 1 but %d found", mp->mnt_vfs_ops)); 685 (void) vfs_busy(mp, MBF_NOWAIT); 686 mp->mnt_op = vfsp->vfc_vfsops; 687 mp->mnt_vfc = vfsp; 688 mp->mnt_stat.f_type = vfsp->vfc_typenum; 689 mp->mnt_gen++; 690 strlcpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN); 691 mp->mnt_vnodecovered = vp; 692 mp->mnt_cred = crdup(cred); 693 mp->mnt_stat.f_owner = cred->cr_uid; 694 strlcpy(mp->mnt_stat.f_mntonname, fspath, MNAMELEN); 695 mp->mnt_iosize_max = DFLTPHYS; 696 #ifdef MAC 697 mac_mount_init(mp); 698 mac_mount_create(cred, mp); 699 #endif 700 arc4rand(&mp->mnt_hashseed, sizeof mp->mnt_hashseed, 0); 701 mp->mnt_upper_pending = 0; 702 TAILQ_INIT(&mp->mnt_uppers); 703 TAILQ_INIT(&mp->mnt_notify); 704 mp->mnt_taskqueue_flags = 0; 705 mp->mnt_unmount_retries = 0; 706 return (mp); 707 } 708 709 /* 710 * Destroy the mount struct previously allocated by vfs_mount_alloc(). 711 */ 712 void 713 vfs_mount_destroy(struct mount *mp) 714 { 715 716 MPPASS(mp->mnt_vfs_ops != 0, mp); 717 718 vfs_assert_mount_counters(mp); 719 720 MNT_ILOCK(mp); 721 mp->mnt_kern_flag |= MNTK_REFEXPIRE; 722 if (mp->mnt_kern_flag & MNTK_MWAIT) { 723 mp->mnt_kern_flag &= ~MNTK_MWAIT; 724 wakeup(mp); 725 } 726 while (mp->mnt_ref) 727 msleep(mp, MNT_MTX(mp), PVFS, "mntref", 0); 728 KASSERT(mp->mnt_ref == 0, 729 ("%s: invalid refcount in the drain path @ %s:%d", __func__, 730 __FILE__, __LINE__)); 731 MPPASS(mp->mnt_writeopcount == 0, mp); 732 MPPASS(mp->mnt_secondary_writes == 0, mp); 733 if (!TAILQ_EMPTY(&mp->mnt_nvnodelist)) { 734 struct vnode *vp; 735 736 TAILQ_FOREACH(vp, &mp->mnt_nvnodelist, v_nmntvnodes) 737 vn_printf(vp, "dangling vnode "); 738 panic("unmount: dangling vnode"); 739 } 740 KASSERT(mp->mnt_upper_pending == 0, ("mnt_upper_pending")); 741 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers")); 742 KASSERT(TAILQ_EMPTY(&mp->mnt_notify), ("mnt_notify")); 743 MPPASS(mp->mnt_nvnodelistsize == 0, mp); 744 MPPASS(mp->mnt_lazyvnodelistsize == 0, mp); 745 MPPASS(mp->mnt_lockref == 0, mp); 746 MNT_IUNLOCK(mp); 747 748 MPASSERT(mp->mnt_vfs_ops == 1, mp, 749 ("vfs_ops should be 1 but %d found", mp->mnt_vfs_ops)); 750 751 MPASSERT(mp->mnt_rootvnode == NULL, mp, 752 ("mount point still has a root vnode %p", mp->mnt_rootvnode)); 753 754 if (mp->mnt_vnodecovered != NULL) 755 vrele(mp->mnt_vnodecovered); 756 #ifdef MAC 757 mac_mount_destroy(mp); 758 #endif 759 if (mp->mnt_opt != NULL) 760 vfs_freeopts(mp->mnt_opt); 761 if (mp->mnt_exjail != NULL) { 762 atomic_subtract_int(&mp->mnt_exjail->cr_prison->pr_exportcnt, 763 1); 764 crfree(mp->mnt_exjail); 765 } 766 if (mp->mnt_export != NULL) { 767 vfs_free_addrlist(mp->mnt_export); 768 free(mp->mnt_export, M_MOUNT); 769 } 770 vfsconf_lock(); 771 mp->mnt_vfc->vfc_refcount--; 772 vfsconf_unlock(); 773 crfree(mp->mnt_cred); 774 uma_zfree(mount_zone, mp); 775 } 776 777 static bool 778 vfs_should_downgrade_to_ro_mount(uint64_t fsflags, int error) 779 { 780 /* This is an upgrade of an exisiting mount. */ 781 if ((fsflags & MNT_UPDATE) != 0) 782 return (false); 783 /* This is already an R/O mount. */ 784 if ((fsflags & MNT_RDONLY) != 0) 785 return (false); 786 787 switch (error) { 788 case ENODEV: /* generic, geom, ... */ 789 case EACCES: /* cam/scsi, ... */ 790 case EROFS: /* md, mmcsd, ... */ 791 /* 792 * These errors can be returned by the storage layer to signal 793 * that the media is read-only. No harm in the R/O mount 794 * attempt if the error was returned for some other reason. 795 */ 796 return (true); 797 default: 798 return (false); 799 } 800 } 801 802 int 803 vfs_donmount(struct thread *td, uint64_t fsflags, struct uio *fsoptions) 804 { 805 struct vfsoptlist *optlist; 806 struct vfsopt *opt, *tmp_opt; 807 char *fstype, *fspath, *errmsg; 808 int error, fstypelen, fspathlen, errmsg_len, errmsg_pos; 809 bool autoro, has_nonexport, jail_export; 810 811 errmsg = fspath = NULL; 812 errmsg_len = fspathlen = 0; 813 errmsg_pos = -1; 814 autoro = default_autoro; 815 816 error = vfs_buildopts(fsoptions, &optlist); 817 if (error) 818 return (error); 819 820 if (vfs_getopt(optlist, "errmsg", (void **)&errmsg, &errmsg_len) == 0) 821 errmsg_pos = vfs_getopt_pos(optlist, "errmsg"); 822 823 /* 824 * We need these two options before the others, 825 * and they are mandatory for any filesystem. 826 * Ensure they are NUL terminated as well. 827 */ 828 fstypelen = 0; 829 error = vfs_getopt(optlist, "fstype", (void **)&fstype, &fstypelen); 830 if (error || fstypelen <= 0 || fstype[fstypelen - 1] != '\0') { 831 error = EINVAL; 832 if (errmsg != NULL) 833 strncpy(errmsg, "Invalid fstype", errmsg_len); 834 goto bail; 835 } 836 fspathlen = 0; 837 error = vfs_getopt(optlist, "fspath", (void **)&fspath, &fspathlen); 838 if (error || fspathlen <= 0 || fspath[fspathlen - 1] != '\0') { 839 error = EINVAL; 840 if (errmsg != NULL) 841 strncpy(errmsg, "Invalid fspath", errmsg_len); 842 goto bail; 843 } 844 845 /* 846 * Check to see that "export" is only used with the "update", "fstype", 847 * "fspath", "from" and "errmsg" options when in a vnet jail. 848 * These are the ones used to set/update exports by mountd(8). 849 * If only the above options are set in a jail that can run mountd(8), 850 * then the jail_export argument of vfs_domount() will be true. 851 * When jail_export is true, the vfs_suser() check does not cause 852 * failure, but limits the update to exports only. 853 * This allows mountd(8) running within the vnet jail 854 * to export file systems visible within the jail, but 855 * mounted outside of the jail. 856 */ 857 /* 858 * We need to see if we have the "update" option 859 * before we call vfs_domount(), since vfs_domount() has special 860 * logic based on MNT_UPDATE. This is very important 861 * when we want to update the root filesystem. 862 */ 863 has_nonexport = false; 864 jail_export = false; 865 TAILQ_FOREACH_SAFE(opt, optlist, link, tmp_opt) { 866 int do_freeopt = 0; 867 868 if (jailed(td->td_ucred) && 869 strcmp(opt->name, "export") != 0 && 870 strcmp(opt->name, "update") != 0 && 871 strcmp(opt->name, "fstype") != 0 && 872 strcmp(opt->name, "fspath") != 0 && 873 strcmp(opt->name, "from") != 0 && 874 strcmp(opt->name, "errmsg") != 0) 875 has_nonexport = true; 876 if (strcmp(opt->name, "update") == 0) { 877 fsflags |= MNT_UPDATE; 878 do_freeopt = 1; 879 } 880 else if (strcmp(opt->name, "async") == 0) 881 fsflags |= MNT_ASYNC; 882 else if (strcmp(opt->name, "force") == 0) { 883 fsflags |= MNT_FORCE; 884 do_freeopt = 1; 885 } 886 else if (strcmp(opt->name, "reload") == 0) { 887 fsflags |= MNT_RELOAD; 888 do_freeopt = 1; 889 } 890 else if (strcmp(opt->name, "multilabel") == 0) 891 fsflags |= MNT_MULTILABEL; 892 else if (strcmp(opt->name, "noasync") == 0) 893 fsflags &= ~MNT_ASYNC; 894 else if (strcmp(opt->name, "noatime") == 0) 895 fsflags |= MNT_NOATIME; 896 else if (strcmp(opt->name, "atime") == 0) { 897 free(opt->name, M_MOUNT); 898 opt->name = strdup("nonoatime", M_MOUNT); 899 } 900 else if (strcmp(opt->name, "noclusterr") == 0) 901 fsflags |= MNT_NOCLUSTERR; 902 else if (strcmp(opt->name, "clusterr") == 0) { 903 free(opt->name, M_MOUNT); 904 opt->name = strdup("nonoclusterr", M_MOUNT); 905 } 906 else if (strcmp(opt->name, "noclusterw") == 0) 907 fsflags |= MNT_NOCLUSTERW; 908 else if (strcmp(opt->name, "clusterw") == 0) { 909 free(opt->name, M_MOUNT); 910 opt->name = strdup("nonoclusterw", M_MOUNT); 911 } 912 else if (strcmp(opt->name, "noexec") == 0) 913 fsflags |= MNT_NOEXEC; 914 else if (strcmp(opt->name, "exec") == 0) { 915 free(opt->name, M_MOUNT); 916 opt->name = strdup("nonoexec", M_MOUNT); 917 } 918 else if (strcmp(opt->name, "nosuid") == 0) 919 fsflags |= MNT_NOSUID; 920 else if (strcmp(opt->name, "suid") == 0) { 921 free(opt->name, M_MOUNT); 922 opt->name = strdup("nonosuid", M_MOUNT); 923 } 924 else if (strcmp(opt->name, "nosymfollow") == 0) 925 fsflags |= MNT_NOSYMFOLLOW; 926 else if (strcmp(opt->name, "symfollow") == 0) { 927 free(opt->name, M_MOUNT); 928 opt->name = strdup("nonosymfollow", M_MOUNT); 929 } 930 else if (strcmp(opt->name, "noro") == 0) { 931 fsflags &= ~MNT_RDONLY; 932 autoro = false; 933 } 934 else if (strcmp(opt->name, "rw") == 0) { 935 fsflags &= ~MNT_RDONLY; 936 autoro = false; 937 } 938 else if (strcmp(opt->name, "ro") == 0) { 939 fsflags |= MNT_RDONLY; 940 autoro = false; 941 } 942 else if (strcmp(opt->name, "rdonly") == 0) { 943 free(opt->name, M_MOUNT); 944 opt->name = strdup("ro", M_MOUNT); 945 fsflags |= MNT_RDONLY; 946 autoro = false; 947 } 948 else if (strcmp(opt->name, "autoro") == 0) { 949 do_freeopt = 1; 950 autoro = true; 951 } 952 else if (strcmp(opt->name, "suiddir") == 0) 953 fsflags |= MNT_SUIDDIR; 954 else if (strcmp(opt->name, "sync") == 0) 955 fsflags |= MNT_SYNCHRONOUS; 956 else if (strcmp(opt->name, "union") == 0) 957 fsflags |= MNT_UNION; 958 else if (strcmp(opt->name, "export") == 0) { 959 fsflags |= MNT_EXPORTED; 960 jail_export = true; 961 } else if (strcmp(opt->name, "automounted") == 0) { 962 fsflags |= MNT_AUTOMOUNTED; 963 do_freeopt = 1; 964 } else if (strcmp(opt->name, "nocover") == 0) { 965 fsflags |= MNT_NOCOVER; 966 do_freeopt = 1; 967 } else if (strcmp(opt->name, "cover") == 0) { 968 fsflags &= ~MNT_NOCOVER; 969 do_freeopt = 1; 970 } else if (strcmp(opt->name, "emptydir") == 0) { 971 fsflags |= MNT_EMPTYDIR; 972 do_freeopt = 1; 973 } else if (strcmp(opt->name, "noemptydir") == 0) { 974 fsflags &= ~MNT_EMPTYDIR; 975 do_freeopt = 1; 976 } 977 if (do_freeopt) 978 vfs_freeopt(optlist, opt); 979 } 980 981 /* 982 * Be ultra-paranoid about making sure the type and fspath 983 * variables will fit in our mp buffers, including the 984 * terminating NUL. 985 */ 986 if (fstypelen > MFSNAMELEN || fspathlen > MNAMELEN) { 987 error = ENAMETOOLONG; 988 goto bail; 989 } 990 991 /* 992 * If has_nonexport is true or the caller is not running within a 993 * vnet prison that can run mountd(8), set jail_export false. 994 */ 995 if (has_nonexport || !jailed(td->td_ucred) || 996 !prison_check_nfsd(td->td_ucred)) 997 jail_export = false; 998 999 error = vfs_domount(td, fstype, fspath, fsflags, jail_export, &optlist); 1000 if (error == ENODEV) { 1001 error = EINVAL; 1002 if (errmsg != NULL) 1003 strncpy(errmsg, "Invalid fstype", errmsg_len); 1004 goto bail; 1005 } 1006 1007 /* 1008 * See if we can mount in the read-only mode if the error code suggests 1009 * that it could be possible and the mount options allow for that. 1010 * Never try it if "[no]{ro|rw}" has been explicitly requested and not 1011 * overridden by "autoro". 1012 */ 1013 if (autoro && vfs_should_downgrade_to_ro_mount(fsflags, error)) { 1014 printf("%s: R/W mount failed, possibly R/O media," 1015 " trying R/O mount\n", __func__); 1016 fsflags |= MNT_RDONLY; 1017 error = vfs_domount(td, fstype, fspath, fsflags, jail_export, 1018 &optlist); 1019 } 1020 bail: 1021 /* copyout the errmsg */ 1022 if (errmsg_pos != -1 && ((2 * errmsg_pos + 1) < fsoptions->uio_iovcnt) 1023 && errmsg_len > 0 && errmsg != NULL) { 1024 if (fsoptions->uio_segflg == UIO_SYSSPACE) { 1025 bcopy(errmsg, 1026 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, 1027 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); 1028 } else { 1029 (void)copyout(errmsg, 1030 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, 1031 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); 1032 } 1033 } 1034 1035 if (optlist != NULL) 1036 vfs_freeopts(optlist); 1037 return (error); 1038 } 1039 1040 /* 1041 * Old mount API. 1042 */ 1043 #ifndef _SYS_SYSPROTO_H_ 1044 struct mount_args { 1045 char *type; 1046 char *path; 1047 int flags; 1048 caddr_t data; 1049 }; 1050 #endif 1051 /* ARGSUSED */ 1052 int 1053 sys_mount(struct thread *td, struct mount_args *uap) 1054 { 1055 char *fstype; 1056 struct vfsconf *vfsp = NULL; 1057 struct mntarg *ma = NULL; 1058 uint64_t flags; 1059 int error; 1060 1061 /* 1062 * Mount flags are now 64-bits. On 32-bit architectures only 1063 * 32-bits are passed in, but from here on everything handles 1064 * 64-bit flags correctly. 1065 */ 1066 flags = uap->flags; 1067 1068 AUDIT_ARG_FFLAGS(flags); 1069 1070 /* 1071 * Filter out MNT_ROOTFS. We do not want clients of mount() in 1072 * userspace to set this flag, but we must filter it out if we want 1073 * MNT_UPDATE on the root file system to work. 1074 * MNT_ROOTFS should only be set by the kernel when mounting its 1075 * root file system. 1076 */ 1077 flags &= ~MNT_ROOTFS; 1078 1079 fstype = malloc(MFSNAMELEN, M_TEMP, M_WAITOK); 1080 error = copyinstr(uap->type, fstype, MFSNAMELEN, NULL); 1081 if (error) { 1082 free(fstype, M_TEMP); 1083 return (error); 1084 } 1085 1086 AUDIT_ARG_TEXT(fstype); 1087 vfsp = vfs_byname_kld(fstype, td, &error); 1088 free(fstype, M_TEMP); 1089 if (vfsp == NULL) 1090 return (EINVAL); 1091 if (((vfsp->vfc_flags & VFCF_SBDRY) != 0 && 1092 vfsp->vfc_vfsops_sd->vfs_cmount == NULL) || 1093 ((vfsp->vfc_flags & VFCF_SBDRY) == 0 && 1094 vfsp->vfc_vfsops->vfs_cmount == NULL)) 1095 return (EOPNOTSUPP); 1096 1097 ma = mount_argsu(ma, "fstype", uap->type, MFSNAMELEN); 1098 ma = mount_argsu(ma, "fspath", uap->path, MNAMELEN); 1099 ma = mount_argb(ma, flags & MNT_RDONLY, "noro"); 1100 ma = mount_argb(ma, !(flags & MNT_NOSUID), "nosuid"); 1101 ma = mount_argb(ma, !(flags & MNT_NOEXEC), "noexec"); 1102 1103 if ((vfsp->vfc_flags & VFCF_SBDRY) != 0) 1104 return (vfsp->vfc_vfsops_sd->vfs_cmount(ma, uap->data, flags)); 1105 return (vfsp->vfc_vfsops->vfs_cmount(ma, uap->data, flags)); 1106 } 1107 1108 /* 1109 * vfs_domount_first(): first file system mount (not update) 1110 */ 1111 static int 1112 vfs_domount_first( 1113 struct thread *td, /* Calling thread. */ 1114 struct vfsconf *vfsp, /* File system type. */ 1115 char *fspath, /* Mount path. */ 1116 struct vnode *vp, /* Vnode to be covered. */ 1117 uint64_t fsflags, /* Flags common to all filesystems. */ 1118 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1119 ) 1120 { 1121 struct vattr va; 1122 struct mount *mp; 1123 struct vnode *newdp, *rootvp; 1124 int error, error1; 1125 bool unmounted; 1126 1127 ASSERT_VOP_ELOCKED(vp, __func__); 1128 KASSERT((fsflags & MNT_UPDATE) == 0, ("MNT_UPDATE shouldn't be here")); 1129 1130 /* 1131 * If the jail of the calling thread lacks permission for this type of 1132 * file system, or is trying to cover its own root, deny immediately. 1133 */ 1134 if (jailed(td->td_ucred) && (!prison_allow(td->td_ucred, 1135 vfsp->vfc_prison_flag) || vp == td->td_ucred->cr_prison->pr_root)) { 1136 vput(vp); 1137 vfs_unref_vfsconf(vfsp); 1138 return (EPERM); 1139 } 1140 1141 /* 1142 * If the user is not root, ensure that they own the directory 1143 * onto which we are attempting to mount. 1144 */ 1145 error = VOP_GETATTR(vp, &va, td->td_ucred); 1146 if (error == 0 && va.va_uid != td->td_ucred->cr_uid) 1147 error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN); 1148 if (error == 0) 1149 error = vinvalbuf(vp, V_SAVE, 0, 0); 1150 if (vfsp->vfc_flags & VFCF_FILEMOUNT) { 1151 if (error == 0 && vp->v_type != VDIR && vp->v_type != VREG) 1152 error = EINVAL; 1153 /* 1154 * For file mounts, ensure that there is only one hardlink to the file. 1155 */ 1156 if (error == 0 && vp->v_type == VREG && va.va_nlink != 1) 1157 error = EINVAL; 1158 } else { 1159 if (error == 0 && vp->v_type != VDIR) 1160 error = ENOTDIR; 1161 } 1162 if (error == 0 && (fsflags & MNT_EMPTYDIR) != 0) 1163 error = vn_dir_check_empty(vp); 1164 if (error == 0) { 1165 VI_LOCK(vp); 1166 if ((vp->v_iflag & VI_MOUNT) == 0 && vp->v_mountedhere == NULL) 1167 vp->v_iflag |= VI_MOUNT; 1168 else 1169 error = EBUSY; 1170 VI_UNLOCK(vp); 1171 } 1172 if (error != 0) { 1173 vput(vp); 1174 vfs_unref_vfsconf(vfsp); 1175 return (error); 1176 } 1177 vn_seqc_write_begin(vp); 1178 VOP_UNLOCK(vp); 1179 1180 /* Allocate and initialize the filesystem. */ 1181 mp = vfs_mount_alloc(vp, vfsp, fspath, td->td_ucred); 1182 /* XXXMAC: pass to vfs_mount_alloc? */ 1183 mp->mnt_optnew = *optlist; 1184 /* Set the mount level flags. */ 1185 mp->mnt_flag = (fsflags & 1186 (MNT_UPDATEMASK | MNT_ROOTFS | MNT_RDONLY | MNT_FORCE)); 1187 1188 /* 1189 * Mount the filesystem. 1190 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they 1191 * get. No freeing of cn_pnbuf. 1192 */ 1193 error1 = 0; 1194 unmounted = true; 1195 if ((error = VFS_MOUNT(mp)) != 0 || 1196 (error1 = VFS_STATFS(mp, &mp->mnt_stat)) != 0 || 1197 (error1 = VFS_ROOT(mp, LK_EXCLUSIVE, &newdp)) != 0) { 1198 rootvp = NULL; 1199 if (error1 != 0) { 1200 MPASS(error == 0); 1201 rootvp = vfs_cache_root_clear(mp); 1202 if (rootvp != NULL) { 1203 vhold(rootvp); 1204 vrele(rootvp); 1205 } 1206 (void)vn_start_write(NULL, &mp, V_WAIT); 1207 MNT_ILOCK(mp); 1208 mp->mnt_kern_flag |= MNTK_UNMOUNT | MNTK_UNMOUNTF; 1209 MNT_IUNLOCK(mp); 1210 VFS_PURGE(mp); 1211 error = VFS_UNMOUNT(mp, 0); 1212 vn_finished_write(mp); 1213 if (error != 0) { 1214 printf( 1215 "failed post-mount (%d): rollback unmount returned %d\n", 1216 error1, error); 1217 unmounted = false; 1218 } 1219 error = error1; 1220 } 1221 vfs_unbusy(mp); 1222 mp->mnt_vnodecovered = NULL; 1223 if (unmounted) { 1224 /* XXXKIB wait for mnt_lockref drain? */ 1225 vfs_mount_destroy(mp); 1226 } 1227 VI_LOCK(vp); 1228 vp->v_iflag &= ~VI_MOUNT; 1229 VI_UNLOCK(vp); 1230 if (rootvp != NULL) { 1231 vn_seqc_write_end(rootvp); 1232 vdrop(rootvp); 1233 } 1234 vn_seqc_write_end(vp); 1235 vrele(vp); 1236 return (error); 1237 } 1238 vn_seqc_write_begin(newdp); 1239 VOP_UNLOCK(newdp); 1240 1241 if (mp->mnt_opt != NULL) 1242 vfs_freeopts(mp->mnt_opt); 1243 mp->mnt_opt = mp->mnt_optnew; 1244 *optlist = NULL; 1245 1246 /* 1247 * Prevent external consumers of mount options from reading mnt_optnew. 1248 */ 1249 mp->mnt_optnew = NULL; 1250 1251 MNT_ILOCK(mp); 1252 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 1253 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 1254 mp->mnt_kern_flag |= MNTK_ASYNC; 1255 else 1256 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1257 MNT_IUNLOCK(mp); 1258 1259 /* 1260 * VIRF_MOUNTPOINT and v_mountedhere need to be set under the 1261 * vp lock to satisfy vfs_lookup() requirements. 1262 */ 1263 VOP_LOCK(vp, LK_EXCLUSIVE | LK_RETRY); 1264 VI_LOCK(vp); 1265 vn_irflag_set_locked(vp, VIRF_MOUNTPOINT); 1266 vp->v_mountedhere = mp; 1267 VI_UNLOCK(vp); 1268 VOP_UNLOCK(vp); 1269 cache_purge(vp); 1270 1271 /* 1272 * We need to lock both vnodes. 1273 * 1274 * Use vn_lock_pair to avoid establishing an ordering between vnodes 1275 * from different filesystems. 1276 */ 1277 vn_lock_pair(vp, false, LK_EXCLUSIVE, newdp, false, LK_EXCLUSIVE); 1278 1279 VI_LOCK(vp); 1280 vp->v_iflag &= ~VI_MOUNT; 1281 VI_UNLOCK(vp); 1282 /* Place the new filesystem at the end of the mount list. */ 1283 mtx_lock(&mountlist_mtx); 1284 TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list); 1285 mtx_unlock(&mountlist_mtx); 1286 vfs_event_signal(NULL, VQ_MOUNT, 0); 1287 VOP_UNLOCK(vp); 1288 EVENTHANDLER_DIRECT_INVOKE(vfs_mounted, mp, newdp, td); 1289 VOP_UNLOCK(newdp); 1290 mount_devctl_event("MOUNT", mp, false); 1291 mountcheckdirs(vp, newdp); 1292 vn_seqc_write_end(vp); 1293 vn_seqc_write_end(newdp); 1294 vrele(newdp); 1295 if ((mp->mnt_flag & MNT_RDONLY) == 0) 1296 vfs_allocate_syncvnode(mp); 1297 vfs_op_exit(mp); 1298 vfs_unbusy(mp); 1299 return (0); 1300 } 1301 1302 /* 1303 * vfs_domount_update(): update of mounted file system 1304 */ 1305 static int 1306 vfs_domount_update( 1307 struct thread *td, /* Calling thread. */ 1308 struct vnode *vp, /* Mount point vnode. */ 1309 uint64_t fsflags, /* Flags common to all filesystems. */ 1310 bool jail_export, /* Got export option in vnet prison. */ 1311 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1312 ) 1313 { 1314 struct export_args export; 1315 struct o2export_args o2export; 1316 struct vnode *rootvp; 1317 void *bufp; 1318 struct mount *mp; 1319 int error, export_error, i, len, fsid_up_len; 1320 uint64_t flag, mnt_union; 1321 gid_t *grps; 1322 fsid_t *fsid_up; 1323 bool vfs_suser_failed; 1324 1325 ASSERT_VOP_ELOCKED(vp, __func__); 1326 KASSERT((fsflags & MNT_UPDATE) != 0, ("MNT_UPDATE should be here")); 1327 mp = vp->v_mount; 1328 1329 if ((vp->v_vflag & VV_ROOT) == 0) { 1330 if (vfs_copyopt(*optlist, "export", &export, sizeof(export)) 1331 == 0) 1332 error = EXDEV; 1333 else 1334 error = EINVAL; 1335 vput(vp); 1336 return (error); 1337 } 1338 1339 /* 1340 * We only allow the filesystem to be reloaded if it 1341 * is currently mounted read-only. 1342 */ 1343 flag = mp->mnt_flag; 1344 if ((fsflags & MNT_RELOAD) != 0 && (flag & MNT_RDONLY) == 0) { 1345 vput(vp); 1346 return (EOPNOTSUPP); /* Needs translation */ 1347 } 1348 /* 1349 * Only privileged root, or (if MNT_USER is set) the user that 1350 * did the original mount is permitted to update it. 1351 */ 1352 /* 1353 * For the case of mountd(8) doing exports in a jail, the vfs_suser() 1354 * call does not cause failure. vfs_domount() has already checked 1355 * that "root" is doing this and vfs_suser() will fail when 1356 * the file system has been mounted outside the jail. 1357 * jail_export set true indicates that "export" is not mixed 1358 * with other options that change mount behaviour. 1359 */ 1360 vfs_suser_failed = false; 1361 error = vfs_suser(mp, td); 1362 if (jail_export && error != 0) { 1363 error = 0; 1364 vfs_suser_failed = true; 1365 } 1366 if (error != 0) { 1367 vput(vp); 1368 return (error); 1369 } 1370 if (vfs_busy(mp, MBF_NOWAIT)) { 1371 vput(vp); 1372 return (EBUSY); 1373 } 1374 VI_LOCK(vp); 1375 if ((vp->v_iflag & VI_MOUNT) != 0 || vp->v_mountedhere != NULL) { 1376 VI_UNLOCK(vp); 1377 vfs_unbusy(mp); 1378 vput(vp); 1379 return (EBUSY); 1380 } 1381 vp->v_iflag |= VI_MOUNT; 1382 VI_UNLOCK(vp); 1383 VOP_UNLOCK(vp); 1384 1385 rootvp = NULL; 1386 vfs_op_enter(mp); 1387 vn_seqc_write_begin(vp); 1388 1389 if (vfs_getopt(*optlist, "fsid", (void **)&fsid_up, 1390 &fsid_up_len) == 0) { 1391 if (fsid_up_len != sizeof(*fsid_up)) { 1392 error = EINVAL; 1393 goto end; 1394 } 1395 if (fsidcmp(fsid_up, &mp->mnt_stat.f_fsid) != 0) { 1396 error = ENOENT; 1397 goto end; 1398 } 1399 vfs_deleteopt(*optlist, "fsid"); 1400 } 1401 1402 mnt_union = 0; 1403 MNT_ILOCK(mp); 1404 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0) { 1405 MNT_IUNLOCK(mp); 1406 error = EBUSY; 1407 goto end; 1408 } 1409 if (vfs_suser_failed) { 1410 KASSERT((fsflags & (MNT_EXPORTED | MNT_UPDATE)) == 1411 (MNT_EXPORTED | MNT_UPDATE), 1412 ("%s: jailed export did not set expected fsflags", 1413 __func__)); 1414 /* 1415 * For this case, only MNT_UPDATE and 1416 * MNT_EXPORTED have been set in fsflags 1417 * by the options. Only set MNT_UPDATE, 1418 * since that is the one that would be set 1419 * when set in fsflags, below. 1420 */ 1421 mp->mnt_flag |= MNT_UPDATE; 1422 } else { 1423 mp->mnt_flag &= ~MNT_UPDATEMASK; 1424 if ((mp->mnt_flag & MNT_UNION) == 0 && 1425 (fsflags & MNT_UNION) != 0) { 1426 fsflags &= ~MNT_UNION; 1427 mnt_union = MNT_UNION; 1428 } 1429 mp->mnt_flag |= fsflags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE | 1430 MNT_SNAPSHOT | MNT_ROOTFS | MNT_UPDATEMASK | MNT_RDONLY); 1431 if ((mp->mnt_flag & MNT_ASYNC) == 0) 1432 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1433 } 1434 rootvp = vfs_cache_root_clear(mp); 1435 MNT_IUNLOCK(mp); 1436 mp->mnt_optnew = *optlist; 1437 vfs_mergeopts(mp->mnt_optnew, mp->mnt_opt); 1438 1439 /* 1440 * Mount the filesystem. 1441 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they 1442 * get. No freeing of cn_pnbuf. 1443 */ 1444 /* 1445 * For the case of mountd(8) doing exports from within a vnet jail, 1446 * "from" is typically not set correctly such that VFS_MOUNT() will 1447 * return ENOENT. It is not obvious that VFS_MOUNT() ever needs to be 1448 * called when mountd is doing exports, but this check only applies to 1449 * the specific case where it is running inside a vnet jail, to 1450 * avoid any POLA violation. 1451 */ 1452 error = 0; 1453 if (!jail_export) 1454 error = VFS_MOUNT(mp); 1455 1456 export_error = 0; 1457 /* Process the export option. */ 1458 if (error == 0 && vfs_getopt(mp->mnt_optnew, "export", &bufp, 1459 &len) == 0) { 1460 /* Assume that there is only 1 ABI for each length. */ 1461 switch (len) { 1462 case (sizeof(struct oexport_args)): 1463 bzero(&o2export, sizeof(o2export)); 1464 /* FALLTHROUGH */ 1465 case (sizeof(o2export)): 1466 bcopy(bufp, &o2export, len); 1467 export.ex_flags = (uint64_t)o2export.ex_flags; 1468 export.ex_root = o2export.ex_root; 1469 export.ex_uid = o2export.ex_anon.cr_uid; 1470 export.ex_groups = NULL; 1471 export.ex_ngroups = o2export.ex_anon.cr_ngroups; 1472 if (export.ex_ngroups > 0) { 1473 if (export.ex_ngroups <= XU_NGROUPS) { 1474 export.ex_groups = malloc( 1475 export.ex_ngroups * sizeof(gid_t), 1476 M_TEMP, M_WAITOK); 1477 for (i = 0; i < export.ex_ngroups; i++) 1478 export.ex_groups[i] = 1479 o2export.ex_anon.cr_groups[i]; 1480 } else 1481 export_error = EINVAL; 1482 } else if (export.ex_ngroups < 0) 1483 export_error = EINVAL; 1484 export.ex_addr = o2export.ex_addr; 1485 export.ex_addrlen = o2export.ex_addrlen; 1486 export.ex_mask = o2export.ex_mask; 1487 export.ex_masklen = o2export.ex_masklen; 1488 export.ex_indexfile = o2export.ex_indexfile; 1489 export.ex_numsecflavors = o2export.ex_numsecflavors; 1490 if (export.ex_numsecflavors < MAXSECFLAVORS) { 1491 for (i = 0; i < export.ex_numsecflavors; i++) 1492 export.ex_secflavors[i] = 1493 o2export.ex_secflavors[i]; 1494 } else 1495 export_error = EINVAL; 1496 if (export_error == 0) 1497 export_error = vfs_export(mp, &export, true); 1498 free(export.ex_groups, M_TEMP); 1499 break; 1500 case (sizeof(export)): 1501 bcopy(bufp, &export, len); 1502 grps = NULL; 1503 if (export.ex_ngroups > 0) { 1504 if (export.ex_ngroups <= ngroups_max + 1) { 1505 grps = malloc(export.ex_ngroups * 1506 sizeof(gid_t), M_TEMP, M_WAITOK); 1507 export_error = copyin(export.ex_groups, 1508 grps, export.ex_ngroups * 1509 sizeof(gid_t)); 1510 if (export_error == 0) 1511 export.ex_groups = grps; 1512 } else 1513 export_error = EINVAL; 1514 } else if (export.ex_ngroups == 0) 1515 export.ex_groups = NULL; 1516 else 1517 export_error = EINVAL; 1518 if (export_error == 0) 1519 export_error = vfs_export(mp, &export, true); 1520 free(grps, M_TEMP); 1521 break; 1522 default: 1523 export_error = EINVAL; 1524 break; 1525 } 1526 } 1527 1528 MNT_ILOCK(mp); 1529 if (error == 0) { 1530 mp->mnt_flag &= ~(MNT_UPDATE | MNT_RELOAD | MNT_FORCE | 1531 MNT_SNAPSHOT); 1532 mp->mnt_flag |= mnt_union; 1533 } else { 1534 /* 1535 * If we fail, restore old mount flags. MNT_QUOTA is special, 1536 * because it is not part of MNT_UPDATEMASK, but it could have 1537 * changed in the meantime if quotactl(2) was called. 1538 * All in all we want current value of MNT_QUOTA, not the old 1539 * one. 1540 */ 1541 mp->mnt_flag = (mp->mnt_flag & MNT_QUOTA) | (flag & ~MNT_QUOTA); 1542 } 1543 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 1544 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 1545 mp->mnt_kern_flag |= MNTK_ASYNC; 1546 else 1547 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1548 MNT_IUNLOCK(mp); 1549 1550 if (error != 0) 1551 goto end; 1552 1553 mount_devctl_event("REMOUNT", mp, true); 1554 if (mp->mnt_opt != NULL) 1555 vfs_freeopts(mp->mnt_opt); 1556 mp->mnt_opt = mp->mnt_optnew; 1557 *optlist = NULL; 1558 (void)VFS_STATFS(mp, &mp->mnt_stat); 1559 /* 1560 * Prevent external consumers of mount options from reading 1561 * mnt_optnew. 1562 */ 1563 mp->mnt_optnew = NULL; 1564 1565 if ((mp->mnt_flag & MNT_RDONLY) == 0) 1566 vfs_allocate_syncvnode(mp); 1567 else 1568 vfs_deallocate_syncvnode(mp); 1569 end: 1570 vfs_op_exit(mp); 1571 if (rootvp != NULL) { 1572 vn_seqc_write_end(rootvp); 1573 vrele(rootvp); 1574 } 1575 vn_seqc_write_end(vp); 1576 vfs_unbusy(mp); 1577 VI_LOCK(vp); 1578 vp->v_iflag &= ~VI_MOUNT; 1579 VI_UNLOCK(vp); 1580 vrele(vp); 1581 return (error != 0 ? error : export_error); 1582 } 1583 1584 /* 1585 * vfs_domount(): actually attempt a filesystem mount. 1586 */ 1587 static int 1588 vfs_domount( 1589 struct thread *td, /* Calling thread. */ 1590 const char *fstype, /* Filesystem type. */ 1591 char *fspath, /* Mount path. */ 1592 uint64_t fsflags, /* Flags common to all filesystems. */ 1593 bool jail_export, /* Got export option in vnet prison. */ 1594 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1595 ) 1596 { 1597 struct vfsconf *vfsp; 1598 struct nameidata nd; 1599 struct vnode *vp; 1600 char *pathbuf; 1601 int error; 1602 1603 /* 1604 * Be ultra-paranoid about making sure the type and fspath 1605 * variables will fit in our mp buffers, including the 1606 * terminating NUL. 1607 */ 1608 if (strlen(fstype) >= MFSNAMELEN || strlen(fspath) >= MNAMELEN) 1609 return (ENAMETOOLONG); 1610 1611 if (jail_export) { 1612 error = priv_check(td, PRIV_NFS_DAEMON); 1613 if (error) 1614 return (error); 1615 } else if (jailed(td->td_ucred) || usermount == 0) { 1616 if ((error = priv_check(td, PRIV_VFS_MOUNT)) != 0) 1617 return (error); 1618 } 1619 1620 /* 1621 * Do not allow NFS export or MNT_SUIDDIR by unprivileged users. 1622 */ 1623 if (fsflags & MNT_EXPORTED) { 1624 error = priv_check(td, PRIV_VFS_MOUNT_EXPORTED); 1625 if (error) 1626 return (error); 1627 } 1628 if (fsflags & MNT_SUIDDIR) { 1629 error = priv_check(td, PRIV_VFS_MOUNT_SUIDDIR); 1630 if (error) 1631 return (error); 1632 } 1633 /* 1634 * Silently enforce MNT_NOSUID and MNT_USER for unprivileged users. 1635 */ 1636 if ((fsflags & (MNT_NOSUID | MNT_USER)) != (MNT_NOSUID | MNT_USER)) { 1637 if (priv_check(td, PRIV_VFS_MOUNT_NONUSER) != 0) 1638 fsflags |= MNT_NOSUID | MNT_USER; 1639 } 1640 1641 /* Load KLDs before we lock the covered vnode to avoid reversals. */ 1642 vfsp = NULL; 1643 if ((fsflags & MNT_UPDATE) == 0) { 1644 /* Don't try to load KLDs if we're mounting the root. */ 1645 if (fsflags & MNT_ROOTFS) { 1646 if ((vfsp = vfs_byname(fstype)) == NULL) 1647 return (ENODEV); 1648 } else { 1649 if ((vfsp = vfs_byname_kld(fstype, td, &error)) == NULL) 1650 return (error); 1651 } 1652 } 1653 1654 /* 1655 * Get vnode to be covered or mount point's vnode in case of MNT_UPDATE. 1656 */ 1657 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1 | WANTPARENT, 1658 UIO_SYSSPACE, fspath); 1659 error = namei(&nd); 1660 if (error != 0) 1661 return (error); 1662 vp = nd.ni_vp; 1663 /* 1664 * Don't allow stacking file mounts to work around problems with the way 1665 * that namei sets nd.ni_dvp to vp_crossmp for these. 1666 */ 1667 if (vp->v_type == VREG) 1668 fsflags |= MNT_NOCOVER; 1669 if ((fsflags & MNT_UPDATE) == 0) { 1670 if ((vp->v_vflag & VV_ROOT) != 0 && 1671 (fsflags & MNT_NOCOVER) != 0) { 1672 vput(vp); 1673 error = EBUSY; 1674 goto out; 1675 } 1676 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1677 strcpy(pathbuf, fspath); 1678 /* 1679 * Note: we allow any vnode type here. If the path sanity check 1680 * succeeds, the type will be validated in vfs_domount_first 1681 * above. 1682 */ 1683 if (vp->v_type == VDIR) 1684 error = vn_path_to_global_path(td, vp, pathbuf, 1685 MNAMELEN); 1686 else 1687 error = vn_path_to_global_path_hardlink(td, vp, 1688 nd.ni_dvp, pathbuf, MNAMELEN, 1689 nd.ni_cnd.cn_nameptr, nd.ni_cnd.cn_namelen); 1690 if (error == 0) { 1691 error = vfs_domount_first(td, vfsp, pathbuf, vp, 1692 fsflags, optlist); 1693 } 1694 free(pathbuf, M_TEMP); 1695 } else 1696 error = vfs_domount_update(td, vp, fsflags, jail_export, 1697 optlist); 1698 1699 out: 1700 NDFREE_PNBUF(&nd); 1701 vrele(nd.ni_dvp); 1702 1703 return (error); 1704 } 1705 1706 /* 1707 * Unmount a filesystem. 1708 * 1709 * Note: unmount takes a path to the vnode mounted on as argument, not 1710 * special file (as before). 1711 */ 1712 #ifndef _SYS_SYSPROTO_H_ 1713 struct unmount_args { 1714 char *path; 1715 int flags; 1716 }; 1717 #endif 1718 /* ARGSUSED */ 1719 int 1720 sys_unmount(struct thread *td, struct unmount_args *uap) 1721 { 1722 1723 return (kern_unmount(td, uap->path, uap->flags)); 1724 } 1725 1726 int 1727 kern_unmount(struct thread *td, const char *path, int flags) 1728 { 1729 struct nameidata nd; 1730 struct mount *mp; 1731 char *fsidbuf, *pathbuf; 1732 fsid_t fsid; 1733 int error; 1734 1735 AUDIT_ARG_VALUE(flags); 1736 if (jailed(td->td_ucred) || usermount == 0) { 1737 error = priv_check(td, PRIV_VFS_UNMOUNT); 1738 if (error) 1739 return (error); 1740 } 1741 1742 if (flags & MNT_BYFSID) { 1743 fsidbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1744 error = copyinstr(path, fsidbuf, MNAMELEN, NULL); 1745 if (error) { 1746 free(fsidbuf, M_TEMP); 1747 return (error); 1748 } 1749 1750 AUDIT_ARG_TEXT(fsidbuf); 1751 /* Decode the filesystem ID. */ 1752 if (sscanf(fsidbuf, "FSID:%d:%d", &fsid.val[0], &fsid.val[1]) != 2) { 1753 free(fsidbuf, M_TEMP); 1754 return (EINVAL); 1755 } 1756 1757 mp = vfs_getvfs(&fsid); 1758 free(fsidbuf, M_TEMP); 1759 if (mp == NULL) { 1760 return (ENOENT); 1761 } 1762 } else { 1763 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1764 error = copyinstr(path, pathbuf, MNAMELEN, NULL); 1765 if (error) { 1766 free(pathbuf, M_TEMP); 1767 return (error); 1768 } 1769 1770 /* 1771 * Try to find global path for path argument. 1772 */ 1773 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, 1774 UIO_SYSSPACE, pathbuf); 1775 if (namei(&nd) == 0) { 1776 NDFREE_PNBUF(&nd); 1777 error = vn_path_to_global_path(td, nd.ni_vp, pathbuf, 1778 MNAMELEN); 1779 if (error == 0) 1780 vput(nd.ni_vp); 1781 } 1782 mtx_lock(&mountlist_mtx); 1783 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 1784 if (strcmp(mp->mnt_stat.f_mntonname, pathbuf) == 0) { 1785 vfs_ref(mp); 1786 break; 1787 } 1788 } 1789 mtx_unlock(&mountlist_mtx); 1790 free(pathbuf, M_TEMP); 1791 if (mp == NULL) { 1792 /* 1793 * Previously we returned ENOENT for a nonexistent path and 1794 * EINVAL for a non-mountpoint. We cannot tell these apart 1795 * now, so in the !MNT_BYFSID case return the more likely 1796 * EINVAL for compatibility. 1797 */ 1798 return (EINVAL); 1799 } 1800 } 1801 1802 /* 1803 * Don't allow unmounting the root filesystem. 1804 */ 1805 if (mp->mnt_flag & MNT_ROOTFS) { 1806 vfs_rel(mp); 1807 return (EINVAL); 1808 } 1809 error = dounmount(mp, flags, td); 1810 return (error); 1811 } 1812 1813 /* 1814 * Return error if any of the vnodes, ignoring the root vnode 1815 * and the syncer vnode, have non-zero usecount. 1816 * 1817 * This function is purely advisory - it can return false positives 1818 * and negatives. 1819 */ 1820 static int 1821 vfs_check_usecounts(struct mount *mp) 1822 { 1823 struct vnode *vp, *mvp; 1824 1825 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) { 1826 if ((vp->v_vflag & VV_ROOT) == 0 && vp->v_type != VNON && 1827 vp->v_usecount != 0) { 1828 VI_UNLOCK(vp); 1829 MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp); 1830 return (EBUSY); 1831 } 1832 VI_UNLOCK(vp); 1833 } 1834 1835 return (0); 1836 } 1837 1838 static void 1839 dounmount_cleanup(struct mount *mp, struct vnode *coveredvp, int mntkflags) 1840 { 1841 1842 mtx_assert(MNT_MTX(mp), MA_OWNED); 1843 mp->mnt_kern_flag &= ~mntkflags; 1844 if ((mp->mnt_kern_flag & MNTK_MWAIT) != 0) { 1845 mp->mnt_kern_flag &= ~MNTK_MWAIT; 1846 wakeup(mp); 1847 } 1848 vfs_op_exit_locked(mp); 1849 MNT_IUNLOCK(mp); 1850 if (coveredvp != NULL) { 1851 VOP_UNLOCK(coveredvp); 1852 vdrop(coveredvp); 1853 } 1854 vn_finished_write(mp); 1855 vfs_rel(mp); 1856 } 1857 1858 /* 1859 * There are various reference counters associated with the mount point. 1860 * Normally it is permitted to modify them without taking the mnt ilock, 1861 * but this behavior can be temporarily disabled if stable value is needed 1862 * or callers are expected to block (e.g. to not allow new users during 1863 * forced unmount). 1864 */ 1865 void 1866 vfs_op_enter(struct mount *mp) 1867 { 1868 struct mount_pcpu *mpcpu; 1869 int cpu; 1870 1871 MNT_ILOCK(mp); 1872 mp->mnt_vfs_ops++; 1873 if (mp->mnt_vfs_ops > 1) { 1874 MNT_IUNLOCK(mp); 1875 return; 1876 } 1877 vfs_op_barrier_wait(mp); 1878 CPU_FOREACH(cpu) { 1879 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1880 1881 mp->mnt_ref += mpcpu->mntp_ref; 1882 mpcpu->mntp_ref = 0; 1883 1884 mp->mnt_lockref += mpcpu->mntp_lockref; 1885 mpcpu->mntp_lockref = 0; 1886 1887 mp->mnt_writeopcount += mpcpu->mntp_writeopcount; 1888 mpcpu->mntp_writeopcount = 0; 1889 } 1890 MPASSERT(mp->mnt_ref > 0 && mp->mnt_lockref >= 0 && 1891 mp->mnt_writeopcount >= 0, mp, 1892 ("invalid count(s): ref %d lockref %d writeopcount %d", 1893 mp->mnt_ref, mp->mnt_lockref, mp->mnt_writeopcount)); 1894 MNT_IUNLOCK(mp); 1895 vfs_assert_mount_counters(mp); 1896 } 1897 1898 void 1899 vfs_op_exit_locked(struct mount *mp) 1900 { 1901 1902 mtx_assert(MNT_MTX(mp), MA_OWNED); 1903 1904 MPASSERT(mp->mnt_vfs_ops > 0, mp, 1905 ("invalid vfs_ops count %d", mp->mnt_vfs_ops)); 1906 MPASSERT(mp->mnt_vfs_ops > 1 || 1907 (mp->mnt_kern_flag & (MNTK_UNMOUNT | MNTK_SUSPEND)) == 0, mp, 1908 ("vfs_ops too low %d in unmount or suspend", mp->mnt_vfs_ops)); 1909 mp->mnt_vfs_ops--; 1910 } 1911 1912 void 1913 vfs_op_exit(struct mount *mp) 1914 { 1915 1916 MNT_ILOCK(mp); 1917 vfs_op_exit_locked(mp); 1918 MNT_IUNLOCK(mp); 1919 } 1920 1921 struct vfs_op_barrier_ipi { 1922 struct mount *mp; 1923 struct smp_rendezvous_cpus_retry_arg srcra; 1924 }; 1925 1926 static void 1927 vfs_op_action_func(void *arg) 1928 { 1929 struct vfs_op_barrier_ipi *vfsopipi; 1930 struct mount *mp; 1931 1932 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra); 1933 mp = vfsopipi->mp; 1934 1935 if (!vfs_op_thread_entered(mp)) 1936 smp_rendezvous_cpus_done(arg); 1937 } 1938 1939 static void 1940 vfs_op_wait_func(void *arg, int cpu) 1941 { 1942 struct vfs_op_barrier_ipi *vfsopipi; 1943 struct mount *mp; 1944 struct mount_pcpu *mpcpu; 1945 1946 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra); 1947 mp = vfsopipi->mp; 1948 1949 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1950 while (atomic_load_int(&mpcpu->mntp_thread_in_ops)) 1951 cpu_spinwait(); 1952 } 1953 1954 void 1955 vfs_op_barrier_wait(struct mount *mp) 1956 { 1957 struct vfs_op_barrier_ipi vfsopipi; 1958 1959 vfsopipi.mp = mp; 1960 1961 smp_rendezvous_cpus_retry(all_cpus, 1962 smp_no_rendezvous_barrier, 1963 vfs_op_action_func, 1964 smp_no_rendezvous_barrier, 1965 vfs_op_wait_func, 1966 &vfsopipi.srcra); 1967 } 1968 1969 #ifdef DIAGNOSTIC 1970 void 1971 vfs_assert_mount_counters(struct mount *mp) 1972 { 1973 struct mount_pcpu *mpcpu; 1974 int cpu; 1975 1976 if (mp->mnt_vfs_ops == 0) 1977 return; 1978 1979 CPU_FOREACH(cpu) { 1980 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1981 if (mpcpu->mntp_ref != 0 || 1982 mpcpu->mntp_lockref != 0 || 1983 mpcpu->mntp_writeopcount != 0) 1984 vfs_dump_mount_counters(mp); 1985 } 1986 } 1987 1988 void 1989 vfs_dump_mount_counters(struct mount *mp) 1990 { 1991 struct mount_pcpu *mpcpu; 1992 int ref, lockref, writeopcount; 1993 int cpu; 1994 1995 printf("%s: mp %p vfs_ops %d\n", __func__, mp, mp->mnt_vfs_ops); 1996 1997 printf(" ref : "); 1998 ref = mp->mnt_ref; 1999 CPU_FOREACH(cpu) { 2000 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 2001 printf("%d ", mpcpu->mntp_ref); 2002 ref += mpcpu->mntp_ref; 2003 } 2004 printf("\n"); 2005 printf(" lockref : "); 2006 lockref = mp->mnt_lockref; 2007 CPU_FOREACH(cpu) { 2008 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 2009 printf("%d ", mpcpu->mntp_lockref); 2010 lockref += mpcpu->mntp_lockref; 2011 } 2012 printf("\n"); 2013 printf("writeopcount: "); 2014 writeopcount = mp->mnt_writeopcount; 2015 CPU_FOREACH(cpu) { 2016 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 2017 printf("%d ", mpcpu->mntp_writeopcount); 2018 writeopcount += mpcpu->mntp_writeopcount; 2019 } 2020 printf("\n"); 2021 2022 printf("counter struct total\n"); 2023 printf("ref %-5d %-5d\n", mp->mnt_ref, ref); 2024 printf("lockref %-5d %-5d\n", mp->mnt_lockref, lockref); 2025 printf("writeopcount %-5d %-5d\n", mp->mnt_writeopcount, writeopcount); 2026 2027 panic("invalid counts on struct mount"); 2028 } 2029 #endif 2030 2031 int 2032 vfs_mount_fetch_counter(struct mount *mp, enum mount_counter which) 2033 { 2034 struct mount_pcpu *mpcpu; 2035 int cpu, sum; 2036 2037 switch (which) { 2038 case MNT_COUNT_REF: 2039 sum = mp->mnt_ref; 2040 break; 2041 case MNT_COUNT_LOCKREF: 2042 sum = mp->mnt_lockref; 2043 break; 2044 case MNT_COUNT_WRITEOPCOUNT: 2045 sum = mp->mnt_writeopcount; 2046 break; 2047 } 2048 2049 CPU_FOREACH(cpu) { 2050 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 2051 switch (which) { 2052 case MNT_COUNT_REF: 2053 sum += mpcpu->mntp_ref; 2054 break; 2055 case MNT_COUNT_LOCKREF: 2056 sum += mpcpu->mntp_lockref; 2057 break; 2058 case MNT_COUNT_WRITEOPCOUNT: 2059 sum += mpcpu->mntp_writeopcount; 2060 break; 2061 } 2062 } 2063 return (sum); 2064 } 2065 2066 static bool 2067 deferred_unmount_enqueue(struct mount *mp, uint64_t flags, bool requeue, 2068 int timeout_ticks) 2069 { 2070 bool enqueued; 2071 2072 enqueued = false; 2073 mtx_lock(&deferred_unmount_lock); 2074 if ((mp->mnt_taskqueue_flags & MNT_DEFERRED) == 0 || requeue) { 2075 mp->mnt_taskqueue_flags = flags | MNT_DEFERRED; 2076 STAILQ_INSERT_TAIL(&deferred_unmount_list, mp, 2077 mnt_taskqueue_link); 2078 enqueued = true; 2079 } 2080 mtx_unlock(&deferred_unmount_lock); 2081 2082 if (enqueued) { 2083 taskqueue_enqueue_timeout(taskqueue_deferred_unmount, 2084 &deferred_unmount_task, timeout_ticks); 2085 } 2086 2087 return (enqueued); 2088 } 2089 2090 /* 2091 * Taskqueue handler for processing async/recursive unmounts 2092 */ 2093 static void 2094 vfs_deferred_unmount(void *argi __unused, int pending __unused) 2095 { 2096 STAILQ_HEAD(, mount) local_unmounts; 2097 uint64_t flags; 2098 struct mount *mp, *tmp; 2099 int error; 2100 unsigned int retries; 2101 bool unmounted; 2102 2103 STAILQ_INIT(&local_unmounts); 2104 mtx_lock(&deferred_unmount_lock); 2105 STAILQ_CONCAT(&local_unmounts, &deferred_unmount_list); 2106 mtx_unlock(&deferred_unmount_lock); 2107 2108 STAILQ_FOREACH_SAFE(mp, &local_unmounts, mnt_taskqueue_link, tmp) { 2109 flags = mp->mnt_taskqueue_flags; 2110 KASSERT((flags & MNT_DEFERRED) != 0, 2111 ("taskqueue unmount without MNT_DEFERRED")); 2112 error = dounmount(mp, flags, curthread); 2113 if (error != 0) { 2114 MNT_ILOCK(mp); 2115 unmounted = ((mp->mnt_kern_flag & MNTK_REFEXPIRE) != 0); 2116 MNT_IUNLOCK(mp); 2117 2118 /* 2119 * The deferred unmount thread is the only thread that 2120 * modifies the retry counts, so locking/atomics aren't 2121 * needed here. 2122 */ 2123 retries = (mp->mnt_unmount_retries)++; 2124 deferred_unmount_total_retries++; 2125 if (!unmounted && retries < deferred_unmount_retry_limit) { 2126 deferred_unmount_enqueue(mp, flags, true, 2127 -deferred_unmount_retry_delay_hz); 2128 } else { 2129 if (retries >= deferred_unmount_retry_limit) { 2130 printf("giving up on deferred unmount " 2131 "of %s after %d retries, error %d\n", 2132 mp->mnt_stat.f_mntonname, retries, error); 2133 } 2134 vfs_rel(mp); 2135 } 2136 } 2137 } 2138 } 2139 2140 /* 2141 * Do the actual filesystem unmount. 2142 */ 2143 int 2144 dounmount(struct mount *mp, uint64_t flags, struct thread *td) 2145 { 2146 struct mount_upper_node *upper; 2147 struct vnode *coveredvp, *rootvp; 2148 int error; 2149 uint64_t async_flag; 2150 int mnt_gen_r; 2151 unsigned int retries; 2152 2153 KASSERT((flags & MNT_DEFERRED) == 0 || 2154 (flags & (MNT_RECURSE | MNT_FORCE)) == (MNT_RECURSE | MNT_FORCE), 2155 ("MNT_DEFERRED requires MNT_RECURSE | MNT_FORCE")); 2156 2157 /* 2158 * If the caller has explicitly requested the unmount to be handled by 2159 * the taskqueue and we're not already in taskqueue context, queue 2160 * up the unmount request and exit. This is done prior to any 2161 * credential checks; MNT_DEFERRED should be used only for kernel- 2162 * initiated unmounts and will therefore be processed with the 2163 * (kernel) credentials of the taskqueue thread. Still, callers 2164 * should be sure this is the behavior they want. 2165 */ 2166 if ((flags & MNT_DEFERRED) != 0 && 2167 taskqueue_member(taskqueue_deferred_unmount, curthread) == 0) { 2168 if (!deferred_unmount_enqueue(mp, flags, false, 0)) 2169 vfs_rel(mp); 2170 return (EINPROGRESS); 2171 } 2172 2173 /* 2174 * Only privileged root, or (if MNT_USER is set) the user that did the 2175 * original mount is permitted to unmount this filesystem. 2176 * This check should be made prior to queueing up any recursive 2177 * unmounts of upper filesystems. Those unmounts will be executed 2178 * with kernel thread credentials and are expected to succeed, so 2179 * we must at least ensure the originating context has sufficient 2180 * privilege to unmount the base filesystem before proceeding with 2181 * the uppers. 2182 */ 2183 error = vfs_suser(mp, td); 2184 if (error != 0) { 2185 KASSERT((flags & MNT_DEFERRED) == 0, 2186 ("taskqueue unmount with insufficient privilege")); 2187 vfs_rel(mp); 2188 return (error); 2189 } 2190 2191 if (recursive_forced_unmount && ((flags & MNT_FORCE) != 0)) 2192 flags |= MNT_RECURSE; 2193 2194 if ((flags & MNT_RECURSE) != 0) { 2195 KASSERT((flags & MNT_FORCE) != 0, 2196 ("MNT_RECURSE requires MNT_FORCE")); 2197 2198 MNT_ILOCK(mp); 2199 /* 2200 * Set MNTK_RECURSE to prevent new upper mounts from being 2201 * added, and note that an operation on the uppers list is in 2202 * progress. This will ensure that unregistration from the 2203 * uppers list, and therefore any pending unmount of the upper 2204 * FS, can't complete until after we finish walking the list. 2205 */ 2206 mp->mnt_kern_flag |= MNTK_RECURSE; 2207 mp->mnt_upper_pending++; 2208 TAILQ_FOREACH(upper, &mp->mnt_uppers, mnt_upper_link) { 2209 retries = upper->mp->mnt_unmount_retries; 2210 if (retries > deferred_unmount_retry_limit) { 2211 error = EBUSY; 2212 continue; 2213 } 2214 MNT_IUNLOCK(mp); 2215 2216 vfs_ref(upper->mp); 2217 if (!deferred_unmount_enqueue(upper->mp, flags, 2218 false, 0)) 2219 vfs_rel(upper->mp); 2220 MNT_ILOCK(mp); 2221 } 2222 mp->mnt_upper_pending--; 2223 if ((mp->mnt_kern_flag & MNTK_UPPER_WAITER) != 0 && 2224 mp->mnt_upper_pending == 0) { 2225 mp->mnt_kern_flag &= ~MNTK_UPPER_WAITER; 2226 wakeup(&mp->mnt_uppers); 2227 } 2228 2229 /* 2230 * If we're not on the taskqueue, wait until the uppers list 2231 * is drained before proceeding with unmount. Otherwise, if 2232 * we are on the taskqueue and there are still pending uppers, 2233 * just re-enqueue on the end of the taskqueue. 2234 */ 2235 if ((flags & MNT_DEFERRED) == 0) { 2236 while (error == 0 && !TAILQ_EMPTY(&mp->mnt_uppers)) { 2237 mp->mnt_kern_flag |= MNTK_TASKQUEUE_WAITER; 2238 error = msleep(&mp->mnt_taskqueue_link, 2239 MNT_MTX(mp), PCATCH, "umntqw", 0); 2240 } 2241 if (error != 0) { 2242 MNT_REL(mp); 2243 MNT_IUNLOCK(mp); 2244 return (error); 2245 } 2246 } else if (!TAILQ_EMPTY(&mp->mnt_uppers)) { 2247 MNT_IUNLOCK(mp); 2248 if (error == 0) 2249 deferred_unmount_enqueue(mp, flags, true, 0); 2250 return (error); 2251 } 2252 MNT_IUNLOCK(mp); 2253 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers not empty")); 2254 } 2255 2256 /* Allow the taskqueue to safely re-enqueue on failure */ 2257 if ((flags & MNT_DEFERRED) != 0) 2258 vfs_ref(mp); 2259 2260 if ((coveredvp = mp->mnt_vnodecovered) != NULL) { 2261 mnt_gen_r = mp->mnt_gen; 2262 VI_LOCK(coveredvp); 2263 vholdl(coveredvp); 2264 vn_lock(coveredvp, LK_EXCLUSIVE | LK_INTERLOCK | LK_RETRY); 2265 /* 2266 * Check for mp being unmounted while waiting for the 2267 * covered vnode lock. 2268 */ 2269 if (coveredvp->v_mountedhere != mp || 2270 coveredvp->v_mountedhere->mnt_gen != mnt_gen_r) { 2271 VOP_UNLOCK(coveredvp); 2272 vdrop(coveredvp); 2273 vfs_rel(mp); 2274 return (EBUSY); 2275 } 2276 } 2277 2278 vfs_op_enter(mp); 2279 2280 vn_start_write(NULL, &mp, V_WAIT); 2281 MNT_ILOCK(mp); 2282 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0 || 2283 (mp->mnt_flag & MNT_UPDATE) != 0 || 2284 !TAILQ_EMPTY(&mp->mnt_uppers)) { 2285 dounmount_cleanup(mp, coveredvp, 0); 2286 return (EBUSY); 2287 } 2288 mp->mnt_kern_flag |= MNTK_UNMOUNT; 2289 rootvp = vfs_cache_root_clear(mp); 2290 if (coveredvp != NULL) 2291 vn_seqc_write_begin(coveredvp); 2292 if (flags & MNT_NONBUSY) { 2293 MNT_IUNLOCK(mp); 2294 error = vfs_check_usecounts(mp); 2295 MNT_ILOCK(mp); 2296 if (error != 0) { 2297 vn_seqc_write_end(coveredvp); 2298 dounmount_cleanup(mp, coveredvp, MNTK_UNMOUNT); 2299 if (rootvp != NULL) { 2300 vn_seqc_write_end(rootvp); 2301 vrele(rootvp); 2302 } 2303 return (error); 2304 } 2305 } 2306 /* Allow filesystems to detect that a forced unmount is in progress. */ 2307 if (flags & MNT_FORCE) { 2308 mp->mnt_kern_flag |= MNTK_UNMOUNTF; 2309 MNT_IUNLOCK(mp); 2310 /* 2311 * Must be done after setting MNTK_UNMOUNTF and before 2312 * waiting for mnt_lockref to become 0. 2313 */ 2314 VFS_PURGE(mp); 2315 MNT_ILOCK(mp); 2316 } 2317 error = 0; 2318 if (mp->mnt_lockref) { 2319 mp->mnt_kern_flag |= MNTK_DRAINING; 2320 error = msleep(&mp->mnt_lockref, MNT_MTX(mp), PVFS, 2321 "mount drain", 0); 2322 } 2323 MNT_IUNLOCK(mp); 2324 KASSERT(mp->mnt_lockref == 0, 2325 ("%s: invalid lock refcount in the drain path @ %s:%d", 2326 __func__, __FILE__, __LINE__)); 2327 KASSERT(error == 0, 2328 ("%s: invalid return value for msleep in the drain path @ %s:%d", 2329 __func__, __FILE__, __LINE__)); 2330 2331 /* 2332 * We want to keep the vnode around so that we can vn_seqc_write_end 2333 * after we are done with unmount. Downgrade our reference to a mere 2334 * hold count so that we don't interefere with anything. 2335 */ 2336 if (rootvp != NULL) { 2337 vhold(rootvp); 2338 vrele(rootvp); 2339 } 2340 2341 if (mp->mnt_flag & MNT_EXPUBLIC) 2342 vfs_setpublicfs(NULL, NULL, NULL); 2343 2344 vfs_periodic(mp, MNT_WAIT); 2345 MNT_ILOCK(mp); 2346 async_flag = mp->mnt_flag & MNT_ASYNC; 2347 mp->mnt_flag &= ~MNT_ASYNC; 2348 mp->mnt_kern_flag &= ~MNTK_ASYNC; 2349 MNT_IUNLOCK(mp); 2350 vfs_deallocate_syncvnode(mp); 2351 error = VFS_UNMOUNT(mp, flags); 2352 vn_finished_write(mp); 2353 vfs_rel(mp); 2354 /* 2355 * If we failed to flush the dirty blocks for this mount point, 2356 * undo all the cdir/rdir and rootvnode changes we made above. 2357 * Unless we failed to do so because the device is reporting that 2358 * it doesn't exist anymore. 2359 */ 2360 if (error && error != ENXIO) { 2361 MNT_ILOCK(mp); 2362 if ((mp->mnt_flag & MNT_RDONLY) == 0) { 2363 MNT_IUNLOCK(mp); 2364 vfs_allocate_syncvnode(mp); 2365 MNT_ILOCK(mp); 2366 } 2367 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF); 2368 mp->mnt_flag |= async_flag; 2369 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 2370 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 2371 mp->mnt_kern_flag |= MNTK_ASYNC; 2372 if (mp->mnt_kern_flag & MNTK_MWAIT) { 2373 mp->mnt_kern_flag &= ~MNTK_MWAIT; 2374 wakeup(mp); 2375 } 2376 vfs_op_exit_locked(mp); 2377 MNT_IUNLOCK(mp); 2378 if (coveredvp) { 2379 vn_seqc_write_end(coveredvp); 2380 VOP_UNLOCK(coveredvp); 2381 vdrop(coveredvp); 2382 } 2383 if (rootvp != NULL) { 2384 vn_seqc_write_end(rootvp); 2385 vdrop(rootvp); 2386 } 2387 return (error); 2388 } 2389 2390 mtx_lock(&mountlist_mtx); 2391 TAILQ_REMOVE(&mountlist, mp, mnt_list); 2392 mtx_unlock(&mountlist_mtx); 2393 EVENTHANDLER_DIRECT_INVOKE(vfs_unmounted, mp, td); 2394 if (coveredvp != NULL) { 2395 VI_LOCK(coveredvp); 2396 vn_irflag_unset_locked(coveredvp, VIRF_MOUNTPOINT); 2397 coveredvp->v_mountedhere = NULL; 2398 vn_seqc_write_end_locked(coveredvp); 2399 VI_UNLOCK(coveredvp); 2400 VOP_UNLOCK(coveredvp); 2401 vdrop(coveredvp); 2402 } 2403 mount_devctl_event("UNMOUNT", mp, false); 2404 if (rootvp != NULL) { 2405 vn_seqc_write_end(rootvp); 2406 vdrop(rootvp); 2407 } 2408 vfs_event_signal(NULL, VQ_UNMOUNT, 0); 2409 if (rootvnode != NULL && mp == rootvnode->v_mount) { 2410 vrele(rootvnode); 2411 rootvnode = NULL; 2412 } 2413 if (mp == rootdevmp) 2414 rootdevmp = NULL; 2415 if ((flags & MNT_DEFERRED) != 0) 2416 vfs_rel(mp); 2417 vfs_mount_destroy(mp); 2418 return (0); 2419 } 2420 2421 /* 2422 * Report errors during filesystem mounting. 2423 */ 2424 void 2425 vfs_mount_error(struct mount *mp, const char *fmt, ...) 2426 { 2427 struct vfsoptlist *moptlist = mp->mnt_optnew; 2428 va_list ap; 2429 int error, len; 2430 char *errmsg; 2431 2432 error = vfs_getopt(moptlist, "errmsg", (void **)&errmsg, &len); 2433 if (error || errmsg == NULL || len <= 0) 2434 return; 2435 2436 va_start(ap, fmt); 2437 vsnprintf(errmsg, (size_t)len, fmt, ap); 2438 va_end(ap); 2439 } 2440 2441 void 2442 vfs_opterror(struct vfsoptlist *opts, const char *fmt, ...) 2443 { 2444 va_list ap; 2445 int error, len; 2446 char *errmsg; 2447 2448 error = vfs_getopt(opts, "errmsg", (void **)&errmsg, &len); 2449 if (error || errmsg == NULL || len <= 0) 2450 return; 2451 2452 va_start(ap, fmt); 2453 vsnprintf(errmsg, (size_t)len, fmt, ap); 2454 va_end(ap); 2455 } 2456 2457 /* 2458 * --------------------------------------------------------------------- 2459 * Functions for querying mount options/arguments from filesystems. 2460 */ 2461 2462 /* 2463 * Check that no unknown options are given 2464 */ 2465 int 2466 vfs_filteropt(struct vfsoptlist *opts, const char **legal) 2467 { 2468 struct vfsopt *opt; 2469 char errmsg[255]; 2470 const char **t, *p, *q; 2471 int ret = 0; 2472 2473 TAILQ_FOREACH(opt, opts, link) { 2474 p = opt->name; 2475 q = NULL; 2476 if (p[0] == 'n' && p[1] == 'o') 2477 q = p + 2; 2478 for(t = global_opts; *t != NULL; t++) { 2479 if (strcmp(*t, p) == 0) 2480 break; 2481 if (q != NULL) { 2482 if (strcmp(*t, q) == 0) 2483 break; 2484 } 2485 } 2486 if (*t != NULL) 2487 continue; 2488 for(t = legal; *t != NULL; t++) { 2489 if (strcmp(*t, p) == 0) 2490 break; 2491 if (q != NULL) { 2492 if (strcmp(*t, q) == 0) 2493 break; 2494 } 2495 } 2496 if (*t != NULL) 2497 continue; 2498 snprintf(errmsg, sizeof(errmsg), 2499 "mount option <%s> is unknown", p); 2500 ret = EINVAL; 2501 } 2502 if (ret != 0) { 2503 TAILQ_FOREACH(opt, opts, link) { 2504 if (strcmp(opt->name, "errmsg") == 0) { 2505 strncpy((char *)opt->value, errmsg, opt->len); 2506 break; 2507 } 2508 } 2509 if (opt == NULL) 2510 printf("%s\n", errmsg); 2511 } 2512 return (ret); 2513 } 2514 2515 /* 2516 * Get a mount option by its name. 2517 * 2518 * Return 0 if the option was found, ENOENT otherwise. 2519 * If len is non-NULL it will be filled with the length 2520 * of the option. If buf is non-NULL, it will be filled 2521 * with the address of the option. 2522 */ 2523 int 2524 vfs_getopt(struct vfsoptlist *opts, const char *name, void **buf, int *len) 2525 { 2526 struct vfsopt *opt; 2527 2528 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL")); 2529 2530 TAILQ_FOREACH(opt, opts, link) { 2531 if (strcmp(name, opt->name) == 0) { 2532 opt->seen = 1; 2533 if (len != NULL) 2534 *len = opt->len; 2535 if (buf != NULL) 2536 *buf = opt->value; 2537 return (0); 2538 } 2539 } 2540 return (ENOENT); 2541 } 2542 2543 int 2544 vfs_getopt_pos(struct vfsoptlist *opts, const char *name) 2545 { 2546 struct vfsopt *opt; 2547 2548 if (opts == NULL) 2549 return (-1); 2550 2551 TAILQ_FOREACH(opt, opts, link) { 2552 if (strcmp(name, opt->name) == 0) { 2553 opt->seen = 1; 2554 return (opt->pos); 2555 } 2556 } 2557 return (-1); 2558 } 2559 2560 int 2561 vfs_getopt_size(struct vfsoptlist *opts, const char *name, off_t *value) 2562 { 2563 char *opt_value, *vtp; 2564 quad_t iv; 2565 int error, opt_len; 2566 2567 error = vfs_getopt(opts, name, (void **)&opt_value, &opt_len); 2568 if (error != 0) 2569 return (error); 2570 if (opt_len == 0 || opt_value == NULL) 2571 return (EINVAL); 2572 if (opt_value[0] == '\0' || opt_value[opt_len - 1] != '\0') 2573 return (EINVAL); 2574 iv = strtoq(opt_value, &vtp, 0); 2575 if (vtp == opt_value || (vtp[0] != '\0' && vtp[1] != '\0')) 2576 return (EINVAL); 2577 if (iv < 0) 2578 return (EINVAL); 2579 switch (vtp[0]) { 2580 case 't': case 'T': 2581 iv *= 1024; 2582 /* FALLTHROUGH */ 2583 case 'g': case 'G': 2584 iv *= 1024; 2585 /* FALLTHROUGH */ 2586 case 'm': case 'M': 2587 iv *= 1024; 2588 /* FALLTHROUGH */ 2589 case 'k': case 'K': 2590 iv *= 1024; 2591 case '\0': 2592 break; 2593 default: 2594 return (EINVAL); 2595 } 2596 *value = iv; 2597 2598 return (0); 2599 } 2600 2601 char * 2602 vfs_getopts(struct vfsoptlist *opts, const char *name, int *error) 2603 { 2604 struct vfsopt *opt; 2605 2606 *error = 0; 2607 TAILQ_FOREACH(opt, opts, link) { 2608 if (strcmp(name, opt->name) != 0) 2609 continue; 2610 opt->seen = 1; 2611 if (opt->len == 0 || 2612 ((char *)opt->value)[opt->len - 1] != '\0') { 2613 *error = EINVAL; 2614 return (NULL); 2615 } 2616 return (opt->value); 2617 } 2618 *error = ENOENT; 2619 return (NULL); 2620 } 2621 2622 int 2623 vfs_flagopt(struct vfsoptlist *opts, const char *name, uint64_t *w, 2624 uint64_t val) 2625 { 2626 struct vfsopt *opt; 2627 2628 TAILQ_FOREACH(opt, opts, link) { 2629 if (strcmp(name, opt->name) == 0) { 2630 opt->seen = 1; 2631 if (w != NULL) 2632 *w |= val; 2633 return (1); 2634 } 2635 } 2636 if (w != NULL) 2637 *w &= ~val; 2638 return (0); 2639 } 2640 2641 int 2642 vfs_scanopt(struct vfsoptlist *opts, const char *name, const char *fmt, ...) 2643 { 2644 va_list ap; 2645 struct vfsopt *opt; 2646 int ret; 2647 2648 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL")); 2649 2650 TAILQ_FOREACH(opt, opts, link) { 2651 if (strcmp(name, opt->name) != 0) 2652 continue; 2653 opt->seen = 1; 2654 if (opt->len == 0 || opt->value == NULL) 2655 return (0); 2656 if (((char *)opt->value)[opt->len - 1] != '\0') 2657 return (0); 2658 va_start(ap, fmt); 2659 ret = vsscanf(opt->value, fmt, ap); 2660 va_end(ap); 2661 return (ret); 2662 } 2663 return (0); 2664 } 2665 2666 int 2667 vfs_setopt(struct vfsoptlist *opts, const char *name, void *value, int len) 2668 { 2669 struct vfsopt *opt; 2670 2671 TAILQ_FOREACH(opt, opts, link) { 2672 if (strcmp(name, opt->name) != 0) 2673 continue; 2674 opt->seen = 1; 2675 if (opt->value == NULL) 2676 opt->len = len; 2677 else { 2678 if (opt->len != len) 2679 return (EINVAL); 2680 bcopy(value, opt->value, len); 2681 } 2682 return (0); 2683 } 2684 return (ENOENT); 2685 } 2686 2687 int 2688 vfs_setopt_part(struct vfsoptlist *opts, const char *name, void *value, int len) 2689 { 2690 struct vfsopt *opt; 2691 2692 TAILQ_FOREACH(opt, opts, link) { 2693 if (strcmp(name, opt->name) != 0) 2694 continue; 2695 opt->seen = 1; 2696 if (opt->value == NULL) 2697 opt->len = len; 2698 else { 2699 if (opt->len < len) 2700 return (EINVAL); 2701 opt->len = len; 2702 bcopy(value, opt->value, len); 2703 } 2704 return (0); 2705 } 2706 return (ENOENT); 2707 } 2708 2709 int 2710 vfs_setopts(struct vfsoptlist *opts, const char *name, const char *value) 2711 { 2712 struct vfsopt *opt; 2713 2714 TAILQ_FOREACH(opt, opts, link) { 2715 if (strcmp(name, opt->name) != 0) 2716 continue; 2717 opt->seen = 1; 2718 if (opt->value == NULL) 2719 opt->len = strlen(value) + 1; 2720 else if (strlcpy(opt->value, value, opt->len) >= opt->len) 2721 return (EINVAL); 2722 return (0); 2723 } 2724 return (ENOENT); 2725 } 2726 2727 /* 2728 * Find and copy a mount option. 2729 * 2730 * The size of the buffer has to be specified 2731 * in len, if it is not the same length as the 2732 * mount option, EINVAL is returned. 2733 * Returns ENOENT if the option is not found. 2734 */ 2735 int 2736 vfs_copyopt(struct vfsoptlist *opts, const char *name, void *dest, int len) 2737 { 2738 struct vfsopt *opt; 2739 2740 KASSERT(opts != NULL, ("vfs_copyopt: caller passed 'opts' as NULL")); 2741 2742 TAILQ_FOREACH(opt, opts, link) { 2743 if (strcmp(name, opt->name) == 0) { 2744 opt->seen = 1; 2745 if (len != opt->len) 2746 return (EINVAL); 2747 bcopy(opt->value, dest, opt->len); 2748 return (0); 2749 } 2750 } 2751 return (ENOENT); 2752 } 2753 2754 int 2755 __vfs_statfs(struct mount *mp, struct statfs *sbp) 2756 { 2757 /* 2758 * Filesystems only fill in part of the structure for updates, we 2759 * have to read the entirety first to get all content. 2760 */ 2761 if (sbp != &mp->mnt_stat) 2762 memcpy(sbp, &mp->mnt_stat, sizeof(*sbp)); 2763 2764 /* 2765 * Set these in case the underlying filesystem fails to do so. 2766 */ 2767 sbp->f_version = STATFS_VERSION; 2768 sbp->f_namemax = NAME_MAX; 2769 sbp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; 2770 sbp->f_nvnodelistsize = mp->mnt_nvnodelistsize; 2771 2772 return (mp->mnt_op->vfs_statfs(mp, sbp)); 2773 } 2774 2775 void 2776 vfs_mountedfrom(struct mount *mp, const char *from) 2777 { 2778 2779 bzero(mp->mnt_stat.f_mntfromname, sizeof mp->mnt_stat.f_mntfromname); 2780 strlcpy(mp->mnt_stat.f_mntfromname, from, 2781 sizeof mp->mnt_stat.f_mntfromname); 2782 } 2783 2784 /* 2785 * --------------------------------------------------------------------- 2786 * This is the api for building mount args and mounting filesystems from 2787 * inside the kernel. 2788 * 2789 * The API works by accumulation of individual args. First error is 2790 * latched. 2791 * 2792 * XXX: should be documented in new manpage kernel_mount(9) 2793 */ 2794 2795 /* A memory allocation which must be freed when we are done */ 2796 struct mntaarg { 2797 SLIST_ENTRY(mntaarg) next; 2798 }; 2799 2800 /* The header for the mount arguments */ 2801 struct mntarg { 2802 struct iovec *v; 2803 int len; 2804 int error; 2805 SLIST_HEAD(, mntaarg) list; 2806 }; 2807 2808 /* 2809 * Add a boolean argument. 2810 * 2811 * flag is the boolean value. 2812 * name must start with "no". 2813 */ 2814 struct mntarg * 2815 mount_argb(struct mntarg *ma, int flag, const char *name) 2816 { 2817 2818 KASSERT(name[0] == 'n' && name[1] == 'o', 2819 ("mount_argb(...,%s): name must start with 'no'", name)); 2820 2821 return (mount_arg(ma, name + (flag ? 2 : 0), NULL, 0)); 2822 } 2823 2824 /* 2825 * Add an argument printf style 2826 */ 2827 struct mntarg * 2828 mount_argf(struct mntarg *ma, const char *name, const char *fmt, ...) 2829 { 2830 va_list ap; 2831 struct mntaarg *maa; 2832 struct sbuf *sb; 2833 int len; 2834 2835 if (ma == NULL) { 2836 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2837 SLIST_INIT(&ma->list); 2838 } 2839 if (ma->error) 2840 return (ma); 2841 2842 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2), 2843 M_MOUNT, M_WAITOK); 2844 ma->v[ma->len].iov_base = (void *)(uintptr_t)name; 2845 ma->v[ma->len].iov_len = strlen(name) + 1; 2846 ma->len++; 2847 2848 sb = sbuf_new_auto(); 2849 va_start(ap, fmt); 2850 sbuf_vprintf(sb, fmt, ap); 2851 va_end(ap); 2852 sbuf_finish(sb); 2853 len = sbuf_len(sb) + 1; 2854 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO); 2855 SLIST_INSERT_HEAD(&ma->list, maa, next); 2856 bcopy(sbuf_data(sb), maa + 1, len); 2857 sbuf_delete(sb); 2858 2859 ma->v[ma->len].iov_base = maa + 1; 2860 ma->v[ma->len].iov_len = len; 2861 ma->len++; 2862 2863 return (ma); 2864 } 2865 2866 /* 2867 * Add an argument which is a userland string. 2868 */ 2869 struct mntarg * 2870 mount_argsu(struct mntarg *ma, const char *name, const void *val, int len) 2871 { 2872 struct mntaarg *maa; 2873 char *tbuf; 2874 2875 if (val == NULL) 2876 return (ma); 2877 if (ma == NULL) { 2878 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2879 SLIST_INIT(&ma->list); 2880 } 2881 if (ma->error) 2882 return (ma); 2883 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO); 2884 SLIST_INSERT_HEAD(&ma->list, maa, next); 2885 tbuf = (void *)(maa + 1); 2886 ma->error = copyinstr(val, tbuf, len, NULL); 2887 return (mount_arg(ma, name, tbuf, -1)); 2888 } 2889 2890 /* 2891 * Plain argument. 2892 * 2893 * If length is -1, treat value as a C string. 2894 */ 2895 struct mntarg * 2896 mount_arg(struct mntarg *ma, const char *name, const void *val, int len) 2897 { 2898 2899 if (ma == NULL) { 2900 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2901 SLIST_INIT(&ma->list); 2902 } 2903 if (ma->error) 2904 return (ma); 2905 2906 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2), 2907 M_MOUNT, M_WAITOK); 2908 ma->v[ma->len].iov_base = (void *)(uintptr_t)name; 2909 ma->v[ma->len].iov_len = strlen(name) + 1; 2910 ma->len++; 2911 2912 ma->v[ma->len].iov_base = (void *)(uintptr_t)val; 2913 if (len < 0) 2914 ma->v[ma->len].iov_len = strlen(val) + 1; 2915 else 2916 ma->v[ma->len].iov_len = len; 2917 ma->len++; 2918 return (ma); 2919 } 2920 2921 /* 2922 * Free a mntarg structure 2923 */ 2924 static void 2925 free_mntarg(struct mntarg *ma) 2926 { 2927 struct mntaarg *maa; 2928 2929 while (!SLIST_EMPTY(&ma->list)) { 2930 maa = SLIST_FIRST(&ma->list); 2931 SLIST_REMOVE_HEAD(&ma->list, next); 2932 free(maa, M_MOUNT); 2933 } 2934 free(ma->v, M_MOUNT); 2935 free(ma, M_MOUNT); 2936 } 2937 2938 /* 2939 * Mount a filesystem 2940 */ 2941 int 2942 kernel_mount(struct mntarg *ma, uint64_t flags) 2943 { 2944 struct uio auio; 2945 int error; 2946 2947 KASSERT(ma != NULL, ("kernel_mount NULL ma")); 2948 KASSERT(ma->error != 0 || ma->v != NULL, ("kernel_mount NULL ma->v")); 2949 KASSERT(!(ma->len & 1), ("kernel_mount odd ma->len (%d)", ma->len)); 2950 2951 error = ma->error; 2952 if (error == 0) { 2953 auio.uio_iov = ma->v; 2954 auio.uio_iovcnt = ma->len; 2955 auio.uio_segflg = UIO_SYSSPACE; 2956 error = vfs_donmount(curthread, flags, &auio); 2957 } 2958 free_mntarg(ma); 2959 return (error); 2960 } 2961 2962 /* Map from mount options to printable formats. */ 2963 static struct mntoptnames optnames[] = { 2964 MNTOPT_NAMES 2965 }; 2966 2967 #define DEVCTL_LEN 1024 2968 static void 2969 mount_devctl_event(const char *type, struct mount *mp, bool donew) 2970 { 2971 const uint8_t *cp; 2972 struct mntoptnames *fp; 2973 struct sbuf sb; 2974 struct statfs *sfp = &mp->mnt_stat; 2975 char *buf; 2976 2977 buf = malloc(DEVCTL_LEN, M_MOUNT, M_NOWAIT); 2978 if (buf == NULL) 2979 return; 2980 sbuf_new(&sb, buf, DEVCTL_LEN, SBUF_FIXEDLEN); 2981 sbuf_cpy(&sb, "mount-point=\""); 2982 devctl_safe_quote_sb(&sb, sfp->f_mntonname); 2983 sbuf_cat(&sb, "\" mount-dev=\""); 2984 devctl_safe_quote_sb(&sb, sfp->f_mntfromname); 2985 sbuf_cat(&sb, "\" mount-type=\""); 2986 devctl_safe_quote_sb(&sb, sfp->f_fstypename); 2987 sbuf_cat(&sb, "\" fsid=0x"); 2988 cp = (const uint8_t *)&sfp->f_fsid.val[0]; 2989 for (int i = 0; i < sizeof(sfp->f_fsid); i++) 2990 sbuf_printf(&sb, "%02x", cp[i]); 2991 sbuf_printf(&sb, " owner=%u flags=\"", sfp->f_owner); 2992 for (fp = optnames; fp->o_opt != 0; fp++) { 2993 if ((mp->mnt_flag & fp->o_opt) != 0) { 2994 sbuf_cat(&sb, fp->o_name); 2995 sbuf_putc(&sb, ';'); 2996 } 2997 } 2998 sbuf_putc(&sb, '"'); 2999 sbuf_finish(&sb); 3000 3001 /* 3002 * Options are not published because the form of the options depends on 3003 * the file system and may include binary data. In addition, they don't 3004 * necessarily provide enough useful information to be actionable when 3005 * devd processes them. 3006 */ 3007 3008 if (sbuf_error(&sb) == 0) 3009 devctl_notify("VFS", "FS", type, sbuf_data(&sb)); 3010 sbuf_delete(&sb); 3011 free(buf, M_MOUNT); 3012 } 3013 3014 /* 3015 * Force remount specified mount point to read-only. The argument 3016 * must be busied to avoid parallel unmount attempts. 3017 * 3018 * Intended use is to prevent further writes if some metadata 3019 * inconsistency is detected. Note that the function still flushes 3020 * all cached metadata and data for the mount point, which might be 3021 * not always suitable. 3022 */ 3023 int 3024 vfs_remount_ro(struct mount *mp) 3025 { 3026 struct vfsoptlist *opts; 3027 struct vfsopt *opt; 3028 struct vnode *vp_covered, *rootvp; 3029 int error; 3030 3031 vfs_op_enter(mp); 3032 KASSERT(mp->mnt_lockref > 0, 3033 ("vfs_remount_ro: mp %p is not busied", mp)); 3034 KASSERT((mp->mnt_kern_flag & MNTK_UNMOUNT) == 0, 3035 ("vfs_remount_ro: mp %p is being unmounted (and busy?)", mp)); 3036 3037 rootvp = NULL; 3038 vp_covered = mp->mnt_vnodecovered; 3039 error = vget(vp_covered, LK_EXCLUSIVE | LK_NOWAIT); 3040 if (error != 0) { 3041 vfs_op_exit(mp); 3042 return (error); 3043 } 3044 VI_LOCK(vp_covered); 3045 if ((vp_covered->v_iflag & VI_MOUNT) != 0) { 3046 VI_UNLOCK(vp_covered); 3047 vput(vp_covered); 3048 vfs_op_exit(mp); 3049 return (EBUSY); 3050 } 3051 vp_covered->v_iflag |= VI_MOUNT; 3052 VI_UNLOCK(vp_covered); 3053 vn_seqc_write_begin(vp_covered); 3054 3055 MNT_ILOCK(mp); 3056 if ((mp->mnt_flag & MNT_RDONLY) != 0) { 3057 MNT_IUNLOCK(mp); 3058 error = EBUSY; 3059 goto out; 3060 } 3061 mp->mnt_flag |= MNT_UPDATE | MNT_FORCE | MNT_RDONLY; 3062 rootvp = vfs_cache_root_clear(mp); 3063 MNT_IUNLOCK(mp); 3064 3065 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK | M_ZERO); 3066 TAILQ_INIT(opts); 3067 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK | M_ZERO); 3068 opt->name = strdup("ro", M_MOUNT); 3069 opt->value = NULL; 3070 TAILQ_INSERT_TAIL(opts, opt, link); 3071 vfs_mergeopts(opts, mp->mnt_opt); 3072 mp->mnt_optnew = opts; 3073 3074 error = VFS_MOUNT(mp); 3075 3076 if (error == 0) { 3077 MNT_ILOCK(mp); 3078 mp->mnt_flag &= ~(MNT_UPDATE | MNT_FORCE); 3079 MNT_IUNLOCK(mp); 3080 vfs_deallocate_syncvnode(mp); 3081 if (mp->mnt_opt != NULL) 3082 vfs_freeopts(mp->mnt_opt); 3083 mp->mnt_opt = mp->mnt_optnew; 3084 } else { 3085 MNT_ILOCK(mp); 3086 mp->mnt_flag &= ~(MNT_UPDATE | MNT_FORCE | MNT_RDONLY); 3087 MNT_IUNLOCK(mp); 3088 vfs_freeopts(mp->mnt_optnew); 3089 } 3090 mp->mnt_optnew = NULL; 3091 3092 out: 3093 vfs_op_exit(mp); 3094 VI_LOCK(vp_covered); 3095 vp_covered->v_iflag &= ~VI_MOUNT; 3096 VI_UNLOCK(vp_covered); 3097 vput(vp_covered); 3098 vn_seqc_write_end(vp_covered); 3099 if (rootvp != NULL) { 3100 vn_seqc_write_end(rootvp); 3101 vrele(rootvp); 3102 } 3103 return (error); 3104 } 3105 3106 /* 3107 * Suspend write operations on all local writeable filesystems. Does 3108 * full sync of them in the process. 3109 * 3110 * Iterate over the mount points in reverse order, suspending most 3111 * recently mounted filesystems first. It handles a case where a 3112 * filesystem mounted from a md(4) vnode-backed device should be 3113 * suspended before the filesystem that owns the vnode. 3114 */ 3115 void 3116 suspend_all_fs(void) 3117 { 3118 struct mount *mp; 3119 int error; 3120 3121 mtx_lock(&mountlist_mtx); 3122 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 3123 error = vfs_busy(mp, MBF_MNTLSTLOCK | MBF_NOWAIT); 3124 if (error != 0) 3125 continue; 3126 if ((mp->mnt_flag & (MNT_RDONLY | MNT_LOCAL)) != MNT_LOCAL || 3127 (mp->mnt_kern_flag & MNTK_SUSPEND) != 0) { 3128 mtx_lock(&mountlist_mtx); 3129 vfs_unbusy(mp); 3130 continue; 3131 } 3132 error = vfs_write_suspend(mp, 0); 3133 if (error == 0) { 3134 MNT_ILOCK(mp); 3135 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0); 3136 mp->mnt_kern_flag |= MNTK_SUSPEND_ALL; 3137 MNT_IUNLOCK(mp); 3138 mtx_lock(&mountlist_mtx); 3139 } else { 3140 printf("suspend of %s failed, error %d\n", 3141 mp->mnt_stat.f_mntonname, error); 3142 mtx_lock(&mountlist_mtx); 3143 vfs_unbusy(mp); 3144 } 3145 } 3146 mtx_unlock(&mountlist_mtx); 3147 } 3148 3149 /* 3150 * Clone the mnt_exjail field to a new mount point. 3151 */ 3152 void 3153 vfs_exjail_clone(struct mount *inmp, struct mount *outmp) 3154 { 3155 struct ucred *cr; 3156 struct prison *pr; 3157 3158 MNT_ILOCK(inmp); 3159 cr = inmp->mnt_exjail; 3160 if (cr != NULL) { 3161 crhold(cr); 3162 MNT_IUNLOCK(inmp); 3163 pr = cr->cr_prison; 3164 sx_slock(&allprison_lock); 3165 if (!prison_isalive(pr)) { 3166 sx_sunlock(&allprison_lock); 3167 crfree(cr); 3168 return; 3169 } 3170 MNT_ILOCK(outmp); 3171 if (outmp->mnt_exjail == NULL) { 3172 outmp->mnt_exjail = cr; 3173 atomic_add_int(&pr->pr_exportcnt, 1); 3174 cr = NULL; 3175 } 3176 MNT_IUNLOCK(outmp); 3177 sx_sunlock(&allprison_lock); 3178 if (cr != NULL) 3179 crfree(cr); 3180 } else 3181 MNT_IUNLOCK(inmp); 3182 } 3183 3184 void 3185 resume_all_fs(void) 3186 { 3187 struct mount *mp; 3188 3189 mtx_lock(&mountlist_mtx); 3190 TAILQ_FOREACH(mp, &mountlist, mnt_list) { 3191 if ((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0) 3192 continue; 3193 mtx_unlock(&mountlist_mtx); 3194 MNT_ILOCK(mp); 3195 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND) != 0); 3196 mp->mnt_kern_flag &= ~MNTK_SUSPEND_ALL; 3197 MNT_IUNLOCK(mp); 3198 vfs_write_resume(mp, 0); 3199 mtx_lock(&mountlist_mtx); 3200 vfs_unbusy(mp); 3201 } 3202 mtx_unlock(&mountlist_mtx); 3203 } 3204