1 /*- 2 * Copyright (c) 1999-2004 Poul-Henning Kamp 3 * Copyright (c) 1999 Michael Smith 4 * Copyright (c) 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 4. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 */ 36 37 #include <sys/cdefs.h> 38 __FBSDID("$FreeBSD$"); 39 40 #include <sys/param.h> 41 #include <sys/conf.h> 42 #include <sys/fcntl.h> 43 #include <sys/jail.h> 44 #include <sys/kernel.h> 45 #include <sys/libkern.h> 46 #include <sys/malloc.h> 47 #include <sys/mount.h> 48 #include <sys/mutex.h> 49 #include <sys/namei.h> 50 #include <sys/priv.h> 51 #include <sys/proc.h> 52 #include <sys/filedesc.h> 53 #include <sys/reboot.h> 54 #include <sys/syscallsubr.h> 55 #include <sys/sysproto.h> 56 #include <sys/sx.h> 57 #include <sys/sysctl.h> 58 #include <sys/sysent.h> 59 #include <sys/systm.h> 60 #include <sys/vnode.h> 61 #include <vm/uma.h> 62 63 #include <geom/geom.h> 64 65 #include <machine/stdarg.h> 66 67 #include <security/audit/audit.h> 68 #include <security/mac/mac_framework.h> 69 70 #define VFS_MOUNTARG_SIZE_MAX (1024 * 64) 71 72 static int vfs_domount(struct thread *td, const char *fstype, 73 char *fspath, int fsflags, struct vfsoptlist **optlist); 74 static void free_mntarg(struct mntarg *ma); 75 76 static int usermount = 0; 77 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0, 78 "Unprivileged users may mount and unmount file systems"); 79 80 MALLOC_DEFINE(M_MOUNT, "mount", "vfs mount structure"); 81 MALLOC_DEFINE(M_VNODE_MARKER, "vnodemarker", "vnode marker"); 82 static uma_zone_t mount_zone; 83 84 /* List of mounted filesystems. */ 85 struct mntlist mountlist = TAILQ_HEAD_INITIALIZER(mountlist); 86 87 /* For any iteration/modification of mountlist */ 88 struct mtx mountlist_mtx; 89 MTX_SYSINIT(mountlist, &mountlist_mtx, "mountlist", MTX_DEF); 90 91 /* 92 * Global opts, taken by all filesystems 93 */ 94 static const char *global_opts[] = { 95 "errmsg", 96 "fstype", 97 "fspath", 98 "ro", 99 "rw", 100 "nosuid", 101 "noexec", 102 NULL 103 }; 104 105 static int 106 mount_init(void *mem, int size, int flags) 107 { 108 struct mount *mp; 109 110 mp = (struct mount *)mem; 111 mtx_init(&mp->mnt_mtx, "struct mount mtx", NULL, MTX_DEF); 112 lockinit(&mp->mnt_explock, PVFS, "explock", 0, 0); 113 return (0); 114 } 115 116 static void 117 mount_fini(void *mem, int size) 118 { 119 struct mount *mp; 120 121 mp = (struct mount *)mem; 122 lockdestroy(&mp->mnt_explock); 123 mtx_destroy(&mp->mnt_mtx); 124 } 125 126 static void 127 vfs_mount_init(void *dummy __unused) 128 { 129 130 mount_zone = uma_zcreate("Mountpoints", sizeof(struct mount), NULL, 131 NULL, mount_init, mount_fini, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); 132 } 133 SYSINIT(vfs_mount, SI_SUB_VFS, SI_ORDER_ANY, vfs_mount_init, NULL); 134 135 /* 136 * --------------------------------------------------------------------- 137 * Functions for building and sanitizing the mount options 138 */ 139 140 /* Remove one mount option. */ 141 static void 142 vfs_freeopt(struct vfsoptlist *opts, struct vfsopt *opt) 143 { 144 145 TAILQ_REMOVE(opts, opt, link); 146 free(opt->name, M_MOUNT); 147 if (opt->value != NULL) 148 free(opt->value, M_MOUNT); 149 free(opt, M_MOUNT); 150 } 151 152 /* Release all resources related to the mount options. */ 153 void 154 vfs_freeopts(struct vfsoptlist *opts) 155 { 156 struct vfsopt *opt; 157 158 while (!TAILQ_EMPTY(opts)) { 159 opt = TAILQ_FIRST(opts); 160 vfs_freeopt(opts, opt); 161 } 162 free(opts, M_MOUNT); 163 } 164 165 void 166 vfs_deleteopt(struct vfsoptlist *opts, const char *name) 167 { 168 struct vfsopt *opt, *temp; 169 170 if (opts == NULL) 171 return; 172 TAILQ_FOREACH_SAFE(opt, opts, link, temp) { 173 if (strcmp(opt->name, name) == 0) 174 vfs_freeopt(opts, opt); 175 } 176 } 177 178 static int 179 vfs_isopt_ro(const char *opt) 180 { 181 182 if (strcmp(opt, "ro") == 0 || strcmp(opt, "rdonly") == 0 || 183 strcmp(opt, "norw") == 0) 184 return (1); 185 return (0); 186 } 187 188 static int 189 vfs_isopt_rw(const char *opt) 190 { 191 192 if (strcmp(opt, "rw") == 0 || strcmp(opt, "noro") == 0) 193 return (1); 194 return (0); 195 } 196 197 /* 198 * Check if options are equal (with or without the "no" prefix). 199 */ 200 static int 201 vfs_equalopts(const char *opt1, const char *opt2) 202 { 203 char *p; 204 205 /* "opt" vs. "opt" or "noopt" vs. "noopt" */ 206 if (strcmp(opt1, opt2) == 0) 207 return (1); 208 /* "noopt" vs. "opt" */ 209 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0) 210 return (1); 211 /* "opt" vs. "noopt" */ 212 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0) 213 return (1); 214 while ((p = strchr(opt1, '.')) != NULL && 215 !strncmp(opt1, opt2, ++p - opt1)) { 216 opt2 += p - opt1; 217 opt1 = p; 218 /* "foo.noopt" vs. "foo.opt" */ 219 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0) 220 return (1); 221 /* "foo.opt" vs. "foo.noopt" */ 222 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0) 223 return (1); 224 } 225 /* "ro" / "rdonly" / "norw" / "rw" / "noro" */ 226 if ((vfs_isopt_ro(opt1) || vfs_isopt_rw(opt1)) && 227 (vfs_isopt_ro(opt2) || vfs_isopt_rw(opt2))) 228 return (1); 229 return (0); 230 } 231 232 /* 233 * If a mount option is specified several times, 234 * (with or without the "no" prefix) only keep 235 * the last occurence of it. 236 */ 237 static void 238 vfs_sanitizeopts(struct vfsoptlist *opts) 239 { 240 struct vfsopt *opt, *opt2, *tmp; 241 242 TAILQ_FOREACH_REVERSE(opt, opts, vfsoptlist, link) { 243 opt2 = TAILQ_PREV(opt, vfsoptlist, link); 244 while (opt2 != NULL) { 245 if (vfs_equalopts(opt->name, opt2->name)) { 246 tmp = TAILQ_PREV(opt2, vfsoptlist, link); 247 vfs_freeopt(opts, opt2); 248 opt2 = tmp; 249 } else { 250 opt2 = TAILQ_PREV(opt2, vfsoptlist, link); 251 } 252 } 253 } 254 } 255 256 /* 257 * Build a linked list of mount options from a struct uio. 258 */ 259 int 260 vfs_buildopts(struct uio *auio, struct vfsoptlist **options) 261 { 262 struct vfsoptlist *opts; 263 struct vfsopt *opt; 264 size_t memused, namelen, optlen; 265 unsigned int i, iovcnt; 266 int error; 267 268 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK); 269 TAILQ_INIT(opts); 270 memused = 0; 271 iovcnt = auio->uio_iovcnt; 272 for (i = 0; i < iovcnt; i += 2) { 273 namelen = auio->uio_iov[i].iov_len; 274 optlen = auio->uio_iov[i + 1].iov_len; 275 memused += sizeof(struct vfsopt) + optlen + namelen; 276 /* 277 * Avoid consuming too much memory, and attempts to overflow 278 * memused. 279 */ 280 if (memused > VFS_MOUNTARG_SIZE_MAX || 281 optlen > VFS_MOUNTARG_SIZE_MAX || 282 namelen > VFS_MOUNTARG_SIZE_MAX) { 283 error = EINVAL; 284 goto bad; 285 } 286 287 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK); 288 opt->name = malloc(namelen, M_MOUNT, M_WAITOK); 289 opt->value = NULL; 290 opt->len = 0; 291 opt->pos = i / 2; 292 opt->seen = 0; 293 294 /* 295 * Do this early, so jumps to "bad" will free the current 296 * option. 297 */ 298 TAILQ_INSERT_TAIL(opts, opt, link); 299 300 if (auio->uio_segflg == UIO_SYSSPACE) { 301 bcopy(auio->uio_iov[i].iov_base, opt->name, namelen); 302 } else { 303 error = copyin(auio->uio_iov[i].iov_base, opt->name, 304 namelen); 305 if (error) 306 goto bad; 307 } 308 /* Ensure names are null-terminated strings. */ 309 if (namelen == 0 || opt->name[namelen - 1] != '\0') { 310 error = EINVAL; 311 goto bad; 312 } 313 if (optlen != 0) { 314 opt->len = optlen; 315 opt->value = malloc(optlen, M_MOUNT, M_WAITOK); 316 if (auio->uio_segflg == UIO_SYSSPACE) { 317 bcopy(auio->uio_iov[i + 1].iov_base, opt->value, 318 optlen); 319 } else { 320 error = copyin(auio->uio_iov[i + 1].iov_base, 321 opt->value, optlen); 322 if (error) 323 goto bad; 324 } 325 } 326 } 327 vfs_sanitizeopts(opts); 328 *options = opts; 329 return (0); 330 bad: 331 vfs_freeopts(opts); 332 return (error); 333 } 334 335 /* 336 * Merge the old mount options with the new ones passed 337 * in the MNT_UPDATE case. 338 * 339 * XXX: This function will keep a "nofoo" option in the new 340 * options. E.g, if the option's canonical name is "foo", 341 * "nofoo" ends up in the mount point's active options. 342 */ 343 static void 344 vfs_mergeopts(struct vfsoptlist *toopts, struct vfsoptlist *oldopts) 345 { 346 struct vfsopt *opt, *new; 347 348 TAILQ_FOREACH(opt, oldopts, link) { 349 new = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK); 350 new->name = strdup(opt->name, M_MOUNT); 351 if (opt->len != 0) { 352 new->value = malloc(opt->len, M_MOUNT, M_WAITOK); 353 bcopy(opt->value, new->value, opt->len); 354 } else 355 new->value = NULL; 356 new->len = opt->len; 357 new->seen = opt->seen; 358 TAILQ_INSERT_HEAD(toopts, new, link); 359 } 360 vfs_sanitizeopts(toopts); 361 } 362 363 /* 364 * Mount a filesystem. 365 */ 366 int 367 nmount(td, uap) 368 struct thread *td; 369 struct nmount_args /* { 370 struct iovec *iovp; 371 unsigned int iovcnt; 372 int flags; 373 } */ *uap; 374 { 375 struct uio *auio; 376 int error; 377 u_int iovcnt; 378 379 AUDIT_ARG_FFLAGS(uap->flags); 380 CTR4(KTR_VFS, "%s: iovp %p with iovcnt %d and flags %d", __func__, 381 uap->iovp, uap->iovcnt, uap->flags); 382 383 /* 384 * Filter out MNT_ROOTFS. We do not want clients of nmount() in 385 * userspace to set this flag, but we must filter it out if we want 386 * MNT_UPDATE on the root file system to work. 387 * MNT_ROOTFS should only be set by the kernel when mounting its 388 * root file system. 389 */ 390 uap->flags &= ~MNT_ROOTFS; 391 392 iovcnt = uap->iovcnt; 393 /* 394 * Check that we have an even number of iovec's 395 * and that we have at least two options. 396 */ 397 if ((iovcnt & 1) || (iovcnt < 4)) { 398 CTR2(KTR_VFS, "%s: failed for invalid iovcnt %d", __func__, 399 uap->iovcnt); 400 return (EINVAL); 401 } 402 403 error = copyinuio(uap->iovp, iovcnt, &auio); 404 if (error) { 405 CTR2(KTR_VFS, "%s: failed for invalid uio op with %d errno", 406 __func__, error); 407 return (error); 408 } 409 error = vfs_donmount(td, uap->flags, auio); 410 411 free(auio, M_IOV); 412 return (error); 413 } 414 415 /* 416 * --------------------------------------------------------------------- 417 * Various utility functions 418 */ 419 420 void 421 vfs_ref(struct mount *mp) 422 { 423 424 CTR2(KTR_VFS, "%s: mp %p", __func__, mp); 425 MNT_ILOCK(mp); 426 MNT_REF(mp); 427 MNT_IUNLOCK(mp); 428 } 429 430 void 431 vfs_rel(struct mount *mp) 432 { 433 434 CTR2(KTR_VFS, "%s: mp %p", __func__, mp); 435 MNT_ILOCK(mp); 436 MNT_REL(mp); 437 MNT_IUNLOCK(mp); 438 } 439 440 /* 441 * Allocate and initialize the mount point struct. 442 */ 443 struct mount * 444 vfs_mount_alloc(struct vnode *vp, struct vfsconf *vfsp, const char *fspath, 445 struct ucred *cred) 446 { 447 struct mount *mp; 448 449 mp = uma_zalloc(mount_zone, M_WAITOK); 450 bzero(&mp->mnt_startzero, 451 __rangeof(struct mount, mnt_startzero, mnt_endzero)); 452 TAILQ_INIT(&mp->mnt_nvnodelist); 453 mp->mnt_nvnodelistsize = 0; 454 mp->mnt_ref = 0; 455 (void) vfs_busy(mp, MBF_NOWAIT); 456 mp->mnt_op = vfsp->vfc_vfsops; 457 mp->mnt_vfc = vfsp; 458 vfsp->vfc_refcount++; /* XXX Unlocked */ 459 mp->mnt_stat.f_type = vfsp->vfc_typenum; 460 mp->mnt_gen++; 461 strlcpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN); 462 mp->mnt_vnodecovered = vp; 463 mp->mnt_cred = crdup(cred); 464 mp->mnt_stat.f_owner = cred->cr_uid; 465 strlcpy(mp->mnt_stat.f_mntonname, fspath, MNAMELEN); 466 mp->mnt_iosize_max = DFLTPHYS; 467 #ifdef MAC 468 mac_mount_init(mp); 469 mac_mount_create(cred, mp); 470 #endif 471 arc4rand(&mp->mnt_hashseed, sizeof mp->mnt_hashseed, 0); 472 return (mp); 473 } 474 475 /* 476 * Destroy the mount struct previously allocated by vfs_mount_alloc(). 477 */ 478 void 479 vfs_mount_destroy(struct mount *mp) 480 { 481 482 MNT_ILOCK(mp); 483 mp->mnt_kern_flag |= MNTK_REFEXPIRE; 484 if (mp->mnt_kern_flag & MNTK_MWAIT) { 485 mp->mnt_kern_flag &= ~MNTK_MWAIT; 486 wakeup(mp); 487 } 488 while (mp->mnt_ref) 489 msleep(mp, MNT_MTX(mp), PVFS, "mntref", 0); 490 KASSERT(mp->mnt_ref == 0, 491 ("%s: invalid refcount in the drain path @ %s:%d", __func__, 492 __FILE__, __LINE__)); 493 if (mp->mnt_writeopcount != 0) 494 panic("vfs_mount_destroy: nonzero writeopcount"); 495 if (mp->mnt_secondary_writes != 0) 496 panic("vfs_mount_destroy: nonzero secondary_writes"); 497 mp->mnt_vfc->vfc_refcount--; 498 if (!TAILQ_EMPTY(&mp->mnt_nvnodelist)) { 499 struct vnode *vp; 500 501 TAILQ_FOREACH(vp, &mp->mnt_nvnodelist, v_nmntvnodes) 502 vprint("", vp); 503 panic("unmount: dangling vnode"); 504 } 505 if (mp->mnt_nvnodelistsize != 0) 506 panic("vfs_mount_destroy: nonzero nvnodelistsize"); 507 if (mp->mnt_lockref != 0) 508 panic("vfs_mount_destroy: nonzero lock refcount"); 509 MNT_IUNLOCK(mp); 510 #ifdef MAC 511 mac_mount_destroy(mp); 512 #endif 513 if (mp->mnt_opt != NULL) 514 vfs_freeopts(mp->mnt_opt); 515 crfree(mp->mnt_cred); 516 uma_zfree(mount_zone, mp); 517 } 518 519 int 520 vfs_donmount(struct thread *td, int fsflags, struct uio *fsoptions) 521 { 522 struct vfsoptlist *optlist; 523 struct vfsopt *opt, *tmp_opt; 524 char *fstype, *fspath, *errmsg; 525 int error, fstypelen, fspathlen, errmsg_len, errmsg_pos; 526 527 errmsg = fspath = NULL; 528 errmsg_len = fspathlen = 0; 529 errmsg_pos = -1; 530 531 error = vfs_buildopts(fsoptions, &optlist); 532 if (error) 533 return (error); 534 535 if (vfs_getopt(optlist, "errmsg", (void **)&errmsg, &errmsg_len) == 0) 536 errmsg_pos = vfs_getopt_pos(optlist, "errmsg"); 537 538 /* 539 * We need these two options before the others, 540 * and they are mandatory for any filesystem. 541 * Ensure they are NUL terminated as well. 542 */ 543 fstypelen = 0; 544 error = vfs_getopt(optlist, "fstype", (void **)&fstype, &fstypelen); 545 if (error || fstype[fstypelen - 1] != '\0') { 546 error = EINVAL; 547 if (errmsg != NULL) 548 strncpy(errmsg, "Invalid fstype", errmsg_len); 549 goto bail; 550 } 551 fspathlen = 0; 552 error = vfs_getopt(optlist, "fspath", (void **)&fspath, &fspathlen); 553 if (error || fspath[fspathlen - 1] != '\0') { 554 error = EINVAL; 555 if (errmsg != NULL) 556 strncpy(errmsg, "Invalid fspath", errmsg_len); 557 goto bail; 558 } 559 560 /* 561 * We need to see if we have the "update" option 562 * before we call vfs_domount(), since vfs_domount() has special 563 * logic based on MNT_UPDATE. This is very important 564 * when we want to update the root filesystem. 565 */ 566 TAILQ_FOREACH_SAFE(opt, optlist, link, tmp_opt) { 567 if (strcmp(opt->name, "update") == 0) { 568 fsflags |= MNT_UPDATE; 569 vfs_freeopt(optlist, opt); 570 } 571 else if (strcmp(opt->name, "async") == 0) 572 fsflags |= MNT_ASYNC; 573 else if (strcmp(opt->name, "force") == 0) { 574 fsflags |= MNT_FORCE; 575 vfs_freeopt(optlist, opt); 576 } 577 else if (strcmp(opt->name, "reload") == 0) { 578 fsflags |= MNT_RELOAD; 579 vfs_freeopt(optlist, opt); 580 } 581 else if (strcmp(opt->name, "multilabel") == 0) 582 fsflags |= MNT_MULTILABEL; 583 else if (strcmp(opt->name, "noasync") == 0) 584 fsflags &= ~MNT_ASYNC; 585 else if (strcmp(opt->name, "noatime") == 0) 586 fsflags |= MNT_NOATIME; 587 else if (strcmp(opt->name, "atime") == 0) { 588 free(opt->name, M_MOUNT); 589 opt->name = strdup("nonoatime", M_MOUNT); 590 } 591 else if (strcmp(opt->name, "noclusterr") == 0) 592 fsflags |= MNT_NOCLUSTERR; 593 else if (strcmp(opt->name, "clusterr") == 0) { 594 free(opt->name, M_MOUNT); 595 opt->name = strdup("nonoclusterr", M_MOUNT); 596 } 597 else if (strcmp(opt->name, "noclusterw") == 0) 598 fsflags |= MNT_NOCLUSTERW; 599 else if (strcmp(opt->name, "clusterw") == 0) { 600 free(opt->name, M_MOUNT); 601 opt->name = strdup("nonoclusterw", M_MOUNT); 602 } 603 else if (strcmp(opt->name, "noexec") == 0) 604 fsflags |= MNT_NOEXEC; 605 else if (strcmp(opt->name, "exec") == 0) { 606 free(opt->name, M_MOUNT); 607 opt->name = strdup("nonoexec", M_MOUNT); 608 } 609 else if (strcmp(opt->name, "nosuid") == 0) 610 fsflags |= MNT_NOSUID; 611 else if (strcmp(opt->name, "suid") == 0) { 612 free(opt->name, M_MOUNT); 613 opt->name = strdup("nonosuid", M_MOUNT); 614 } 615 else if (strcmp(opt->name, "nosymfollow") == 0) 616 fsflags |= MNT_NOSYMFOLLOW; 617 else if (strcmp(opt->name, "symfollow") == 0) { 618 free(opt->name, M_MOUNT); 619 opt->name = strdup("nonosymfollow", M_MOUNT); 620 } 621 else if (strcmp(opt->name, "noro") == 0) 622 fsflags &= ~MNT_RDONLY; 623 else if (strcmp(opt->name, "rw") == 0) 624 fsflags &= ~MNT_RDONLY; 625 else if (strcmp(opt->name, "ro") == 0) 626 fsflags |= MNT_RDONLY; 627 else if (strcmp(opt->name, "rdonly") == 0) { 628 free(opt->name, M_MOUNT); 629 opt->name = strdup("ro", M_MOUNT); 630 fsflags |= MNT_RDONLY; 631 } 632 else if (strcmp(opt->name, "suiddir") == 0) 633 fsflags |= MNT_SUIDDIR; 634 else if (strcmp(opt->name, "sync") == 0) 635 fsflags |= MNT_SYNCHRONOUS; 636 else if (strcmp(opt->name, "union") == 0) 637 fsflags |= MNT_UNION; 638 } 639 640 /* 641 * Be ultra-paranoid about making sure the type and fspath 642 * variables will fit in our mp buffers, including the 643 * terminating NUL. 644 */ 645 if (fstypelen >= MFSNAMELEN - 1 || fspathlen >= MNAMELEN - 1) { 646 error = ENAMETOOLONG; 647 goto bail; 648 } 649 650 error = vfs_domount(td, fstype, fspath, fsflags, &optlist); 651 bail: 652 /* copyout the errmsg */ 653 if (errmsg_pos != -1 && ((2 * errmsg_pos + 1) < fsoptions->uio_iovcnt) 654 && errmsg_len > 0 && errmsg != NULL) { 655 if (fsoptions->uio_segflg == UIO_SYSSPACE) { 656 bcopy(errmsg, 657 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, 658 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); 659 } else { 660 copyout(errmsg, 661 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, 662 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); 663 } 664 } 665 666 if (optlist != NULL) 667 vfs_freeopts(optlist); 668 return (error); 669 } 670 671 /* 672 * Old mount API. 673 */ 674 #ifndef _SYS_SYSPROTO_H_ 675 struct mount_args { 676 char *type; 677 char *path; 678 int flags; 679 caddr_t data; 680 }; 681 #endif 682 /* ARGSUSED */ 683 int 684 mount(td, uap) 685 struct thread *td; 686 struct mount_args /* { 687 char *type; 688 char *path; 689 int flags; 690 caddr_t data; 691 } */ *uap; 692 { 693 char *fstype; 694 struct vfsconf *vfsp = NULL; 695 struct mntarg *ma = NULL; 696 int error; 697 698 AUDIT_ARG_FFLAGS(uap->flags); 699 700 /* 701 * Filter out MNT_ROOTFS. We do not want clients of mount() in 702 * userspace to set this flag, but we must filter it out if we want 703 * MNT_UPDATE on the root file system to work. 704 * MNT_ROOTFS should only be set by the kernel when mounting its 705 * root file system. 706 */ 707 uap->flags &= ~MNT_ROOTFS; 708 709 fstype = malloc(MFSNAMELEN, M_TEMP, M_WAITOK); 710 error = copyinstr(uap->type, fstype, MFSNAMELEN, NULL); 711 if (error) { 712 free(fstype, M_TEMP); 713 return (error); 714 } 715 716 AUDIT_ARG_TEXT(fstype); 717 mtx_lock(&Giant); 718 vfsp = vfs_byname_kld(fstype, td, &error); 719 free(fstype, M_TEMP); 720 if (vfsp == NULL) { 721 mtx_unlock(&Giant); 722 return (ENOENT); 723 } 724 if (vfsp->vfc_vfsops->vfs_cmount == NULL) { 725 mtx_unlock(&Giant); 726 return (EOPNOTSUPP); 727 } 728 729 ma = mount_argsu(ma, "fstype", uap->type, MNAMELEN); 730 ma = mount_argsu(ma, "fspath", uap->path, MNAMELEN); 731 ma = mount_argb(ma, uap->flags & MNT_RDONLY, "noro"); 732 ma = mount_argb(ma, !(uap->flags & MNT_NOSUID), "nosuid"); 733 ma = mount_argb(ma, !(uap->flags & MNT_NOEXEC), "noexec"); 734 735 error = vfsp->vfc_vfsops->vfs_cmount(ma, uap->data, uap->flags); 736 mtx_unlock(&Giant); 737 return (error); 738 } 739 740 /* 741 * vfs_domount_first(): first file system mount (not update) 742 */ 743 static int 744 vfs_domount_first( 745 struct thread *td, /* Calling thread. */ 746 struct vfsconf *vfsp, /* File system type. */ 747 char *fspath, /* Mount path. */ 748 struct vnode *vp, /* Vnode to be covered. */ 749 int fsflags, /* Flags common to all filesystems. */ 750 struct vfsoptlist **optlist /* Options local to the filesystem. */ 751 ) 752 { 753 struct vattr va; 754 struct mount *mp; 755 struct vnode *newdp; 756 int error; 757 758 mtx_assert(&Giant, MA_OWNED); 759 ASSERT_VOP_ELOCKED(vp, __func__); 760 KASSERT((fsflags & MNT_UPDATE) == 0, ("MNT_UPDATE shouldn't be here")); 761 762 /* 763 * If the user is not root, ensure that they own the directory 764 * onto which we are attempting to mount. 765 */ 766 error = VOP_GETATTR(vp, &va, td->td_ucred); 767 if (error == 0 && va.va_uid != td->td_ucred->cr_uid) 768 error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN, 0); 769 if (error == 0) 770 error = vinvalbuf(vp, V_SAVE, 0, 0); 771 if (error == 0 && vp->v_type != VDIR) 772 error = ENOTDIR; 773 if (error == 0) { 774 VI_LOCK(vp); 775 if ((vp->v_iflag & VI_MOUNT) == 0 && vp->v_mountedhere == NULL) 776 vp->v_iflag |= VI_MOUNT; 777 else 778 error = EBUSY; 779 VI_UNLOCK(vp); 780 } 781 if (error != 0) { 782 vput(vp); 783 return (error); 784 } 785 VOP_UNLOCK(vp, 0); 786 787 /* Allocate and initialize the filesystem. */ 788 mp = vfs_mount_alloc(vp, vfsp, fspath, td->td_ucred); 789 /* XXXMAC: pass to vfs_mount_alloc? */ 790 mp->mnt_optnew = *optlist; 791 /* Set the mount level flags. */ 792 mp->mnt_flag = (fsflags & (MNT_UPDATEMASK | MNT_ROOTFS | MNT_RDONLY)); 793 794 /* 795 * Mount the filesystem. 796 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they 797 * get. No freeing of cn_pnbuf. 798 */ 799 error = VFS_MOUNT(mp); 800 if (error != 0) { 801 vfs_unbusy(mp); 802 vfs_mount_destroy(mp); 803 VI_LOCK(vp); 804 vp->v_iflag &= ~VI_MOUNT; 805 VI_UNLOCK(vp); 806 vrele(vp); 807 return (error); 808 } 809 810 if (mp->mnt_opt != NULL) 811 vfs_freeopts(mp->mnt_opt); 812 mp->mnt_opt = mp->mnt_optnew; 813 *optlist = NULL; 814 (void)VFS_STATFS(mp, &mp->mnt_stat); 815 816 /* 817 * Prevent external consumers of mount options from reading mnt_optnew. 818 */ 819 mp->mnt_optnew = NULL; 820 821 MNT_ILOCK(mp); 822 if ((mp->mnt_flag & MNT_ASYNC) != 0 && mp->mnt_noasync == 0) 823 mp->mnt_kern_flag |= MNTK_ASYNC; 824 else 825 mp->mnt_kern_flag &= ~MNTK_ASYNC; 826 MNT_IUNLOCK(mp); 827 828 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 829 cache_purge(vp); 830 VI_LOCK(vp); 831 vp->v_iflag &= ~VI_MOUNT; 832 VI_UNLOCK(vp); 833 vp->v_mountedhere = mp; 834 /* Place the new filesystem at the end of the mount list. */ 835 mtx_lock(&mountlist_mtx); 836 TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list); 837 mtx_unlock(&mountlist_mtx); 838 vfs_event_signal(NULL, VQ_MOUNT, 0); 839 if (VFS_ROOT(mp, LK_EXCLUSIVE, &newdp)) 840 panic("mount: lost mount"); 841 VOP_UNLOCK(newdp, 0); 842 VOP_UNLOCK(vp, 0); 843 mountcheckdirs(vp, newdp); 844 vrele(newdp); 845 if ((mp->mnt_flag & MNT_RDONLY) == 0) 846 vfs_allocate_syncvnode(mp); 847 vfs_unbusy(mp); 848 return (0); 849 } 850 851 /* 852 * vfs_domount_update(): update of mounted file system 853 */ 854 static int 855 vfs_domount_update( 856 struct thread *td, /* Calling thread. */ 857 struct vnode *vp, /* Mount point vnode. */ 858 int fsflags, /* Flags common to all filesystems. */ 859 struct vfsoptlist **optlist /* Options local to the filesystem. */ 860 ) 861 { 862 struct oexport_args oexport; 863 struct export_args export; 864 struct mount *mp; 865 int error, export_error, flag; 866 867 mtx_assert(&Giant, MA_OWNED); 868 ASSERT_VOP_ELOCKED(vp, __func__); 869 KASSERT((fsflags & MNT_UPDATE) != 0, ("MNT_UPDATE should be here")); 870 871 if ((vp->v_vflag & VV_ROOT) == 0) { 872 vput(vp); 873 return (EINVAL); 874 } 875 mp = vp->v_mount; 876 /* 877 * We only allow the filesystem to be reloaded if it 878 * is currently mounted read-only. 879 */ 880 flag = mp->mnt_flag; 881 if ((fsflags & MNT_RELOAD) != 0 && (flag & MNT_RDONLY) == 0) { 882 vput(vp); 883 return (EOPNOTSUPP); /* Needs translation */ 884 } 885 /* 886 * Only privileged root, or (if MNT_USER is set) the user that 887 * did the original mount is permitted to update it. 888 */ 889 error = vfs_suser(mp, td); 890 if (error != 0) { 891 vput(vp); 892 return (error); 893 } 894 if (vfs_busy(mp, MBF_NOWAIT)) { 895 vput(vp); 896 return (EBUSY); 897 } 898 VI_LOCK(vp); 899 if ((vp->v_iflag & VI_MOUNT) != 0 || vp->v_mountedhere != NULL) { 900 VI_UNLOCK(vp); 901 vfs_unbusy(mp); 902 vput(vp); 903 return (EBUSY); 904 } 905 vp->v_iflag |= VI_MOUNT; 906 VI_UNLOCK(vp); 907 VOP_UNLOCK(vp, 0); 908 909 MNT_ILOCK(mp); 910 mp->mnt_flag &= ~MNT_UPDATEMASK; 911 mp->mnt_flag |= fsflags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE | 912 MNT_SNAPSHOT | MNT_ROOTFS | MNT_UPDATEMASK | MNT_RDONLY); 913 if ((mp->mnt_flag & MNT_ASYNC) == 0) 914 mp->mnt_kern_flag &= ~MNTK_ASYNC; 915 MNT_IUNLOCK(mp); 916 mp->mnt_optnew = *optlist; 917 vfs_mergeopts(mp->mnt_optnew, mp->mnt_opt); 918 919 /* 920 * Mount the filesystem. 921 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they 922 * get. No freeing of cn_pnbuf. 923 */ 924 error = VFS_MOUNT(mp); 925 926 export_error = 0; 927 if (error == 0) { 928 /* Process the export option. */ 929 if (vfs_copyopt(mp->mnt_optnew, "export", &export, 930 sizeof(export)) == 0) { 931 export_error = vfs_export(mp, &export); 932 } else if (vfs_copyopt(mp->mnt_optnew, "export", &oexport, 933 sizeof(oexport)) == 0) { 934 export.ex_flags = oexport.ex_flags; 935 export.ex_root = oexport.ex_root; 936 export.ex_anon = oexport.ex_anon; 937 export.ex_addr = oexport.ex_addr; 938 export.ex_addrlen = oexport.ex_addrlen; 939 export.ex_mask = oexport.ex_mask; 940 export.ex_masklen = oexport.ex_masklen; 941 export.ex_indexfile = oexport.ex_indexfile; 942 export.ex_numsecflavors = 0; 943 export_error = vfs_export(mp, &export); 944 } 945 } 946 947 MNT_ILOCK(mp); 948 if (error == 0) { 949 mp->mnt_flag &= ~(MNT_UPDATE | MNT_RELOAD | MNT_FORCE | 950 MNT_SNAPSHOT); 951 } else { 952 /* 953 * If we fail, restore old mount flags. MNT_QUOTA is special, 954 * because it is not part of MNT_UPDATEMASK, but it could have 955 * changed in the meantime if quotactl(2) was called. 956 * All in all we want current value of MNT_QUOTA, not the old 957 * one. 958 */ 959 mp->mnt_flag = (mp->mnt_flag & MNT_QUOTA) | (flag & ~MNT_QUOTA); 960 } 961 if ((mp->mnt_flag & MNT_ASYNC) != 0 && mp->mnt_noasync == 0) 962 mp->mnt_kern_flag |= MNTK_ASYNC; 963 else 964 mp->mnt_kern_flag &= ~MNTK_ASYNC; 965 MNT_IUNLOCK(mp); 966 967 if (error != 0) 968 goto end; 969 970 if (mp->mnt_opt != NULL) 971 vfs_freeopts(mp->mnt_opt); 972 mp->mnt_opt = mp->mnt_optnew; 973 *optlist = NULL; 974 (void)VFS_STATFS(mp, &mp->mnt_stat); 975 /* 976 * Prevent external consumers of mount options from reading 977 * mnt_optnew. 978 */ 979 mp->mnt_optnew = NULL; 980 981 if ((mp->mnt_flag & MNT_RDONLY) == 0) 982 vfs_allocate_syncvnode(mp); 983 else 984 vfs_deallocate_syncvnode(mp); 985 end: 986 vfs_unbusy(mp); 987 VI_LOCK(vp); 988 vp->v_iflag &= ~VI_MOUNT; 989 VI_UNLOCK(vp); 990 vrele(vp); 991 return (error != 0 ? error : export_error); 992 } 993 994 /* 995 * vfs_domount(): actually attempt a filesystem mount. 996 */ 997 static int 998 vfs_domount( 999 struct thread *td, /* Calling thread. */ 1000 const char *fstype, /* Filesystem type. */ 1001 char *fspath, /* Mount path. */ 1002 int fsflags, /* Flags common to all filesystems. */ 1003 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1004 ) 1005 { 1006 struct vfsconf *vfsp; 1007 struct nameidata nd; 1008 struct vnode *vp; 1009 int error; 1010 1011 /* 1012 * Be ultra-paranoid about making sure the type and fspath 1013 * variables will fit in our mp buffers, including the 1014 * terminating NUL. 1015 */ 1016 if (strlen(fstype) >= MFSNAMELEN || strlen(fspath) >= MNAMELEN) 1017 return (ENAMETOOLONG); 1018 1019 if (jailed(td->td_ucred) || usermount == 0) { 1020 if ((error = priv_check(td, PRIV_VFS_MOUNT)) != 0) 1021 return (error); 1022 } 1023 1024 /* 1025 * Do not allow NFS export or MNT_SUIDDIR by unprivileged users. 1026 */ 1027 if (fsflags & MNT_EXPORTED) { 1028 error = priv_check(td, PRIV_VFS_MOUNT_EXPORTED); 1029 if (error) 1030 return (error); 1031 } 1032 if (fsflags & MNT_SUIDDIR) { 1033 error = priv_check(td, PRIV_VFS_MOUNT_SUIDDIR); 1034 if (error) 1035 return (error); 1036 } 1037 /* 1038 * Silently enforce MNT_NOSUID and MNT_USER for unprivileged users. 1039 */ 1040 if ((fsflags & (MNT_NOSUID | MNT_USER)) != (MNT_NOSUID | MNT_USER)) { 1041 if (priv_check(td, PRIV_VFS_MOUNT_NONUSER) != 0) 1042 fsflags |= MNT_NOSUID | MNT_USER; 1043 } 1044 1045 /* Load KLDs before we lock the covered vnode to avoid reversals. */ 1046 vfsp = NULL; 1047 if ((fsflags & MNT_UPDATE) == 0) { 1048 /* Don't try to load KLDs if we're mounting the root. */ 1049 if (fsflags & MNT_ROOTFS) 1050 vfsp = vfs_byname(fstype); 1051 else 1052 vfsp = vfs_byname_kld(fstype, td, &error); 1053 if (vfsp == NULL) 1054 return (ENODEV); 1055 if (jailed(td->td_ucred) && !(vfsp->vfc_flags & VFCF_JAIL)) 1056 return (EPERM); 1057 } 1058 1059 /* 1060 * Get vnode to be covered or mount point's vnode in case of MNT_UPDATE. 1061 */ 1062 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1, 1063 UIO_SYSSPACE, fspath, td); 1064 error = namei(&nd); 1065 if (error != 0) 1066 return (error); 1067 if (!NDHASGIANT(&nd)) 1068 mtx_lock(&Giant); 1069 NDFREE(&nd, NDF_ONLY_PNBUF); 1070 vp = nd.ni_vp; 1071 if ((fsflags & MNT_UPDATE) == 0) { 1072 error = vfs_domount_first(td, vfsp, fspath, vp, fsflags, 1073 optlist); 1074 } else { 1075 error = vfs_domount_update(td, vp, fsflags, optlist); 1076 } 1077 mtx_unlock(&Giant); 1078 1079 ASSERT_VI_UNLOCKED(vp, __func__); 1080 ASSERT_VOP_UNLOCKED(vp, __func__); 1081 1082 return (error); 1083 } 1084 1085 /* 1086 * Unmount a filesystem. 1087 * 1088 * Note: unmount takes a path to the vnode mounted on as argument, not 1089 * special file (as before). 1090 */ 1091 #ifndef _SYS_SYSPROTO_H_ 1092 struct unmount_args { 1093 char *path; 1094 int flags; 1095 }; 1096 #endif 1097 /* ARGSUSED */ 1098 int 1099 unmount(td, uap) 1100 struct thread *td; 1101 register struct unmount_args /* { 1102 char *path; 1103 int flags; 1104 } */ *uap; 1105 { 1106 struct mount *mp; 1107 char *pathbuf; 1108 int error, id0, id1; 1109 1110 AUDIT_ARG_VALUE(uap->flags); 1111 if (jailed(td->td_ucred) || usermount == 0) { 1112 error = priv_check(td, PRIV_VFS_UNMOUNT); 1113 if (error) 1114 return (error); 1115 } 1116 1117 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1118 error = copyinstr(uap->path, pathbuf, MNAMELEN, NULL); 1119 if (error) { 1120 free(pathbuf, M_TEMP); 1121 return (error); 1122 } 1123 mtx_lock(&Giant); 1124 if (uap->flags & MNT_BYFSID) { 1125 AUDIT_ARG_TEXT(pathbuf); 1126 /* Decode the filesystem ID. */ 1127 if (sscanf(pathbuf, "FSID:%d:%d", &id0, &id1) != 2) { 1128 mtx_unlock(&Giant); 1129 free(pathbuf, M_TEMP); 1130 return (EINVAL); 1131 } 1132 1133 mtx_lock(&mountlist_mtx); 1134 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 1135 if (mp->mnt_stat.f_fsid.val[0] == id0 && 1136 mp->mnt_stat.f_fsid.val[1] == id1) 1137 break; 1138 } 1139 mtx_unlock(&mountlist_mtx); 1140 } else { 1141 AUDIT_ARG_UPATH1(td, pathbuf); 1142 mtx_lock(&mountlist_mtx); 1143 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 1144 if (strcmp(mp->mnt_stat.f_mntonname, pathbuf) == 0) 1145 break; 1146 } 1147 mtx_unlock(&mountlist_mtx); 1148 } 1149 free(pathbuf, M_TEMP); 1150 if (mp == NULL) { 1151 /* 1152 * Previously we returned ENOENT for a nonexistent path and 1153 * EINVAL for a non-mountpoint. We cannot tell these apart 1154 * now, so in the !MNT_BYFSID case return the more likely 1155 * EINVAL for compatibility. 1156 */ 1157 mtx_unlock(&Giant); 1158 return ((uap->flags & MNT_BYFSID) ? ENOENT : EINVAL); 1159 } 1160 1161 /* 1162 * Don't allow unmounting the root filesystem. 1163 */ 1164 if (mp->mnt_flag & MNT_ROOTFS) { 1165 mtx_unlock(&Giant); 1166 return (EINVAL); 1167 } 1168 error = dounmount(mp, uap->flags, td); 1169 mtx_unlock(&Giant); 1170 return (error); 1171 } 1172 1173 /* 1174 * Do the actual filesystem unmount. 1175 */ 1176 int 1177 dounmount(mp, flags, td) 1178 struct mount *mp; 1179 int flags; 1180 struct thread *td; 1181 { 1182 struct vnode *coveredvp, *fsrootvp; 1183 int error; 1184 int async_flag; 1185 int mnt_gen_r; 1186 1187 mtx_assert(&Giant, MA_OWNED); 1188 1189 if ((coveredvp = mp->mnt_vnodecovered) != NULL) { 1190 mnt_gen_r = mp->mnt_gen; 1191 VI_LOCK(coveredvp); 1192 vholdl(coveredvp); 1193 vn_lock(coveredvp, LK_EXCLUSIVE | LK_INTERLOCK | LK_RETRY); 1194 vdrop(coveredvp); 1195 /* 1196 * Check for mp being unmounted while waiting for the 1197 * covered vnode lock. 1198 */ 1199 if (coveredvp->v_mountedhere != mp || 1200 coveredvp->v_mountedhere->mnt_gen != mnt_gen_r) { 1201 VOP_UNLOCK(coveredvp, 0); 1202 return (EBUSY); 1203 } 1204 } 1205 /* 1206 * Only privileged root, or (if MNT_USER is set) the user that did the 1207 * original mount is permitted to unmount this filesystem. 1208 */ 1209 error = vfs_suser(mp, td); 1210 if (error) { 1211 if (coveredvp) 1212 VOP_UNLOCK(coveredvp, 0); 1213 return (error); 1214 } 1215 1216 MNT_ILOCK(mp); 1217 if (mp->mnt_kern_flag & MNTK_UNMOUNT) { 1218 MNT_IUNLOCK(mp); 1219 if (coveredvp) 1220 VOP_UNLOCK(coveredvp, 0); 1221 return (EBUSY); 1222 } 1223 mp->mnt_kern_flag |= MNTK_UNMOUNT | MNTK_NOINSMNTQ; 1224 /* Allow filesystems to detect that a forced unmount is in progress. */ 1225 if (flags & MNT_FORCE) 1226 mp->mnt_kern_flag |= MNTK_UNMOUNTF; 1227 error = 0; 1228 if (mp->mnt_lockref) { 1229 if ((flags & MNT_FORCE) == 0) { 1230 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_NOINSMNTQ | 1231 MNTK_UNMOUNTF); 1232 if (mp->mnt_kern_flag & MNTK_MWAIT) { 1233 mp->mnt_kern_flag &= ~MNTK_MWAIT; 1234 wakeup(mp); 1235 } 1236 MNT_IUNLOCK(mp); 1237 if (coveredvp) 1238 VOP_UNLOCK(coveredvp, 0); 1239 return (EBUSY); 1240 } 1241 mp->mnt_kern_flag |= MNTK_DRAINING; 1242 error = msleep(&mp->mnt_lockref, MNT_MTX(mp), PVFS, 1243 "mount drain", 0); 1244 } 1245 MNT_IUNLOCK(mp); 1246 KASSERT(mp->mnt_lockref == 0, 1247 ("%s: invalid lock refcount in the drain path @ %s:%d", 1248 __func__, __FILE__, __LINE__)); 1249 KASSERT(error == 0, 1250 ("%s: invalid return value for msleep in the drain path @ %s:%d", 1251 __func__, __FILE__, __LINE__)); 1252 vn_start_write(NULL, &mp, V_WAIT); 1253 1254 if (mp->mnt_flag & MNT_EXPUBLIC) 1255 vfs_setpublicfs(NULL, NULL, NULL); 1256 1257 vfs_msync(mp, MNT_WAIT); 1258 MNT_ILOCK(mp); 1259 async_flag = mp->mnt_flag & MNT_ASYNC; 1260 mp->mnt_flag &= ~MNT_ASYNC; 1261 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1262 MNT_IUNLOCK(mp); 1263 cache_purgevfs(mp); /* remove cache entries for this file sys */ 1264 vfs_deallocate_syncvnode(mp); 1265 /* 1266 * For forced unmounts, move process cdir/rdir refs on the fs root 1267 * vnode to the covered vnode. For non-forced unmounts we want 1268 * such references to cause an EBUSY error. 1269 */ 1270 if ((flags & MNT_FORCE) && 1271 VFS_ROOT(mp, LK_EXCLUSIVE, &fsrootvp) == 0) { 1272 if (mp->mnt_vnodecovered != NULL) 1273 mountcheckdirs(fsrootvp, mp->mnt_vnodecovered); 1274 if (fsrootvp == rootvnode) { 1275 vrele(rootvnode); 1276 rootvnode = NULL; 1277 } 1278 vput(fsrootvp); 1279 } 1280 if (((mp->mnt_flag & MNT_RDONLY) || 1281 (error = VFS_SYNC(mp, MNT_WAIT)) == 0) || (flags & MNT_FORCE) != 0) 1282 error = VFS_UNMOUNT(mp, flags); 1283 vn_finished_write(mp); 1284 /* 1285 * If we failed to flush the dirty blocks for this mount point, 1286 * undo all the cdir/rdir and rootvnode changes we made above. 1287 * Unless we failed to do so because the device is reporting that 1288 * it doesn't exist anymore. 1289 */ 1290 if (error && error != ENXIO) { 1291 if ((flags & MNT_FORCE) && 1292 VFS_ROOT(mp, LK_EXCLUSIVE, &fsrootvp) == 0) { 1293 if (mp->mnt_vnodecovered != NULL) 1294 mountcheckdirs(mp->mnt_vnodecovered, fsrootvp); 1295 if (rootvnode == NULL) { 1296 rootvnode = fsrootvp; 1297 vref(rootvnode); 1298 } 1299 vput(fsrootvp); 1300 } 1301 MNT_ILOCK(mp); 1302 mp->mnt_kern_flag &= ~MNTK_NOINSMNTQ; 1303 if ((mp->mnt_flag & MNT_RDONLY) == 0) { 1304 MNT_IUNLOCK(mp); 1305 vfs_allocate_syncvnode(mp); 1306 MNT_ILOCK(mp); 1307 } 1308 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF); 1309 mp->mnt_flag |= async_flag; 1310 if ((mp->mnt_flag & MNT_ASYNC) != 0 && mp->mnt_noasync == 0) 1311 mp->mnt_kern_flag |= MNTK_ASYNC; 1312 if (mp->mnt_kern_flag & MNTK_MWAIT) { 1313 mp->mnt_kern_flag &= ~MNTK_MWAIT; 1314 wakeup(mp); 1315 } 1316 MNT_IUNLOCK(mp); 1317 if (coveredvp) 1318 VOP_UNLOCK(coveredvp, 0); 1319 return (error); 1320 } 1321 mtx_lock(&mountlist_mtx); 1322 TAILQ_REMOVE(&mountlist, mp, mnt_list); 1323 mtx_unlock(&mountlist_mtx); 1324 if (coveredvp != NULL) { 1325 coveredvp->v_mountedhere = NULL; 1326 vput(coveredvp); 1327 } 1328 vfs_event_signal(NULL, VQ_UNMOUNT, 0); 1329 vfs_mount_destroy(mp); 1330 return (0); 1331 } 1332 1333 /* 1334 * Report errors during filesystem mounting. 1335 */ 1336 void 1337 vfs_mount_error(struct mount *mp, const char *fmt, ...) 1338 { 1339 struct vfsoptlist *moptlist = mp->mnt_optnew; 1340 va_list ap; 1341 int error, len; 1342 char *errmsg; 1343 1344 error = vfs_getopt(moptlist, "errmsg", (void **)&errmsg, &len); 1345 if (error || errmsg == NULL || len <= 0) 1346 return; 1347 1348 va_start(ap, fmt); 1349 vsnprintf(errmsg, (size_t)len, fmt, ap); 1350 va_end(ap); 1351 } 1352 1353 void 1354 vfs_opterror(struct vfsoptlist *opts, const char *fmt, ...) 1355 { 1356 va_list ap; 1357 int error, len; 1358 char *errmsg; 1359 1360 error = vfs_getopt(opts, "errmsg", (void **)&errmsg, &len); 1361 if (error || errmsg == NULL || len <= 0) 1362 return; 1363 1364 va_start(ap, fmt); 1365 vsnprintf(errmsg, (size_t)len, fmt, ap); 1366 va_end(ap); 1367 } 1368 1369 /* 1370 * --------------------------------------------------------------------- 1371 * Functions for querying mount options/arguments from filesystems. 1372 */ 1373 1374 /* 1375 * Check that no unknown options are given 1376 */ 1377 int 1378 vfs_filteropt(struct vfsoptlist *opts, const char **legal) 1379 { 1380 struct vfsopt *opt; 1381 char errmsg[255]; 1382 const char **t, *p, *q; 1383 int ret = 0; 1384 1385 TAILQ_FOREACH(opt, opts, link) { 1386 p = opt->name; 1387 q = NULL; 1388 if (p[0] == 'n' && p[1] == 'o') 1389 q = p + 2; 1390 for(t = global_opts; *t != NULL; t++) { 1391 if (strcmp(*t, p) == 0) 1392 break; 1393 if (q != NULL) { 1394 if (strcmp(*t, q) == 0) 1395 break; 1396 } 1397 } 1398 if (*t != NULL) 1399 continue; 1400 for(t = legal; *t != NULL; t++) { 1401 if (strcmp(*t, p) == 0) 1402 break; 1403 if (q != NULL) { 1404 if (strcmp(*t, q) == 0) 1405 break; 1406 } 1407 } 1408 if (*t != NULL) 1409 continue; 1410 snprintf(errmsg, sizeof(errmsg), 1411 "mount option <%s> is unknown", p); 1412 ret = EINVAL; 1413 } 1414 if (ret != 0) { 1415 TAILQ_FOREACH(opt, opts, link) { 1416 if (strcmp(opt->name, "errmsg") == 0) { 1417 strncpy((char *)opt->value, errmsg, opt->len); 1418 break; 1419 } 1420 } 1421 if (opt == NULL) 1422 printf("%s\n", errmsg); 1423 } 1424 return (ret); 1425 } 1426 1427 /* 1428 * Get a mount option by its name. 1429 * 1430 * Return 0 if the option was found, ENOENT otherwise. 1431 * If len is non-NULL it will be filled with the length 1432 * of the option. If buf is non-NULL, it will be filled 1433 * with the address of the option. 1434 */ 1435 int 1436 vfs_getopt(opts, name, buf, len) 1437 struct vfsoptlist *opts; 1438 const char *name; 1439 void **buf; 1440 int *len; 1441 { 1442 struct vfsopt *opt; 1443 1444 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL")); 1445 1446 TAILQ_FOREACH(opt, opts, link) { 1447 if (strcmp(name, opt->name) == 0) { 1448 opt->seen = 1; 1449 if (len != NULL) 1450 *len = opt->len; 1451 if (buf != NULL) 1452 *buf = opt->value; 1453 return (0); 1454 } 1455 } 1456 return (ENOENT); 1457 } 1458 1459 int 1460 vfs_getopt_pos(struct vfsoptlist *opts, const char *name) 1461 { 1462 struct vfsopt *opt; 1463 1464 if (opts == NULL) 1465 return (-1); 1466 1467 TAILQ_FOREACH(opt, opts, link) { 1468 if (strcmp(name, opt->name) == 0) { 1469 opt->seen = 1; 1470 return (opt->pos); 1471 } 1472 } 1473 return (-1); 1474 } 1475 1476 char * 1477 vfs_getopts(struct vfsoptlist *opts, const char *name, int *error) 1478 { 1479 struct vfsopt *opt; 1480 1481 *error = 0; 1482 TAILQ_FOREACH(opt, opts, link) { 1483 if (strcmp(name, opt->name) != 0) 1484 continue; 1485 opt->seen = 1; 1486 if (opt->len == 0 || 1487 ((char *)opt->value)[opt->len - 1] != '\0') { 1488 *error = EINVAL; 1489 return (NULL); 1490 } 1491 return (opt->value); 1492 } 1493 *error = ENOENT; 1494 return (NULL); 1495 } 1496 1497 int 1498 vfs_flagopt(struct vfsoptlist *opts, const char *name, u_int *w, u_int val) 1499 { 1500 struct vfsopt *opt; 1501 1502 TAILQ_FOREACH(opt, opts, link) { 1503 if (strcmp(name, opt->name) == 0) { 1504 opt->seen = 1; 1505 if (w != NULL) 1506 *w |= val; 1507 return (1); 1508 } 1509 } 1510 if (w != NULL) 1511 *w &= ~val; 1512 return (0); 1513 } 1514 1515 int 1516 vfs_scanopt(struct vfsoptlist *opts, const char *name, const char *fmt, ...) 1517 { 1518 va_list ap; 1519 struct vfsopt *opt; 1520 int ret; 1521 1522 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL")); 1523 1524 TAILQ_FOREACH(opt, opts, link) { 1525 if (strcmp(name, opt->name) != 0) 1526 continue; 1527 opt->seen = 1; 1528 if (opt->len == 0 || opt->value == NULL) 1529 return (0); 1530 if (((char *)opt->value)[opt->len - 1] != '\0') 1531 return (0); 1532 va_start(ap, fmt); 1533 ret = vsscanf(opt->value, fmt, ap); 1534 va_end(ap); 1535 return (ret); 1536 } 1537 return (0); 1538 } 1539 1540 int 1541 vfs_setopt(struct vfsoptlist *opts, const char *name, void *value, int len) 1542 { 1543 struct vfsopt *opt; 1544 1545 TAILQ_FOREACH(opt, opts, link) { 1546 if (strcmp(name, opt->name) != 0) 1547 continue; 1548 opt->seen = 1; 1549 if (opt->value == NULL) 1550 opt->len = len; 1551 else { 1552 if (opt->len != len) 1553 return (EINVAL); 1554 bcopy(value, opt->value, len); 1555 } 1556 return (0); 1557 } 1558 return (ENOENT); 1559 } 1560 1561 int 1562 vfs_setopt_part(struct vfsoptlist *opts, const char *name, void *value, int len) 1563 { 1564 struct vfsopt *opt; 1565 1566 TAILQ_FOREACH(opt, opts, link) { 1567 if (strcmp(name, opt->name) != 0) 1568 continue; 1569 opt->seen = 1; 1570 if (opt->value == NULL) 1571 opt->len = len; 1572 else { 1573 if (opt->len < len) 1574 return (EINVAL); 1575 opt->len = len; 1576 bcopy(value, opt->value, len); 1577 } 1578 return (0); 1579 } 1580 return (ENOENT); 1581 } 1582 1583 int 1584 vfs_setopts(struct vfsoptlist *opts, const char *name, const char *value) 1585 { 1586 struct vfsopt *opt; 1587 1588 TAILQ_FOREACH(opt, opts, link) { 1589 if (strcmp(name, opt->name) != 0) 1590 continue; 1591 opt->seen = 1; 1592 if (opt->value == NULL) 1593 opt->len = strlen(value) + 1; 1594 else if (strlcpy(opt->value, value, opt->len) >= opt->len) 1595 return (EINVAL); 1596 return (0); 1597 } 1598 return (ENOENT); 1599 } 1600 1601 /* 1602 * Find and copy a mount option. 1603 * 1604 * The size of the buffer has to be specified 1605 * in len, if it is not the same length as the 1606 * mount option, EINVAL is returned. 1607 * Returns ENOENT if the option is not found. 1608 */ 1609 int 1610 vfs_copyopt(opts, name, dest, len) 1611 struct vfsoptlist *opts; 1612 const char *name; 1613 void *dest; 1614 int len; 1615 { 1616 struct vfsopt *opt; 1617 1618 KASSERT(opts != NULL, ("vfs_copyopt: caller passed 'opts' as NULL")); 1619 1620 TAILQ_FOREACH(opt, opts, link) { 1621 if (strcmp(name, opt->name) == 0) { 1622 opt->seen = 1; 1623 if (len != opt->len) 1624 return (EINVAL); 1625 bcopy(opt->value, dest, opt->len); 1626 return (0); 1627 } 1628 } 1629 return (ENOENT); 1630 } 1631 1632 /* 1633 * This is a helper function for filesystems to traverse their 1634 * vnodes. See MNT_VNODE_FOREACH() in sys/mount.h 1635 */ 1636 1637 struct vnode * 1638 __mnt_vnode_next(struct vnode **mvp, struct mount *mp) 1639 { 1640 struct vnode *vp; 1641 1642 mtx_assert(MNT_MTX(mp), MA_OWNED); 1643 1644 KASSERT((*mvp)->v_mount == mp, ("marker vnode mount list mismatch")); 1645 if (should_yield()) { 1646 MNT_IUNLOCK(mp); 1647 kern_yield(PRI_UNCHANGED); 1648 MNT_ILOCK(mp); 1649 } 1650 vp = TAILQ_NEXT(*mvp, v_nmntvnodes); 1651 while (vp != NULL && vp->v_type == VMARKER) 1652 vp = TAILQ_NEXT(vp, v_nmntvnodes); 1653 1654 /* Check if we are done */ 1655 if (vp == NULL) { 1656 __mnt_vnode_markerfree(mvp, mp); 1657 return (NULL); 1658 } 1659 TAILQ_REMOVE(&mp->mnt_nvnodelist, *mvp, v_nmntvnodes); 1660 TAILQ_INSERT_AFTER(&mp->mnt_nvnodelist, vp, *mvp, v_nmntvnodes); 1661 return (vp); 1662 } 1663 1664 struct vnode * 1665 __mnt_vnode_first(struct vnode **mvp, struct mount *mp) 1666 { 1667 struct vnode *vp; 1668 1669 mtx_assert(MNT_MTX(mp), MA_OWNED); 1670 1671 vp = TAILQ_FIRST(&mp->mnt_nvnodelist); 1672 while (vp != NULL && vp->v_type == VMARKER) 1673 vp = TAILQ_NEXT(vp, v_nmntvnodes); 1674 1675 /* Check if we are done */ 1676 if (vp == NULL) { 1677 *mvp = NULL; 1678 return (NULL); 1679 } 1680 MNT_REF(mp); 1681 MNT_IUNLOCK(mp); 1682 *mvp = (struct vnode *) malloc(sizeof(struct vnode), 1683 M_VNODE_MARKER, 1684 M_WAITOK | M_ZERO); 1685 MNT_ILOCK(mp); 1686 (*mvp)->v_type = VMARKER; 1687 1688 vp = TAILQ_FIRST(&mp->mnt_nvnodelist); 1689 while (vp != NULL && vp->v_type == VMARKER) 1690 vp = TAILQ_NEXT(vp, v_nmntvnodes); 1691 1692 /* Check if we are done */ 1693 if (vp == NULL) { 1694 MNT_IUNLOCK(mp); 1695 free(*mvp, M_VNODE_MARKER); 1696 MNT_ILOCK(mp); 1697 *mvp = NULL; 1698 MNT_REL(mp); 1699 return (NULL); 1700 } 1701 (*mvp)->v_mount = mp; 1702 TAILQ_INSERT_AFTER(&mp->mnt_nvnodelist, vp, *mvp, v_nmntvnodes); 1703 return (vp); 1704 } 1705 1706 1707 void 1708 __mnt_vnode_markerfree(struct vnode **mvp, struct mount *mp) 1709 { 1710 1711 if (*mvp == NULL) 1712 return; 1713 1714 mtx_assert(MNT_MTX(mp), MA_OWNED); 1715 1716 KASSERT((*mvp)->v_mount == mp, ("marker vnode mount list mismatch")); 1717 TAILQ_REMOVE(&mp->mnt_nvnodelist, *mvp, v_nmntvnodes); 1718 MNT_IUNLOCK(mp); 1719 free(*mvp, M_VNODE_MARKER); 1720 MNT_ILOCK(mp); 1721 *mvp = NULL; 1722 MNT_REL(mp); 1723 } 1724 1725 1726 int 1727 __vfs_statfs(struct mount *mp, struct statfs *sbp) 1728 { 1729 int error; 1730 1731 error = mp->mnt_op->vfs_statfs(mp, &mp->mnt_stat); 1732 if (sbp != &mp->mnt_stat) 1733 *sbp = mp->mnt_stat; 1734 return (error); 1735 } 1736 1737 void 1738 vfs_mountedfrom(struct mount *mp, const char *from) 1739 { 1740 1741 bzero(mp->mnt_stat.f_mntfromname, sizeof mp->mnt_stat.f_mntfromname); 1742 strlcpy(mp->mnt_stat.f_mntfromname, from, 1743 sizeof mp->mnt_stat.f_mntfromname); 1744 } 1745 1746 /* 1747 * --------------------------------------------------------------------- 1748 * This is the api for building mount args and mounting filesystems from 1749 * inside the kernel. 1750 * 1751 * The API works by accumulation of individual args. First error is 1752 * latched. 1753 * 1754 * XXX: should be documented in new manpage kernel_mount(9) 1755 */ 1756 1757 /* A memory allocation which must be freed when we are done */ 1758 struct mntaarg { 1759 SLIST_ENTRY(mntaarg) next; 1760 }; 1761 1762 /* The header for the mount arguments */ 1763 struct mntarg { 1764 struct iovec *v; 1765 int len; 1766 int error; 1767 SLIST_HEAD(, mntaarg) list; 1768 }; 1769 1770 /* 1771 * Add a boolean argument. 1772 * 1773 * flag is the boolean value. 1774 * name must start with "no". 1775 */ 1776 struct mntarg * 1777 mount_argb(struct mntarg *ma, int flag, const char *name) 1778 { 1779 1780 KASSERT(name[0] == 'n' && name[1] == 'o', 1781 ("mount_argb(...,%s): name must start with 'no'", name)); 1782 1783 return (mount_arg(ma, name + (flag ? 2 : 0), NULL, 0)); 1784 } 1785 1786 /* 1787 * Add an argument printf style 1788 */ 1789 struct mntarg * 1790 mount_argf(struct mntarg *ma, const char *name, const char *fmt, ...) 1791 { 1792 va_list ap; 1793 struct mntaarg *maa; 1794 struct sbuf *sb; 1795 int len; 1796 1797 if (ma == NULL) { 1798 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 1799 SLIST_INIT(&ma->list); 1800 } 1801 if (ma->error) 1802 return (ma); 1803 1804 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2), 1805 M_MOUNT, M_WAITOK); 1806 ma->v[ma->len].iov_base = (void *)(uintptr_t)name; 1807 ma->v[ma->len].iov_len = strlen(name) + 1; 1808 ma->len++; 1809 1810 sb = sbuf_new_auto(); 1811 va_start(ap, fmt); 1812 sbuf_vprintf(sb, fmt, ap); 1813 va_end(ap); 1814 sbuf_finish(sb); 1815 len = sbuf_len(sb) + 1; 1816 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO); 1817 SLIST_INSERT_HEAD(&ma->list, maa, next); 1818 bcopy(sbuf_data(sb), maa + 1, len); 1819 sbuf_delete(sb); 1820 1821 ma->v[ma->len].iov_base = maa + 1; 1822 ma->v[ma->len].iov_len = len; 1823 ma->len++; 1824 1825 return (ma); 1826 } 1827 1828 /* 1829 * Add an argument which is a userland string. 1830 */ 1831 struct mntarg * 1832 mount_argsu(struct mntarg *ma, const char *name, const void *val, int len) 1833 { 1834 struct mntaarg *maa; 1835 char *tbuf; 1836 1837 if (val == NULL) 1838 return (ma); 1839 if (ma == NULL) { 1840 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 1841 SLIST_INIT(&ma->list); 1842 } 1843 if (ma->error) 1844 return (ma); 1845 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO); 1846 SLIST_INSERT_HEAD(&ma->list, maa, next); 1847 tbuf = (void *)(maa + 1); 1848 ma->error = copyinstr(val, tbuf, len, NULL); 1849 return (mount_arg(ma, name, tbuf, -1)); 1850 } 1851 1852 /* 1853 * Plain argument. 1854 * 1855 * If length is -1, treat value as a C string. 1856 */ 1857 struct mntarg * 1858 mount_arg(struct mntarg *ma, const char *name, const void *val, int len) 1859 { 1860 1861 if (ma == NULL) { 1862 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 1863 SLIST_INIT(&ma->list); 1864 } 1865 if (ma->error) 1866 return (ma); 1867 1868 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2), 1869 M_MOUNT, M_WAITOK); 1870 ma->v[ma->len].iov_base = (void *)(uintptr_t)name; 1871 ma->v[ma->len].iov_len = strlen(name) + 1; 1872 ma->len++; 1873 1874 ma->v[ma->len].iov_base = (void *)(uintptr_t)val; 1875 if (len < 0) 1876 ma->v[ma->len].iov_len = strlen(val) + 1; 1877 else 1878 ma->v[ma->len].iov_len = len; 1879 ma->len++; 1880 return (ma); 1881 } 1882 1883 /* 1884 * Free a mntarg structure 1885 */ 1886 static void 1887 free_mntarg(struct mntarg *ma) 1888 { 1889 struct mntaarg *maa; 1890 1891 while (!SLIST_EMPTY(&ma->list)) { 1892 maa = SLIST_FIRST(&ma->list); 1893 SLIST_REMOVE_HEAD(&ma->list, next); 1894 free(maa, M_MOUNT); 1895 } 1896 free(ma->v, M_MOUNT); 1897 free(ma, M_MOUNT); 1898 } 1899 1900 /* 1901 * Mount a filesystem 1902 */ 1903 int 1904 kernel_mount(struct mntarg *ma, int flags) 1905 { 1906 struct uio auio; 1907 int error; 1908 1909 KASSERT(ma != NULL, ("kernel_mount NULL ma")); 1910 KASSERT(ma->v != NULL, ("kernel_mount NULL ma->v")); 1911 KASSERT(!(ma->len & 1), ("kernel_mount odd ma->len (%d)", ma->len)); 1912 1913 auio.uio_iov = ma->v; 1914 auio.uio_iovcnt = ma->len; 1915 auio.uio_segflg = UIO_SYSSPACE; 1916 1917 error = ma->error; 1918 if (!error) 1919 error = vfs_donmount(curthread, flags, &auio); 1920 free_mntarg(ma); 1921 return (error); 1922 } 1923 1924 /* 1925 * A printflike function to mount a filesystem. 1926 */ 1927 int 1928 kernel_vmount(int flags, ...) 1929 { 1930 struct mntarg *ma = NULL; 1931 va_list ap; 1932 const char *cp; 1933 const void *vp; 1934 int error; 1935 1936 va_start(ap, flags); 1937 for (;;) { 1938 cp = va_arg(ap, const char *); 1939 if (cp == NULL) 1940 break; 1941 vp = va_arg(ap, const void *); 1942 ma = mount_arg(ma, cp, vp, (vp != NULL ? -1 : 0)); 1943 } 1944 va_end(ap); 1945 1946 error = kernel_mount(ma, flags); 1947 return (error); 1948 } 1949 1950 void 1951 vfs_oexport_conv(const struct oexport_args *oexp, struct export_args *exp) 1952 { 1953 1954 bcopy(oexp, exp, sizeof(*oexp)); 1955 exp->ex_numsecflavors = 0; 1956 } 1957