1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1999-2004 Poul-Henning Kamp 5 * Copyright (c) 1999 Michael Smith 6 * Copyright (c) 1989, 1993 7 * The Regents of the University of California. All rights reserved. 8 * (c) UNIX System Laboratories, Inc. 9 * All or some portions of this file are derived from material licensed 10 * to the University of California by American Telephone and Telegraph 11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 12 * the permission of UNIX System Laboratories, Inc. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 */ 38 39 #include <sys/cdefs.h> 40 __FBSDID("$FreeBSD$"); 41 42 #include <sys/param.h> 43 #include <sys/conf.h> 44 #include <sys/smp.h> 45 #include <sys/eventhandler.h> 46 #include <sys/fcntl.h> 47 #include <sys/jail.h> 48 #include <sys/kernel.h> 49 #include <sys/ktr.h> 50 #include <sys/libkern.h> 51 #include <sys/malloc.h> 52 #include <sys/mount.h> 53 #include <sys/mutex.h> 54 #include <sys/namei.h> 55 #include <sys/priv.h> 56 #include <sys/proc.h> 57 #include <sys/filedesc.h> 58 #include <sys/reboot.h> 59 #include <sys/sbuf.h> 60 #include <sys/syscallsubr.h> 61 #include <sys/sysproto.h> 62 #include <sys/sx.h> 63 #include <sys/sysctl.h> 64 #include <sys/sysent.h> 65 #include <sys/systm.h> 66 #include <sys/vnode.h> 67 #include <vm/uma.h> 68 69 #include <geom/geom.h> 70 71 #include <machine/stdarg.h> 72 73 #include <security/audit/audit.h> 74 #include <security/mac/mac_framework.h> 75 76 #define VFS_MOUNTARG_SIZE_MAX (1024 * 64) 77 78 static int vfs_domount(struct thread *td, const char *fstype, char *fspath, 79 uint64_t fsflags, struct vfsoptlist **optlist); 80 static void free_mntarg(struct mntarg *ma); 81 82 static int usermount = 0; 83 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0, 84 "Unprivileged users may mount and unmount file systems"); 85 86 static bool default_autoro = false; 87 SYSCTL_BOOL(_vfs, OID_AUTO, default_autoro, CTLFLAG_RW, &default_autoro, 0, 88 "Retry failed r/w mount as r/o if no explicit ro/rw option is specified"); 89 90 MALLOC_DEFINE(M_MOUNT, "mount", "vfs mount structure"); 91 MALLOC_DEFINE(M_STATFS, "statfs", "statfs structure"); 92 static uma_zone_t mount_zone; 93 94 /* List of mounted filesystems. */ 95 struct mntlist mountlist = TAILQ_HEAD_INITIALIZER(mountlist); 96 97 /* For any iteration/modification of mountlist */ 98 struct mtx mountlist_mtx; 99 MTX_SYSINIT(mountlist, &mountlist_mtx, "mountlist", MTX_DEF); 100 101 EVENTHANDLER_LIST_DEFINE(vfs_mounted); 102 EVENTHANDLER_LIST_DEFINE(vfs_unmounted); 103 104 /* 105 * Global opts, taken by all filesystems 106 */ 107 static const char *global_opts[] = { 108 "errmsg", 109 "fstype", 110 "fspath", 111 "ro", 112 "rw", 113 "nosuid", 114 "noexec", 115 NULL 116 }; 117 118 static int 119 mount_init(void *mem, int size, int flags) 120 { 121 struct mount *mp; 122 123 mp = (struct mount *)mem; 124 mtx_init(&mp->mnt_mtx, "struct mount mtx", NULL, MTX_DEF); 125 mtx_init(&mp->mnt_listmtx, "struct mount vlist mtx", NULL, MTX_DEF); 126 lockinit(&mp->mnt_explock, PVFS, "explock", 0, 0); 127 mp->mnt_thread_in_ops_pcpu = uma_zalloc_pcpu(pcpu_zone_int, 128 M_WAITOK | M_ZERO); 129 mp->mnt_ref_pcpu = uma_zalloc_pcpu(pcpu_zone_int, 130 M_WAITOK | M_ZERO); 131 mp->mnt_lockref_pcpu = uma_zalloc_pcpu(pcpu_zone_int, 132 M_WAITOK | M_ZERO); 133 mp->mnt_writeopcount_pcpu = uma_zalloc_pcpu(pcpu_zone_int, 134 M_WAITOK | M_ZERO); 135 mp->mnt_ref = 0; 136 mp->mnt_vfs_ops = 1; 137 mp->mnt_rootvnode = NULL; 138 return (0); 139 } 140 141 static void 142 mount_fini(void *mem, int size) 143 { 144 struct mount *mp; 145 146 mp = (struct mount *)mem; 147 uma_zfree_pcpu(pcpu_zone_int, mp->mnt_writeopcount_pcpu); 148 uma_zfree_pcpu(pcpu_zone_int, mp->mnt_lockref_pcpu); 149 uma_zfree_pcpu(pcpu_zone_int, mp->mnt_ref_pcpu); 150 uma_zfree_pcpu(pcpu_zone_int, mp->mnt_thread_in_ops_pcpu); 151 lockdestroy(&mp->mnt_explock); 152 mtx_destroy(&mp->mnt_listmtx); 153 mtx_destroy(&mp->mnt_mtx); 154 } 155 156 static void 157 vfs_mount_init(void *dummy __unused) 158 { 159 160 mount_zone = uma_zcreate("Mountpoints", sizeof(struct mount), NULL, 161 NULL, mount_init, mount_fini, UMA_ALIGN_CACHE, UMA_ZONE_NOFREE); 162 } 163 SYSINIT(vfs_mount, SI_SUB_VFS, SI_ORDER_ANY, vfs_mount_init, NULL); 164 165 /* 166 * --------------------------------------------------------------------- 167 * Functions for building and sanitizing the mount options 168 */ 169 170 /* Remove one mount option. */ 171 static void 172 vfs_freeopt(struct vfsoptlist *opts, struct vfsopt *opt) 173 { 174 175 TAILQ_REMOVE(opts, opt, link); 176 free(opt->name, M_MOUNT); 177 if (opt->value != NULL) 178 free(opt->value, M_MOUNT); 179 free(opt, M_MOUNT); 180 } 181 182 /* Release all resources related to the mount options. */ 183 void 184 vfs_freeopts(struct vfsoptlist *opts) 185 { 186 struct vfsopt *opt; 187 188 while (!TAILQ_EMPTY(opts)) { 189 opt = TAILQ_FIRST(opts); 190 vfs_freeopt(opts, opt); 191 } 192 free(opts, M_MOUNT); 193 } 194 195 void 196 vfs_deleteopt(struct vfsoptlist *opts, const char *name) 197 { 198 struct vfsopt *opt, *temp; 199 200 if (opts == NULL) 201 return; 202 TAILQ_FOREACH_SAFE(opt, opts, link, temp) { 203 if (strcmp(opt->name, name) == 0) 204 vfs_freeopt(opts, opt); 205 } 206 } 207 208 static int 209 vfs_isopt_ro(const char *opt) 210 { 211 212 if (strcmp(opt, "ro") == 0 || strcmp(opt, "rdonly") == 0 || 213 strcmp(opt, "norw") == 0) 214 return (1); 215 return (0); 216 } 217 218 static int 219 vfs_isopt_rw(const char *opt) 220 { 221 222 if (strcmp(opt, "rw") == 0 || strcmp(opt, "noro") == 0) 223 return (1); 224 return (0); 225 } 226 227 /* 228 * Check if options are equal (with or without the "no" prefix). 229 */ 230 static int 231 vfs_equalopts(const char *opt1, const char *opt2) 232 { 233 char *p; 234 235 /* "opt" vs. "opt" or "noopt" vs. "noopt" */ 236 if (strcmp(opt1, opt2) == 0) 237 return (1); 238 /* "noopt" vs. "opt" */ 239 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0) 240 return (1); 241 /* "opt" vs. "noopt" */ 242 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0) 243 return (1); 244 while ((p = strchr(opt1, '.')) != NULL && 245 !strncmp(opt1, opt2, ++p - opt1)) { 246 opt2 += p - opt1; 247 opt1 = p; 248 /* "foo.noopt" vs. "foo.opt" */ 249 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0) 250 return (1); 251 /* "foo.opt" vs. "foo.noopt" */ 252 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0) 253 return (1); 254 } 255 /* "ro" / "rdonly" / "norw" / "rw" / "noro" */ 256 if ((vfs_isopt_ro(opt1) || vfs_isopt_rw(opt1)) && 257 (vfs_isopt_ro(opt2) || vfs_isopt_rw(opt2))) 258 return (1); 259 return (0); 260 } 261 262 /* 263 * If a mount option is specified several times, 264 * (with or without the "no" prefix) only keep 265 * the last occurrence of it. 266 */ 267 static void 268 vfs_sanitizeopts(struct vfsoptlist *opts) 269 { 270 struct vfsopt *opt, *opt2, *tmp; 271 272 TAILQ_FOREACH_REVERSE(opt, opts, vfsoptlist, link) { 273 opt2 = TAILQ_PREV(opt, vfsoptlist, link); 274 while (opt2 != NULL) { 275 if (vfs_equalopts(opt->name, opt2->name)) { 276 tmp = TAILQ_PREV(opt2, vfsoptlist, link); 277 vfs_freeopt(opts, opt2); 278 opt2 = tmp; 279 } else { 280 opt2 = TAILQ_PREV(opt2, vfsoptlist, link); 281 } 282 } 283 } 284 } 285 286 /* 287 * Build a linked list of mount options from a struct uio. 288 */ 289 int 290 vfs_buildopts(struct uio *auio, struct vfsoptlist **options) 291 { 292 struct vfsoptlist *opts; 293 struct vfsopt *opt; 294 size_t memused, namelen, optlen; 295 unsigned int i, iovcnt; 296 int error; 297 298 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK); 299 TAILQ_INIT(opts); 300 memused = 0; 301 iovcnt = auio->uio_iovcnt; 302 for (i = 0; i < iovcnt; i += 2) { 303 namelen = auio->uio_iov[i].iov_len; 304 optlen = auio->uio_iov[i + 1].iov_len; 305 memused += sizeof(struct vfsopt) + optlen + namelen; 306 /* 307 * Avoid consuming too much memory, and attempts to overflow 308 * memused. 309 */ 310 if (memused > VFS_MOUNTARG_SIZE_MAX || 311 optlen > VFS_MOUNTARG_SIZE_MAX || 312 namelen > VFS_MOUNTARG_SIZE_MAX) { 313 error = EINVAL; 314 goto bad; 315 } 316 317 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK); 318 opt->name = malloc(namelen, M_MOUNT, M_WAITOK); 319 opt->value = NULL; 320 opt->len = 0; 321 opt->pos = i / 2; 322 opt->seen = 0; 323 324 /* 325 * Do this early, so jumps to "bad" will free the current 326 * option. 327 */ 328 TAILQ_INSERT_TAIL(opts, opt, link); 329 330 if (auio->uio_segflg == UIO_SYSSPACE) { 331 bcopy(auio->uio_iov[i].iov_base, opt->name, namelen); 332 } else { 333 error = copyin(auio->uio_iov[i].iov_base, opt->name, 334 namelen); 335 if (error) 336 goto bad; 337 } 338 /* Ensure names are null-terminated strings. */ 339 if (namelen == 0 || opt->name[namelen - 1] != '\0') { 340 error = EINVAL; 341 goto bad; 342 } 343 if (optlen != 0) { 344 opt->len = optlen; 345 opt->value = malloc(optlen, M_MOUNT, M_WAITOK); 346 if (auio->uio_segflg == UIO_SYSSPACE) { 347 bcopy(auio->uio_iov[i + 1].iov_base, opt->value, 348 optlen); 349 } else { 350 error = copyin(auio->uio_iov[i + 1].iov_base, 351 opt->value, optlen); 352 if (error) 353 goto bad; 354 } 355 } 356 } 357 vfs_sanitizeopts(opts); 358 *options = opts; 359 return (0); 360 bad: 361 vfs_freeopts(opts); 362 return (error); 363 } 364 365 /* 366 * Merge the old mount options with the new ones passed 367 * in the MNT_UPDATE case. 368 * 369 * XXX: This function will keep a "nofoo" option in the new 370 * options. E.g, if the option's canonical name is "foo", 371 * "nofoo" ends up in the mount point's active options. 372 */ 373 static void 374 vfs_mergeopts(struct vfsoptlist *toopts, struct vfsoptlist *oldopts) 375 { 376 struct vfsopt *opt, *new; 377 378 TAILQ_FOREACH(opt, oldopts, link) { 379 new = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK); 380 new->name = strdup(opt->name, M_MOUNT); 381 if (opt->len != 0) { 382 new->value = malloc(opt->len, M_MOUNT, M_WAITOK); 383 bcopy(opt->value, new->value, opt->len); 384 } else 385 new->value = NULL; 386 new->len = opt->len; 387 new->seen = opt->seen; 388 TAILQ_INSERT_HEAD(toopts, new, link); 389 } 390 vfs_sanitizeopts(toopts); 391 } 392 393 /* 394 * Mount a filesystem. 395 */ 396 #ifndef _SYS_SYSPROTO_H_ 397 struct nmount_args { 398 struct iovec *iovp; 399 unsigned int iovcnt; 400 int flags; 401 }; 402 #endif 403 int 404 sys_nmount(struct thread *td, struct nmount_args *uap) 405 { 406 struct uio *auio; 407 int error; 408 u_int iovcnt; 409 uint64_t flags; 410 411 /* 412 * Mount flags are now 64-bits. On 32-bit archtectures only 413 * 32-bits are passed in, but from here on everything handles 414 * 64-bit flags correctly. 415 */ 416 flags = uap->flags; 417 418 AUDIT_ARG_FFLAGS(flags); 419 CTR4(KTR_VFS, "%s: iovp %p with iovcnt %d and flags %d", __func__, 420 uap->iovp, uap->iovcnt, flags); 421 422 /* 423 * Filter out MNT_ROOTFS. We do not want clients of nmount() in 424 * userspace to set this flag, but we must filter it out if we want 425 * MNT_UPDATE on the root file system to work. 426 * MNT_ROOTFS should only be set by the kernel when mounting its 427 * root file system. 428 */ 429 flags &= ~MNT_ROOTFS; 430 431 iovcnt = uap->iovcnt; 432 /* 433 * Check that we have an even number of iovec's 434 * and that we have at least two options. 435 */ 436 if ((iovcnt & 1) || (iovcnt < 4)) { 437 CTR2(KTR_VFS, "%s: failed for invalid iovcnt %d", __func__, 438 uap->iovcnt); 439 return (EINVAL); 440 } 441 442 error = copyinuio(uap->iovp, iovcnt, &auio); 443 if (error) { 444 CTR2(KTR_VFS, "%s: failed for invalid uio op with %d errno", 445 __func__, error); 446 return (error); 447 } 448 error = vfs_donmount(td, flags, auio); 449 450 free(auio, M_IOV); 451 return (error); 452 } 453 454 /* 455 * --------------------------------------------------------------------- 456 * Various utility functions 457 */ 458 459 void 460 vfs_ref(struct mount *mp) 461 { 462 463 CTR2(KTR_VFS, "%s: mp %p", __func__, mp); 464 if (vfs_op_thread_enter(mp)) { 465 vfs_mp_count_add_pcpu(mp, ref, 1); 466 vfs_op_thread_exit(mp); 467 return; 468 } 469 470 MNT_ILOCK(mp); 471 MNT_REF(mp); 472 MNT_IUNLOCK(mp); 473 } 474 475 void 476 vfs_rel(struct mount *mp) 477 { 478 479 CTR2(KTR_VFS, "%s: mp %p", __func__, mp); 480 if (vfs_op_thread_enter(mp)) { 481 vfs_mp_count_sub_pcpu(mp, ref, 1); 482 vfs_op_thread_exit(mp); 483 return; 484 } 485 486 MNT_ILOCK(mp); 487 MNT_REL(mp); 488 MNT_IUNLOCK(mp); 489 } 490 491 /* 492 * Allocate and initialize the mount point struct. 493 */ 494 struct mount * 495 vfs_mount_alloc(struct vnode *vp, struct vfsconf *vfsp, const char *fspath, 496 struct ucred *cred) 497 { 498 struct mount *mp; 499 500 mp = uma_zalloc(mount_zone, M_WAITOK); 501 bzero(&mp->mnt_startzero, 502 __rangeof(struct mount, mnt_startzero, mnt_endzero)); 503 TAILQ_INIT(&mp->mnt_nvnodelist); 504 mp->mnt_nvnodelistsize = 0; 505 TAILQ_INIT(&mp->mnt_lazyvnodelist); 506 mp->mnt_lazyvnodelistsize = 0; 507 if (mp->mnt_ref != 0 || mp->mnt_lockref != 0 || 508 mp->mnt_writeopcount != 0) 509 panic("%s: non-zero counters on new mp %p\n", __func__, mp); 510 if (mp->mnt_vfs_ops != 1) 511 panic("%s: vfs_ops should be 1 but %d found\n", __func__, 512 mp->mnt_vfs_ops); 513 (void) vfs_busy(mp, MBF_NOWAIT); 514 atomic_add_acq_int(&vfsp->vfc_refcount, 1); 515 mp->mnt_op = vfsp->vfc_vfsops; 516 mp->mnt_vfc = vfsp; 517 mp->mnt_stat.f_type = vfsp->vfc_typenum; 518 mp->mnt_gen++; 519 strlcpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN); 520 mp->mnt_vnodecovered = vp; 521 mp->mnt_cred = crdup(cred); 522 mp->mnt_stat.f_owner = cred->cr_uid; 523 strlcpy(mp->mnt_stat.f_mntonname, fspath, MNAMELEN); 524 mp->mnt_iosize_max = DFLTPHYS; 525 #ifdef MAC 526 mac_mount_init(mp); 527 mac_mount_create(cred, mp); 528 #endif 529 arc4rand(&mp->mnt_hashseed, sizeof mp->mnt_hashseed, 0); 530 TAILQ_INIT(&mp->mnt_uppers); 531 return (mp); 532 } 533 534 /* 535 * Destroy the mount struct previously allocated by vfs_mount_alloc(). 536 */ 537 void 538 vfs_mount_destroy(struct mount *mp) 539 { 540 541 if (mp->mnt_vfs_ops == 0) 542 panic("%s: entered with zero vfs_ops\n", __func__); 543 544 vfs_assert_mount_counters(mp); 545 546 MNT_ILOCK(mp); 547 mp->mnt_kern_flag |= MNTK_REFEXPIRE; 548 if (mp->mnt_kern_flag & MNTK_MWAIT) { 549 mp->mnt_kern_flag &= ~MNTK_MWAIT; 550 wakeup(mp); 551 } 552 while (mp->mnt_ref) 553 msleep(mp, MNT_MTX(mp), PVFS, "mntref", 0); 554 KASSERT(mp->mnt_ref == 0, 555 ("%s: invalid refcount in the drain path @ %s:%d", __func__, 556 __FILE__, __LINE__)); 557 if (mp->mnt_writeopcount != 0) 558 panic("vfs_mount_destroy: nonzero writeopcount"); 559 if (mp->mnt_secondary_writes != 0) 560 panic("vfs_mount_destroy: nonzero secondary_writes"); 561 atomic_subtract_rel_int(&mp->mnt_vfc->vfc_refcount, 1); 562 if (!TAILQ_EMPTY(&mp->mnt_nvnodelist)) { 563 struct vnode *vp; 564 565 TAILQ_FOREACH(vp, &mp->mnt_nvnodelist, v_nmntvnodes) 566 vn_printf(vp, "dangling vnode "); 567 panic("unmount: dangling vnode"); 568 } 569 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers")); 570 if (mp->mnt_nvnodelistsize != 0) 571 panic("vfs_mount_destroy: nonzero nvnodelistsize"); 572 if (mp->mnt_lazyvnodelistsize != 0) 573 panic("vfs_mount_destroy: nonzero lazyvnodelistsize"); 574 if (mp->mnt_lockref != 0) 575 panic("vfs_mount_destroy: nonzero lock refcount"); 576 MNT_IUNLOCK(mp); 577 578 if (mp->mnt_vfs_ops != 1) 579 panic("%s: vfs_ops should be 1 but %d found\n", __func__, 580 mp->mnt_vfs_ops); 581 582 if (mp->mnt_rootvnode != NULL) 583 panic("%s: mount point still has a root vnode %p\n", __func__, 584 mp->mnt_rootvnode); 585 586 if (mp->mnt_vnodecovered != NULL) 587 vrele(mp->mnt_vnodecovered); 588 #ifdef MAC 589 mac_mount_destroy(mp); 590 #endif 591 if (mp->mnt_opt != NULL) 592 vfs_freeopts(mp->mnt_opt); 593 crfree(mp->mnt_cred); 594 uma_zfree(mount_zone, mp); 595 } 596 597 static bool 598 vfs_should_downgrade_to_ro_mount(uint64_t fsflags, int error) 599 { 600 /* This is an upgrade of an exisiting mount. */ 601 if ((fsflags & MNT_UPDATE) != 0) 602 return (false); 603 /* This is already an R/O mount. */ 604 if ((fsflags & MNT_RDONLY) != 0) 605 return (false); 606 607 switch (error) { 608 case ENODEV: /* generic, geom, ... */ 609 case EACCES: /* cam/scsi, ... */ 610 case EROFS: /* md, mmcsd, ... */ 611 /* 612 * These errors can be returned by the storage layer to signal 613 * that the media is read-only. No harm in the R/O mount 614 * attempt if the error was returned for some other reason. 615 */ 616 return (true); 617 default: 618 return (false); 619 } 620 } 621 622 int 623 vfs_donmount(struct thread *td, uint64_t fsflags, struct uio *fsoptions) 624 { 625 struct vfsoptlist *optlist; 626 struct vfsopt *opt, *tmp_opt; 627 char *fstype, *fspath, *errmsg; 628 int error, fstypelen, fspathlen, errmsg_len, errmsg_pos; 629 bool autoro; 630 631 errmsg = fspath = NULL; 632 errmsg_len = fspathlen = 0; 633 errmsg_pos = -1; 634 autoro = default_autoro; 635 636 error = vfs_buildopts(fsoptions, &optlist); 637 if (error) 638 return (error); 639 640 if (vfs_getopt(optlist, "errmsg", (void **)&errmsg, &errmsg_len) == 0) 641 errmsg_pos = vfs_getopt_pos(optlist, "errmsg"); 642 643 /* 644 * We need these two options before the others, 645 * and they are mandatory for any filesystem. 646 * Ensure they are NUL terminated as well. 647 */ 648 fstypelen = 0; 649 error = vfs_getopt(optlist, "fstype", (void **)&fstype, &fstypelen); 650 if (error || fstypelen <= 0 || fstype[fstypelen - 1] != '\0') { 651 error = EINVAL; 652 if (errmsg != NULL) 653 strncpy(errmsg, "Invalid fstype", errmsg_len); 654 goto bail; 655 } 656 fspathlen = 0; 657 error = vfs_getopt(optlist, "fspath", (void **)&fspath, &fspathlen); 658 if (error || fspathlen <= 0 || fspath[fspathlen - 1] != '\0') { 659 error = EINVAL; 660 if (errmsg != NULL) 661 strncpy(errmsg, "Invalid fspath", errmsg_len); 662 goto bail; 663 } 664 665 /* 666 * We need to see if we have the "update" option 667 * before we call vfs_domount(), since vfs_domount() has special 668 * logic based on MNT_UPDATE. This is very important 669 * when we want to update the root filesystem. 670 */ 671 TAILQ_FOREACH_SAFE(opt, optlist, link, tmp_opt) { 672 int do_freeopt = 0; 673 674 if (strcmp(opt->name, "update") == 0) { 675 fsflags |= MNT_UPDATE; 676 do_freeopt = 1; 677 } 678 else if (strcmp(opt->name, "async") == 0) 679 fsflags |= MNT_ASYNC; 680 else if (strcmp(opt->name, "force") == 0) { 681 fsflags |= MNT_FORCE; 682 do_freeopt = 1; 683 } 684 else if (strcmp(opt->name, "reload") == 0) { 685 fsflags |= MNT_RELOAD; 686 do_freeopt = 1; 687 } 688 else if (strcmp(opt->name, "multilabel") == 0) 689 fsflags |= MNT_MULTILABEL; 690 else if (strcmp(opt->name, "noasync") == 0) 691 fsflags &= ~MNT_ASYNC; 692 else if (strcmp(opt->name, "noatime") == 0) 693 fsflags |= MNT_NOATIME; 694 else if (strcmp(opt->name, "atime") == 0) { 695 free(opt->name, M_MOUNT); 696 opt->name = strdup("nonoatime", M_MOUNT); 697 } 698 else if (strcmp(opt->name, "noclusterr") == 0) 699 fsflags |= MNT_NOCLUSTERR; 700 else if (strcmp(opt->name, "clusterr") == 0) { 701 free(opt->name, M_MOUNT); 702 opt->name = strdup("nonoclusterr", M_MOUNT); 703 } 704 else if (strcmp(opt->name, "noclusterw") == 0) 705 fsflags |= MNT_NOCLUSTERW; 706 else if (strcmp(opt->name, "clusterw") == 0) { 707 free(opt->name, M_MOUNT); 708 opt->name = strdup("nonoclusterw", M_MOUNT); 709 } 710 else if (strcmp(opt->name, "noexec") == 0) 711 fsflags |= MNT_NOEXEC; 712 else if (strcmp(opt->name, "exec") == 0) { 713 free(opt->name, M_MOUNT); 714 opt->name = strdup("nonoexec", M_MOUNT); 715 } 716 else if (strcmp(opt->name, "nosuid") == 0) 717 fsflags |= MNT_NOSUID; 718 else if (strcmp(opt->name, "suid") == 0) { 719 free(opt->name, M_MOUNT); 720 opt->name = strdup("nonosuid", M_MOUNT); 721 } 722 else if (strcmp(opt->name, "nosymfollow") == 0) 723 fsflags |= MNT_NOSYMFOLLOW; 724 else if (strcmp(opt->name, "symfollow") == 0) { 725 free(opt->name, M_MOUNT); 726 opt->name = strdup("nonosymfollow", M_MOUNT); 727 } 728 else if (strcmp(opt->name, "noro") == 0) { 729 fsflags &= ~MNT_RDONLY; 730 autoro = false; 731 } 732 else if (strcmp(opt->name, "rw") == 0) { 733 fsflags &= ~MNT_RDONLY; 734 autoro = false; 735 } 736 else if (strcmp(opt->name, "ro") == 0) { 737 fsflags |= MNT_RDONLY; 738 autoro = false; 739 } 740 else if (strcmp(opt->name, "rdonly") == 0) { 741 free(opt->name, M_MOUNT); 742 opt->name = strdup("ro", M_MOUNT); 743 fsflags |= MNT_RDONLY; 744 autoro = false; 745 } 746 else if (strcmp(opt->name, "autoro") == 0) { 747 do_freeopt = 1; 748 autoro = true; 749 } 750 else if (strcmp(opt->name, "suiddir") == 0) 751 fsflags |= MNT_SUIDDIR; 752 else if (strcmp(opt->name, "sync") == 0) 753 fsflags |= MNT_SYNCHRONOUS; 754 else if (strcmp(opt->name, "union") == 0) 755 fsflags |= MNT_UNION; 756 else if (strcmp(opt->name, "automounted") == 0) { 757 fsflags |= MNT_AUTOMOUNTED; 758 do_freeopt = 1; 759 } else if (strcmp(opt->name, "nocover") == 0) { 760 fsflags |= MNT_NOCOVER; 761 do_freeopt = 1; 762 } else if (strcmp(opt->name, "cover") == 0) { 763 fsflags &= ~MNT_NOCOVER; 764 do_freeopt = 1; 765 } else if (strcmp(opt->name, "emptydir") == 0) { 766 fsflags |= MNT_EMPTYDIR; 767 do_freeopt = 1; 768 } else if (strcmp(opt->name, "noemptydir") == 0) { 769 fsflags &= ~MNT_EMPTYDIR; 770 do_freeopt = 1; 771 } 772 if (do_freeopt) 773 vfs_freeopt(optlist, opt); 774 } 775 776 /* 777 * Be ultra-paranoid about making sure the type and fspath 778 * variables will fit in our mp buffers, including the 779 * terminating NUL. 780 */ 781 if (fstypelen > MFSNAMELEN || fspathlen > MNAMELEN) { 782 error = ENAMETOOLONG; 783 goto bail; 784 } 785 786 error = vfs_domount(td, fstype, fspath, fsflags, &optlist); 787 788 /* 789 * See if we can mount in the read-only mode if the error code suggests 790 * that it could be possible and the mount options allow for that. 791 * Never try it if "[no]{ro|rw}" has been explicitly requested and not 792 * overridden by "autoro". 793 */ 794 if (autoro && vfs_should_downgrade_to_ro_mount(fsflags, error)) { 795 printf("%s: R/W mount failed, possibly R/O media," 796 " trying R/O mount\n", __func__); 797 fsflags |= MNT_RDONLY; 798 error = vfs_domount(td, fstype, fspath, fsflags, &optlist); 799 } 800 bail: 801 /* copyout the errmsg */ 802 if (errmsg_pos != -1 && ((2 * errmsg_pos + 1) < fsoptions->uio_iovcnt) 803 && errmsg_len > 0 && errmsg != NULL) { 804 if (fsoptions->uio_segflg == UIO_SYSSPACE) { 805 bcopy(errmsg, 806 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, 807 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); 808 } else { 809 copyout(errmsg, 810 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, 811 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); 812 } 813 } 814 815 if (optlist != NULL) 816 vfs_freeopts(optlist); 817 return (error); 818 } 819 820 /* 821 * Old mount API. 822 */ 823 #ifndef _SYS_SYSPROTO_H_ 824 struct mount_args { 825 char *type; 826 char *path; 827 int flags; 828 caddr_t data; 829 }; 830 #endif 831 /* ARGSUSED */ 832 int 833 sys_mount(struct thread *td, struct mount_args *uap) 834 { 835 char *fstype; 836 struct vfsconf *vfsp = NULL; 837 struct mntarg *ma = NULL; 838 uint64_t flags; 839 int error; 840 841 /* 842 * Mount flags are now 64-bits. On 32-bit architectures only 843 * 32-bits are passed in, but from here on everything handles 844 * 64-bit flags correctly. 845 */ 846 flags = uap->flags; 847 848 AUDIT_ARG_FFLAGS(flags); 849 850 /* 851 * Filter out MNT_ROOTFS. We do not want clients of mount() in 852 * userspace to set this flag, but we must filter it out if we want 853 * MNT_UPDATE on the root file system to work. 854 * MNT_ROOTFS should only be set by the kernel when mounting its 855 * root file system. 856 */ 857 flags &= ~MNT_ROOTFS; 858 859 fstype = malloc(MFSNAMELEN, M_TEMP, M_WAITOK); 860 error = copyinstr(uap->type, fstype, MFSNAMELEN, NULL); 861 if (error) { 862 free(fstype, M_TEMP); 863 return (error); 864 } 865 866 AUDIT_ARG_TEXT(fstype); 867 vfsp = vfs_byname_kld(fstype, td, &error); 868 free(fstype, M_TEMP); 869 if (vfsp == NULL) 870 return (ENOENT); 871 if (((vfsp->vfc_flags & VFCF_SBDRY) != 0 && 872 vfsp->vfc_vfsops_sd->vfs_cmount == NULL) || 873 ((vfsp->vfc_flags & VFCF_SBDRY) == 0 && 874 vfsp->vfc_vfsops->vfs_cmount == NULL)) 875 return (EOPNOTSUPP); 876 877 ma = mount_argsu(ma, "fstype", uap->type, MFSNAMELEN); 878 ma = mount_argsu(ma, "fspath", uap->path, MNAMELEN); 879 ma = mount_argb(ma, flags & MNT_RDONLY, "noro"); 880 ma = mount_argb(ma, !(flags & MNT_NOSUID), "nosuid"); 881 ma = mount_argb(ma, !(flags & MNT_NOEXEC), "noexec"); 882 883 if ((vfsp->vfc_flags & VFCF_SBDRY) != 0) 884 return (vfsp->vfc_vfsops_sd->vfs_cmount(ma, uap->data, flags)); 885 return (vfsp->vfc_vfsops->vfs_cmount(ma, uap->data, flags)); 886 } 887 888 /* 889 * vfs_domount_first(): first file system mount (not update) 890 */ 891 static int 892 vfs_domount_first( 893 struct thread *td, /* Calling thread. */ 894 struct vfsconf *vfsp, /* File system type. */ 895 char *fspath, /* Mount path. */ 896 struct vnode *vp, /* Vnode to be covered. */ 897 uint64_t fsflags, /* Flags common to all filesystems. */ 898 struct vfsoptlist **optlist /* Options local to the filesystem. */ 899 ) 900 { 901 struct vattr va; 902 struct mount *mp; 903 struct vnode *newdp, *rootvp; 904 int error, error1; 905 906 ASSERT_VOP_ELOCKED(vp, __func__); 907 KASSERT((fsflags & MNT_UPDATE) == 0, ("MNT_UPDATE shouldn't be here")); 908 909 if ((fsflags & MNT_EMPTYDIR) != 0) { 910 error = vfs_emptydir(vp); 911 if (error != 0) { 912 vput(vp); 913 return (error); 914 } 915 } 916 917 /* 918 * If the jail of the calling thread lacks permission for this type of 919 * file system, deny immediately. 920 */ 921 if (jailed(td->td_ucred) && !prison_allow(td->td_ucred, 922 vfsp->vfc_prison_flag)) { 923 vput(vp); 924 return (EPERM); 925 } 926 927 /* 928 * If the user is not root, ensure that they own the directory 929 * onto which we are attempting to mount. 930 */ 931 error = VOP_GETATTR(vp, &va, td->td_ucred); 932 if (error == 0 && va.va_uid != td->td_ucred->cr_uid) 933 error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN); 934 if (error == 0) 935 error = vinvalbuf(vp, V_SAVE, 0, 0); 936 if (error == 0 && vp->v_type != VDIR) 937 error = ENOTDIR; 938 if (error == 0) { 939 VI_LOCK(vp); 940 if ((vp->v_iflag & VI_MOUNT) == 0 && vp->v_mountedhere == NULL) 941 vp->v_iflag |= VI_MOUNT; 942 else 943 error = EBUSY; 944 VI_UNLOCK(vp); 945 } 946 if (error != 0) { 947 vput(vp); 948 return (error); 949 } 950 vn_seqc_write_begin(vp); 951 VOP_UNLOCK(vp); 952 953 /* Allocate and initialize the filesystem. */ 954 mp = vfs_mount_alloc(vp, vfsp, fspath, td->td_ucred); 955 /* XXXMAC: pass to vfs_mount_alloc? */ 956 mp->mnt_optnew = *optlist; 957 /* Set the mount level flags. */ 958 mp->mnt_flag = (fsflags & (MNT_UPDATEMASK | MNT_ROOTFS | MNT_RDONLY)); 959 960 /* 961 * Mount the filesystem. 962 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they 963 * get. No freeing of cn_pnbuf. 964 */ 965 error1 = 0; 966 if ((error = VFS_MOUNT(mp)) != 0 || 967 (error1 = VFS_STATFS(mp, &mp->mnt_stat)) != 0 || 968 (error1 = VFS_ROOT(mp, LK_EXCLUSIVE, &newdp)) != 0) { 969 if (error1 != 0) { 970 error = error1; 971 rootvp = vfs_cache_root_clear(mp); 972 if (rootvp != NULL) 973 vrele(rootvp); 974 if ((error1 = VFS_UNMOUNT(mp, 0)) != 0) 975 printf("VFS_UNMOUNT returned %d\n", error1); 976 } 977 vfs_unbusy(mp); 978 mp->mnt_vnodecovered = NULL; 979 vfs_mount_destroy(mp); 980 VI_LOCK(vp); 981 vp->v_iflag &= ~VI_MOUNT; 982 VI_UNLOCK(vp); 983 vn_seqc_write_end(vp); 984 vrele(vp); 985 return (error); 986 } 987 vn_seqc_write_begin(newdp); 988 VOP_UNLOCK(newdp); 989 990 if (mp->mnt_opt != NULL) 991 vfs_freeopts(mp->mnt_opt); 992 mp->mnt_opt = mp->mnt_optnew; 993 *optlist = NULL; 994 995 /* 996 * Prevent external consumers of mount options from reading mnt_optnew. 997 */ 998 mp->mnt_optnew = NULL; 999 1000 MNT_ILOCK(mp); 1001 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 1002 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 1003 mp->mnt_kern_flag |= MNTK_ASYNC; 1004 else 1005 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1006 MNT_IUNLOCK(mp); 1007 1008 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 1009 cache_purge(vp); 1010 VI_LOCK(vp); 1011 vp->v_iflag &= ~VI_MOUNT; 1012 VI_UNLOCK(vp); 1013 vp->v_mountedhere = mp; 1014 /* Place the new filesystem at the end of the mount list. */ 1015 mtx_lock(&mountlist_mtx); 1016 TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list); 1017 mtx_unlock(&mountlist_mtx); 1018 vfs_event_signal(NULL, VQ_MOUNT, 0); 1019 vn_lock(newdp, LK_EXCLUSIVE | LK_RETRY); 1020 VOP_UNLOCK(vp); 1021 EVENTHANDLER_DIRECT_INVOKE(vfs_mounted, mp, newdp, td); 1022 VOP_UNLOCK(newdp); 1023 mountcheckdirs(vp, newdp); 1024 vn_seqc_write_end(vp); 1025 vn_seqc_write_end(newdp); 1026 vrele(newdp); 1027 if ((mp->mnt_flag & MNT_RDONLY) == 0) 1028 vfs_allocate_syncvnode(mp); 1029 vfs_op_exit(mp); 1030 vfs_unbusy(mp); 1031 return (0); 1032 } 1033 1034 /* 1035 * vfs_domount_update(): update of mounted file system 1036 */ 1037 static int 1038 vfs_domount_update( 1039 struct thread *td, /* Calling thread. */ 1040 struct vnode *vp, /* Mount point vnode. */ 1041 uint64_t fsflags, /* Flags common to all filesystems. */ 1042 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1043 ) 1044 { 1045 struct export_args export; 1046 struct o2export_args o2export; 1047 struct vnode *rootvp; 1048 void *bufp; 1049 struct mount *mp; 1050 int error, export_error, i, len; 1051 uint64_t flag; 1052 gid_t *grps; 1053 1054 ASSERT_VOP_ELOCKED(vp, __func__); 1055 KASSERT((fsflags & MNT_UPDATE) != 0, ("MNT_UPDATE should be here")); 1056 mp = vp->v_mount; 1057 1058 if ((vp->v_vflag & VV_ROOT) == 0) { 1059 if (vfs_copyopt(*optlist, "export", &export, sizeof(export)) 1060 == 0) 1061 error = EXDEV; 1062 else 1063 error = EINVAL; 1064 vput(vp); 1065 return (error); 1066 } 1067 1068 /* 1069 * We only allow the filesystem to be reloaded if it 1070 * is currently mounted read-only. 1071 */ 1072 flag = mp->mnt_flag; 1073 if ((fsflags & MNT_RELOAD) != 0 && (flag & MNT_RDONLY) == 0) { 1074 vput(vp); 1075 return (EOPNOTSUPP); /* Needs translation */ 1076 } 1077 /* 1078 * Only privileged root, or (if MNT_USER is set) the user that 1079 * did the original mount is permitted to update it. 1080 */ 1081 error = vfs_suser(mp, td); 1082 if (error != 0) { 1083 vput(vp); 1084 return (error); 1085 } 1086 if (vfs_busy(mp, MBF_NOWAIT)) { 1087 vput(vp); 1088 return (EBUSY); 1089 } 1090 VI_LOCK(vp); 1091 if ((vp->v_iflag & VI_MOUNT) != 0 || vp->v_mountedhere != NULL) { 1092 VI_UNLOCK(vp); 1093 vfs_unbusy(mp); 1094 vput(vp); 1095 return (EBUSY); 1096 } 1097 vp->v_iflag |= VI_MOUNT; 1098 VI_UNLOCK(vp); 1099 VOP_UNLOCK(vp); 1100 1101 vfs_op_enter(mp); 1102 vn_seqc_write_begin(vp); 1103 1104 rootvp = NULL; 1105 MNT_ILOCK(mp); 1106 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0) { 1107 MNT_IUNLOCK(mp); 1108 error = EBUSY; 1109 goto end; 1110 } 1111 mp->mnt_flag &= ~MNT_UPDATEMASK; 1112 mp->mnt_flag |= fsflags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE | 1113 MNT_SNAPSHOT | MNT_ROOTFS | MNT_UPDATEMASK | MNT_RDONLY); 1114 if ((mp->mnt_flag & MNT_ASYNC) == 0) 1115 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1116 rootvp = vfs_cache_root_clear(mp); 1117 MNT_IUNLOCK(mp); 1118 mp->mnt_optnew = *optlist; 1119 vfs_mergeopts(mp->mnt_optnew, mp->mnt_opt); 1120 1121 /* 1122 * Mount the filesystem. 1123 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they 1124 * get. No freeing of cn_pnbuf. 1125 */ 1126 error = VFS_MOUNT(mp); 1127 1128 export_error = 0; 1129 /* Process the export option. */ 1130 if (error == 0 && vfs_getopt(mp->mnt_optnew, "export", &bufp, 1131 &len) == 0) { 1132 /* Assume that there is only 1 ABI for each length. */ 1133 switch (len) { 1134 case (sizeof(struct oexport_args)): 1135 bzero(&o2export, sizeof(o2export)); 1136 /* FALLTHROUGH */ 1137 case (sizeof(o2export)): 1138 bcopy(bufp, &o2export, len); 1139 export.ex_flags = (uint64_t)o2export.ex_flags; 1140 export.ex_root = o2export.ex_root; 1141 export.ex_uid = o2export.ex_anon.cr_uid; 1142 export.ex_groups = NULL; 1143 export.ex_ngroups = o2export.ex_anon.cr_ngroups; 1144 if (export.ex_ngroups > 0) { 1145 if (export.ex_ngroups <= XU_NGROUPS) { 1146 export.ex_groups = malloc( 1147 export.ex_ngroups * sizeof(gid_t), 1148 M_TEMP, M_WAITOK); 1149 for (i = 0; i < export.ex_ngroups; i++) 1150 export.ex_groups[i] = 1151 o2export.ex_anon.cr_groups[i]; 1152 } else 1153 export_error = EINVAL; 1154 } else if (export.ex_ngroups < 0) 1155 export_error = EINVAL; 1156 export.ex_addr = o2export.ex_addr; 1157 export.ex_addrlen = o2export.ex_addrlen; 1158 export.ex_mask = o2export.ex_mask; 1159 export.ex_masklen = o2export.ex_masklen; 1160 export.ex_indexfile = o2export.ex_indexfile; 1161 export.ex_numsecflavors = o2export.ex_numsecflavors; 1162 if (export.ex_numsecflavors < MAXSECFLAVORS) { 1163 for (i = 0; i < export.ex_numsecflavors; i++) 1164 export.ex_secflavors[i] = 1165 o2export.ex_secflavors[i]; 1166 } else 1167 export_error = EINVAL; 1168 if (export_error == 0) 1169 export_error = vfs_export(mp, &export); 1170 free(export.ex_groups, M_TEMP); 1171 break; 1172 case (sizeof(export)): 1173 bcopy(bufp, &export, len); 1174 grps = NULL; 1175 if (export.ex_ngroups > 0) { 1176 if (export.ex_ngroups <= NGROUPS_MAX) { 1177 grps = malloc(export.ex_ngroups * 1178 sizeof(gid_t), M_TEMP, M_WAITOK); 1179 export_error = copyin(export.ex_groups, 1180 grps, export.ex_ngroups * 1181 sizeof(gid_t)); 1182 if (export_error == 0) 1183 export.ex_groups = grps; 1184 } else 1185 export_error = EINVAL; 1186 } else if (export.ex_ngroups == 0) 1187 export.ex_groups = NULL; 1188 else 1189 export_error = EINVAL; 1190 if (export_error == 0) 1191 export_error = vfs_export(mp, &export); 1192 free(grps, M_TEMP); 1193 break; 1194 default: 1195 export_error = EINVAL; 1196 break; 1197 } 1198 } 1199 1200 MNT_ILOCK(mp); 1201 if (error == 0) { 1202 mp->mnt_flag &= ~(MNT_UPDATE | MNT_RELOAD | MNT_FORCE | 1203 MNT_SNAPSHOT); 1204 } else { 1205 /* 1206 * If we fail, restore old mount flags. MNT_QUOTA is special, 1207 * because it is not part of MNT_UPDATEMASK, but it could have 1208 * changed in the meantime if quotactl(2) was called. 1209 * All in all we want current value of MNT_QUOTA, not the old 1210 * one. 1211 */ 1212 mp->mnt_flag = (mp->mnt_flag & MNT_QUOTA) | (flag & ~MNT_QUOTA); 1213 } 1214 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 1215 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 1216 mp->mnt_kern_flag |= MNTK_ASYNC; 1217 else 1218 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1219 MNT_IUNLOCK(mp); 1220 1221 if (error != 0) 1222 goto end; 1223 1224 if (mp->mnt_opt != NULL) 1225 vfs_freeopts(mp->mnt_opt); 1226 mp->mnt_opt = mp->mnt_optnew; 1227 *optlist = NULL; 1228 (void)VFS_STATFS(mp, &mp->mnt_stat); 1229 /* 1230 * Prevent external consumers of mount options from reading 1231 * mnt_optnew. 1232 */ 1233 mp->mnt_optnew = NULL; 1234 1235 if ((mp->mnt_flag & MNT_RDONLY) == 0) 1236 vfs_allocate_syncvnode(mp); 1237 else 1238 vfs_deallocate_syncvnode(mp); 1239 end: 1240 vfs_op_exit(mp); 1241 if (rootvp != NULL) { 1242 vn_seqc_write_end(rootvp); 1243 vrele(rootvp); 1244 } 1245 vn_seqc_write_end(vp); 1246 vfs_unbusy(mp); 1247 VI_LOCK(vp); 1248 vp->v_iflag &= ~VI_MOUNT; 1249 VI_UNLOCK(vp); 1250 vrele(vp); 1251 return (error != 0 ? error : export_error); 1252 } 1253 1254 /* 1255 * vfs_domount(): actually attempt a filesystem mount. 1256 */ 1257 static int 1258 vfs_domount( 1259 struct thread *td, /* Calling thread. */ 1260 const char *fstype, /* Filesystem type. */ 1261 char *fspath, /* Mount path. */ 1262 uint64_t fsflags, /* Flags common to all filesystems. */ 1263 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1264 ) 1265 { 1266 struct vfsconf *vfsp; 1267 struct nameidata nd; 1268 struct vnode *vp; 1269 char *pathbuf; 1270 int error; 1271 1272 /* 1273 * Be ultra-paranoid about making sure the type and fspath 1274 * variables will fit in our mp buffers, including the 1275 * terminating NUL. 1276 */ 1277 if (strlen(fstype) >= MFSNAMELEN || strlen(fspath) >= MNAMELEN) 1278 return (ENAMETOOLONG); 1279 1280 if (jailed(td->td_ucred) || usermount == 0) { 1281 if ((error = priv_check(td, PRIV_VFS_MOUNT)) != 0) 1282 return (error); 1283 } 1284 1285 /* 1286 * Do not allow NFS export or MNT_SUIDDIR by unprivileged users. 1287 */ 1288 if (fsflags & MNT_EXPORTED) { 1289 error = priv_check(td, PRIV_VFS_MOUNT_EXPORTED); 1290 if (error) 1291 return (error); 1292 } 1293 if (fsflags & MNT_SUIDDIR) { 1294 error = priv_check(td, PRIV_VFS_MOUNT_SUIDDIR); 1295 if (error) 1296 return (error); 1297 } 1298 /* 1299 * Silently enforce MNT_NOSUID and MNT_USER for unprivileged users. 1300 */ 1301 if ((fsflags & (MNT_NOSUID | MNT_USER)) != (MNT_NOSUID | MNT_USER)) { 1302 if (priv_check(td, PRIV_VFS_MOUNT_NONUSER) != 0) 1303 fsflags |= MNT_NOSUID | MNT_USER; 1304 } 1305 1306 /* Load KLDs before we lock the covered vnode to avoid reversals. */ 1307 vfsp = NULL; 1308 if ((fsflags & MNT_UPDATE) == 0) { 1309 /* Don't try to load KLDs if we're mounting the root. */ 1310 if (fsflags & MNT_ROOTFS) 1311 vfsp = vfs_byname(fstype); 1312 else 1313 vfsp = vfs_byname_kld(fstype, td, &error); 1314 if (vfsp == NULL) 1315 return (ENODEV); 1316 } 1317 1318 /* 1319 * Get vnode to be covered or mount point's vnode in case of MNT_UPDATE. 1320 */ 1321 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, 1322 UIO_SYSSPACE, fspath, td); 1323 error = namei(&nd); 1324 if (error != 0) 1325 return (error); 1326 NDFREE(&nd, NDF_ONLY_PNBUF); 1327 vp = nd.ni_vp; 1328 if ((fsflags & MNT_UPDATE) == 0) { 1329 if ((vp->v_vflag & VV_ROOT) != 0 && 1330 (fsflags & MNT_NOCOVER) != 0) { 1331 vput(vp); 1332 return (EBUSY); 1333 } 1334 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1335 strcpy(pathbuf, fspath); 1336 error = vn_path_to_global_path(td, vp, pathbuf, MNAMELEN); 1337 if (error == 0) { 1338 error = vfs_domount_first(td, vfsp, pathbuf, vp, 1339 fsflags, optlist); 1340 } 1341 free(pathbuf, M_TEMP); 1342 } else 1343 error = vfs_domount_update(td, vp, fsflags, optlist); 1344 1345 return (error); 1346 } 1347 1348 /* 1349 * Unmount a filesystem. 1350 * 1351 * Note: unmount takes a path to the vnode mounted on as argument, not 1352 * special file (as before). 1353 */ 1354 #ifndef _SYS_SYSPROTO_H_ 1355 struct unmount_args { 1356 char *path; 1357 int flags; 1358 }; 1359 #endif 1360 /* ARGSUSED */ 1361 int 1362 sys_unmount(struct thread *td, struct unmount_args *uap) 1363 { 1364 1365 return (kern_unmount(td, uap->path, uap->flags)); 1366 } 1367 1368 int 1369 kern_unmount(struct thread *td, const char *path, int flags) 1370 { 1371 struct nameidata nd; 1372 struct mount *mp; 1373 char *pathbuf; 1374 int error, id0, id1; 1375 1376 AUDIT_ARG_VALUE(flags); 1377 if (jailed(td->td_ucred) || usermount == 0) { 1378 error = priv_check(td, PRIV_VFS_UNMOUNT); 1379 if (error) 1380 return (error); 1381 } 1382 1383 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1384 error = copyinstr(path, pathbuf, MNAMELEN, NULL); 1385 if (error) { 1386 free(pathbuf, M_TEMP); 1387 return (error); 1388 } 1389 if (flags & MNT_BYFSID) { 1390 AUDIT_ARG_TEXT(pathbuf); 1391 /* Decode the filesystem ID. */ 1392 if (sscanf(pathbuf, "FSID:%d:%d", &id0, &id1) != 2) { 1393 free(pathbuf, M_TEMP); 1394 return (EINVAL); 1395 } 1396 1397 mtx_lock(&mountlist_mtx); 1398 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 1399 if (mp->mnt_stat.f_fsid.val[0] == id0 && 1400 mp->mnt_stat.f_fsid.val[1] == id1) { 1401 vfs_ref(mp); 1402 break; 1403 } 1404 } 1405 mtx_unlock(&mountlist_mtx); 1406 } else { 1407 /* 1408 * Try to find global path for path argument. 1409 */ 1410 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, 1411 UIO_SYSSPACE, pathbuf, td); 1412 if (namei(&nd) == 0) { 1413 NDFREE(&nd, NDF_ONLY_PNBUF); 1414 error = vn_path_to_global_path(td, nd.ni_vp, pathbuf, 1415 MNAMELEN); 1416 if (error == 0) 1417 vput(nd.ni_vp); 1418 } 1419 mtx_lock(&mountlist_mtx); 1420 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 1421 if (strcmp(mp->mnt_stat.f_mntonname, pathbuf) == 0) { 1422 vfs_ref(mp); 1423 break; 1424 } 1425 } 1426 mtx_unlock(&mountlist_mtx); 1427 } 1428 free(pathbuf, M_TEMP); 1429 if (mp == NULL) { 1430 /* 1431 * Previously we returned ENOENT for a nonexistent path and 1432 * EINVAL for a non-mountpoint. We cannot tell these apart 1433 * now, so in the !MNT_BYFSID case return the more likely 1434 * EINVAL for compatibility. 1435 */ 1436 return ((flags & MNT_BYFSID) ? ENOENT : EINVAL); 1437 } 1438 1439 /* 1440 * Don't allow unmounting the root filesystem. 1441 */ 1442 if (mp->mnt_flag & MNT_ROOTFS) { 1443 vfs_rel(mp); 1444 return (EINVAL); 1445 } 1446 error = dounmount(mp, flags, td); 1447 return (error); 1448 } 1449 1450 /* 1451 * Return error if any of the vnodes, ignoring the root vnode 1452 * and the syncer vnode, have non-zero usecount. 1453 * 1454 * This function is purely advisory - it can return false positives 1455 * and negatives. 1456 */ 1457 static int 1458 vfs_check_usecounts(struct mount *mp) 1459 { 1460 struct vnode *vp, *mvp; 1461 1462 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) { 1463 if ((vp->v_vflag & VV_ROOT) == 0 && vp->v_type != VNON && 1464 vp->v_usecount != 0) { 1465 VI_UNLOCK(vp); 1466 MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp); 1467 return (EBUSY); 1468 } 1469 VI_UNLOCK(vp); 1470 } 1471 1472 return (0); 1473 } 1474 1475 static void 1476 dounmount_cleanup(struct mount *mp, struct vnode *coveredvp, int mntkflags) 1477 { 1478 1479 mtx_assert(MNT_MTX(mp), MA_OWNED); 1480 mp->mnt_kern_flag &= ~mntkflags; 1481 if ((mp->mnt_kern_flag & MNTK_MWAIT) != 0) { 1482 mp->mnt_kern_flag &= ~MNTK_MWAIT; 1483 wakeup(mp); 1484 } 1485 vfs_op_exit_locked(mp); 1486 MNT_IUNLOCK(mp); 1487 if (coveredvp != NULL) { 1488 VOP_UNLOCK(coveredvp); 1489 vdrop(coveredvp); 1490 } 1491 vn_finished_write(mp); 1492 } 1493 1494 /* 1495 * There are various reference counters associated with the mount point. 1496 * Normally it is permitted to modify them without taking the mnt ilock, 1497 * but this behavior can be temporarily disabled if stable value is needed 1498 * or callers are expected to block (e.g. to not allow new users during 1499 * forced unmount). 1500 */ 1501 void 1502 vfs_op_enter(struct mount *mp) 1503 { 1504 int cpu; 1505 1506 MNT_ILOCK(mp); 1507 mp->mnt_vfs_ops++; 1508 if (mp->mnt_vfs_ops > 1) { 1509 MNT_IUNLOCK(mp); 1510 return; 1511 } 1512 vfs_op_barrier_wait(mp); 1513 CPU_FOREACH(cpu) { 1514 mp->mnt_ref += 1515 zpcpu_replace_cpu(mp->mnt_ref_pcpu, 0, cpu); 1516 mp->mnt_lockref += 1517 zpcpu_replace_cpu(mp->mnt_lockref_pcpu, 0, cpu); 1518 mp->mnt_writeopcount += 1519 zpcpu_replace_cpu(mp->mnt_writeopcount_pcpu, 0, cpu); 1520 } 1521 if (mp->mnt_ref <= 0 || mp->mnt_lockref < 0 || mp->mnt_writeopcount < 0) 1522 panic("%s: invalid count(s) on mp %p: ref %d lockref %d writeopcount %d\n", 1523 __func__, mp, mp->mnt_ref, mp->mnt_lockref, mp->mnt_writeopcount); 1524 MNT_IUNLOCK(mp); 1525 vfs_assert_mount_counters(mp); 1526 } 1527 1528 void 1529 vfs_op_exit_locked(struct mount *mp) 1530 { 1531 1532 mtx_assert(MNT_MTX(mp), MA_OWNED); 1533 1534 if (mp->mnt_vfs_ops <= 0) 1535 panic("%s: invalid vfs_ops count %d for mp %p\n", 1536 __func__, mp->mnt_vfs_ops, mp); 1537 mp->mnt_vfs_ops--; 1538 } 1539 1540 void 1541 vfs_op_exit(struct mount *mp) 1542 { 1543 1544 MNT_ILOCK(mp); 1545 vfs_op_exit_locked(mp); 1546 MNT_IUNLOCK(mp); 1547 } 1548 1549 struct vfs_op_barrier_ipi { 1550 struct mount *mp; 1551 struct smp_rendezvous_cpus_retry_arg srcra; 1552 }; 1553 1554 static void 1555 vfs_op_action_func(void *arg) 1556 { 1557 struct vfs_op_barrier_ipi *vfsopipi; 1558 struct mount *mp; 1559 1560 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra); 1561 mp = vfsopipi->mp; 1562 1563 if (!vfs_op_thread_entered(mp)) 1564 smp_rendezvous_cpus_done(arg); 1565 } 1566 1567 static void 1568 vfs_op_wait_func(void *arg, int cpu) 1569 { 1570 struct vfs_op_barrier_ipi *vfsopipi; 1571 struct mount *mp; 1572 int *in_op; 1573 1574 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra); 1575 mp = vfsopipi->mp; 1576 1577 in_op = zpcpu_get_cpu(mp->mnt_thread_in_ops_pcpu, cpu); 1578 while (atomic_load_int(in_op)) 1579 cpu_spinwait(); 1580 } 1581 1582 void 1583 vfs_op_barrier_wait(struct mount *mp) 1584 { 1585 struct vfs_op_barrier_ipi vfsopipi; 1586 1587 vfsopipi.mp = mp; 1588 1589 smp_rendezvous_cpus_retry(all_cpus, 1590 smp_no_rendezvous_barrier, 1591 vfs_op_action_func, 1592 smp_no_rendezvous_barrier, 1593 vfs_op_wait_func, 1594 &vfsopipi.srcra); 1595 } 1596 1597 #ifdef DIAGNOSTIC 1598 void 1599 vfs_assert_mount_counters(struct mount *mp) 1600 { 1601 int cpu; 1602 1603 if (mp->mnt_vfs_ops == 0) 1604 return; 1605 1606 CPU_FOREACH(cpu) { 1607 if (*zpcpu_get_cpu(mp->mnt_ref_pcpu, cpu) != 0 || 1608 *zpcpu_get_cpu(mp->mnt_lockref_pcpu, cpu) != 0 || 1609 *zpcpu_get_cpu(mp->mnt_writeopcount_pcpu, cpu) != 0) 1610 vfs_dump_mount_counters(mp); 1611 } 1612 } 1613 1614 void 1615 vfs_dump_mount_counters(struct mount *mp) 1616 { 1617 int cpu, *count; 1618 int ref, lockref, writeopcount; 1619 1620 printf("%s: mp %p vfs_ops %d\n", __func__, mp, mp->mnt_vfs_ops); 1621 1622 printf(" ref : "); 1623 ref = mp->mnt_ref; 1624 CPU_FOREACH(cpu) { 1625 count = zpcpu_get_cpu(mp->mnt_ref_pcpu, cpu); 1626 printf("%d ", *count); 1627 ref += *count; 1628 } 1629 printf("\n"); 1630 printf(" lockref : "); 1631 lockref = mp->mnt_lockref; 1632 CPU_FOREACH(cpu) { 1633 count = zpcpu_get_cpu(mp->mnt_lockref_pcpu, cpu); 1634 printf("%d ", *count); 1635 lockref += *count; 1636 } 1637 printf("\n"); 1638 printf("writeopcount: "); 1639 writeopcount = mp->mnt_writeopcount; 1640 CPU_FOREACH(cpu) { 1641 count = zpcpu_get_cpu(mp->mnt_writeopcount_pcpu, cpu); 1642 printf("%d ", *count); 1643 writeopcount += *count; 1644 } 1645 printf("\n"); 1646 1647 printf("counter struct total\n"); 1648 printf("ref %-5d %-5d\n", mp->mnt_ref, ref); 1649 printf("lockref %-5d %-5d\n", mp->mnt_lockref, lockref); 1650 printf("writeopcount %-5d %-5d\n", mp->mnt_writeopcount, writeopcount); 1651 1652 panic("invalid counts on struct mount"); 1653 } 1654 #endif 1655 1656 int 1657 vfs_mount_fetch_counter(struct mount *mp, enum mount_counter which) 1658 { 1659 int *base, *pcpu; 1660 int cpu, sum; 1661 1662 switch (which) { 1663 case MNT_COUNT_REF: 1664 base = &mp->mnt_ref; 1665 pcpu = mp->mnt_ref_pcpu; 1666 break; 1667 case MNT_COUNT_LOCKREF: 1668 base = &mp->mnt_lockref; 1669 pcpu = mp->mnt_lockref_pcpu; 1670 break; 1671 case MNT_COUNT_WRITEOPCOUNT: 1672 base = &mp->mnt_writeopcount; 1673 pcpu = mp->mnt_writeopcount_pcpu; 1674 break; 1675 } 1676 1677 sum = *base; 1678 CPU_FOREACH(cpu) { 1679 sum += *zpcpu_get_cpu(pcpu, cpu); 1680 } 1681 return (sum); 1682 } 1683 1684 /* 1685 * Do the actual filesystem unmount. 1686 */ 1687 int 1688 dounmount(struct mount *mp, int flags, struct thread *td) 1689 { 1690 struct vnode *coveredvp, *rootvp; 1691 int error; 1692 uint64_t async_flag; 1693 int mnt_gen_r; 1694 1695 if ((coveredvp = mp->mnt_vnodecovered) != NULL) { 1696 mnt_gen_r = mp->mnt_gen; 1697 VI_LOCK(coveredvp); 1698 vholdl(coveredvp); 1699 vn_lock(coveredvp, LK_EXCLUSIVE | LK_INTERLOCK | LK_RETRY); 1700 /* 1701 * Check for mp being unmounted while waiting for the 1702 * covered vnode lock. 1703 */ 1704 if (coveredvp->v_mountedhere != mp || 1705 coveredvp->v_mountedhere->mnt_gen != mnt_gen_r) { 1706 VOP_UNLOCK(coveredvp); 1707 vdrop(coveredvp); 1708 vfs_rel(mp); 1709 return (EBUSY); 1710 } 1711 } 1712 1713 /* 1714 * Only privileged root, or (if MNT_USER is set) the user that did the 1715 * original mount is permitted to unmount this filesystem. 1716 */ 1717 error = vfs_suser(mp, td); 1718 if (error != 0) { 1719 if (coveredvp != NULL) { 1720 VOP_UNLOCK(coveredvp); 1721 vdrop(coveredvp); 1722 } 1723 vfs_rel(mp); 1724 return (error); 1725 } 1726 1727 vfs_op_enter(mp); 1728 1729 vn_start_write(NULL, &mp, V_WAIT | V_MNTREF); 1730 MNT_ILOCK(mp); 1731 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0 || 1732 (mp->mnt_flag & MNT_UPDATE) != 0 || 1733 !TAILQ_EMPTY(&mp->mnt_uppers)) { 1734 dounmount_cleanup(mp, coveredvp, 0); 1735 return (EBUSY); 1736 } 1737 mp->mnt_kern_flag |= MNTK_UNMOUNT; 1738 rootvp = vfs_cache_root_clear(mp); 1739 if (coveredvp != NULL) 1740 vn_seqc_write_begin(coveredvp); 1741 if (flags & MNT_NONBUSY) { 1742 MNT_IUNLOCK(mp); 1743 error = vfs_check_usecounts(mp); 1744 MNT_ILOCK(mp); 1745 if (error != 0) { 1746 vn_seqc_write_end(coveredvp); 1747 dounmount_cleanup(mp, coveredvp, MNTK_UNMOUNT); 1748 if (rootvp != NULL) { 1749 vn_seqc_write_end(rootvp); 1750 vrele(rootvp); 1751 } 1752 return (error); 1753 } 1754 } 1755 /* Allow filesystems to detect that a forced unmount is in progress. */ 1756 if (flags & MNT_FORCE) { 1757 mp->mnt_kern_flag |= MNTK_UNMOUNTF; 1758 MNT_IUNLOCK(mp); 1759 /* 1760 * Must be done after setting MNTK_UNMOUNTF and before 1761 * waiting for mnt_lockref to become 0. 1762 */ 1763 VFS_PURGE(mp); 1764 MNT_ILOCK(mp); 1765 } 1766 error = 0; 1767 if (mp->mnt_lockref) { 1768 mp->mnt_kern_flag |= MNTK_DRAINING; 1769 error = msleep(&mp->mnt_lockref, MNT_MTX(mp), PVFS, 1770 "mount drain", 0); 1771 } 1772 MNT_IUNLOCK(mp); 1773 KASSERT(mp->mnt_lockref == 0, 1774 ("%s: invalid lock refcount in the drain path @ %s:%d", 1775 __func__, __FILE__, __LINE__)); 1776 KASSERT(error == 0, 1777 ("%s: invalid return value for msleep in the drain path @ %s:%d", 1778 __func__, __FILE__, __LINE__)); 1779 1780 /* 1781 * We want to keep the vnode around so that we can vn_seqc_write_end 1782 * after we are done with unmount. Downgrade our reference to a mere 1783 * hold count so that we don't interefere with anything. 1784 */ 1785 if (rootvp != NULL) { 1786 vhold(rootvp); 1787 vrele(rootvp); 1788 } 1789 1790 if (mp->mnt_flag & MNT_EXPUBLIC) 1791 vfs_setpublicfs(NULL, NULL, NULL); 1792 1793 vfs_periodic(mp, MNT_WAIT); 1794 MNT_ILOCK(mp); 1795 async_flag = mp->mnt_flag & MNT_ASYNC; 1796 mp->mnt_flag &= ~MNT_ASYNC; 1797 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1798 MNT_IUNLOCK(mp); 1799 cache_purgevfs(mp, false); /* remove cache entries for this file sys */ 1800 vfs_deallocate_syncvnode(mp); 1801 error = VFS_UNMOUNT(mp, flags); 1802 vn_finished_write(mp); 1803 /* 1804 * If we failed to flush the dirty blocks for this mount point, 1805 * undo all the cdir/rdir and rootvnode changes we made above. 1806 * Unless we failed to do so because the device is reporting that 1807 * it doesn't exist anymore. 1808 */ 1809 if (error && error != ENXIO) { 1810 MNT_ILOCK(mp); 1811 if ((mp->mnt_flag & MNT_RDONLY) == 0) { 1812 MNT_IUNLOCK(mp); 1813 vfs_allocate_syncvnode(mp); 1814 MNT_ILOCK(mp); 1815 } 1816 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF); 1817 mp->mnt_flag |= async_flag; 1818 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 1819 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 1820 mp->mnt_kern_flag |= MNTK_ASYNC; 1821 if (mp->mnt_kern_flag & MNTK_MWAIT) { 1822 mp->mnt_kern_flag &= ~MNTK_MWAIT; 1823 wakeup(mp); 1824 } 1825 vfs_op_exit_locked(mp); 1826 MNT_IUNLOCK(mp); 1827 if (coveredvp) { 1828 vn_seqc_write_end(coveredvp); 1829 VOP_UNLOCK(coveredvp); 1830 vdrop(coveredvp); 1831 } 1832 if (rootvp != NULL) { 1833 vn_seqc_write_end(rootvp); 1834 vdrop(rootvp); 1835 } 1836 return (error); 1837 } 1838 mtx_lock(&mountlist_mtx); 1839 TAILQ_REMOVE(&mountlist, mp, mnt_list); 1840 mtx_unlock(&mountlist_mtx); 1841 EVENTHANDLER_DIRECT_INVOKE(vfs_unmounted, mp, td); 1842 if (coveredvp != NULL) { 1843 coveredvp->v_mountedhere = NULL; 1844 vn_seqc_write_end(coveredvp); 1845 VOP_UNLOCK(coveredvp); 1846 vdrop(coveredvp); 1847 } 1848 if (rootvp != NULL) { 1849 vn_seqc_write_end(rootvp); 1850 vdrop(rootvp); 1851 } 1852 vfs_event_signal(NULL, VQ_UNMOUNT, 0); 1853 if (rootvnode != NULL && mp == rootvnode->v_mount) { 1854 vrele(rootvnode); 1855 rootvnode = NULL; 1856 } 1857 if (mp == rootdevmp) 1858 rootdevmp = NULL; 1859 vfs_mount_destroy(mp); 1860 return (0); 1861 } 1862 1863 /* 1864 * Report errors during filesystem mounting. 1865 */ 1866 void 1867 vfs_mount_error(struct mount *mp, const char *fmt, ...) 1868 { 1869 struct vfsoptlist *moptlist = mp->mnt_optnew; 1870 va_list ap; 1871 int error, len; 1872 char *errmsg; 1873 1874 error = vfs_getopt(moptlist, "errmsg", (void **)&errmsg, &len); 1875 if (error || errmsg == NULL || len <= 0) 1876 return; 1877 1878 va_start(ap, fmt); 1879 vsnprintf(errmsg, (size_t)len, fmt, ap); 1880 va_end(ap); 1881 } 1882 1883 void 1884 vfs_opterror(struct vfsoptlist *opts, const char *fmt, ...) 1885 { 1886 va_list ap; 1887 int error, len; 1888 char *errmsg; 1889 1890 error = vfs_getopt(opts, "errmsg", (void **)&errmsg, &len); 1891 if (error || errmsg == NULL || len <= 0) 1892 return; 1893 1894 va_start(ap, fmt); 1895 vsnprintf(errmsg, (size_t)len, fmt, ap); 1896 va_end(ap); 1897 } 1898 1899 /* 1900 * --------------------------------------------------------------------- 1901 * Functions for querying mount options/arguments from filesystems. 1902 */ 1903 1904 /* 1905 * Check that no unknown options are given 1906 */ 1907 int 1908 vfs_filteropt(struct vfsoptlist *opts, const char **legal) 1909 { 1910 struct vfsopt *opt; 1911 char errmsg[255]; 1912 const char **t, *p, *q; 1913 int ret = 0; 1914 1915 TAILQ_FOREACH(opt, opts, link) { 1916 p = opt->name; 1917 q = NULL; 1918 if (p[0] == 'n' && p[1] == 'o') 1919 q = p + 2; 1920 for(t = global_opts; *t != NULL; t++) { 1921 if (strcmp(*t, p) == 0) 1922 break; 1923 if (q != NULL) { 1924 if (strcmp(*t, q) == 0) 1925 break; 1926 } 1927 } 1928 if (*t != NULL) 1929 continue; 1930 for(t = legal; *t != NULL; t++) { 1931 if (strcmp(*t, p) == 0) 1932 break; 1933 if (q != NULL) { 1934 if (strcmp(*t, q) == 0) 1935 break; 1936 } 1937 } 1938 if (*t != NULL) 1939 continue; 1940 snprintf(errmsg, sizeof(errmsg), 1941 "mount option <%s> is unknown", p); 1942 ret = EINVAL; 1943 } 1944 if (ret != 0) { 1945 TAILQ_FOREACH(opt, opts, link) { 1946 if (strcmp(opt->name, "errmsg") == 0) { 1947 strncpy((char *)opt->value, errmsg, opt->len); 1948 break; 1949 } 1950 } 1951 if (opt == NULL) 1952 printf("%s\n", errmsg); 1953 } 1954 return (ret); 1955 } 1956 1957 /* 1958 * Get a mount option by its name. 1959 * 1960 * Return 0 if the option was found, ENOENT otherwise. 1961 * If len is non-NULL it will be filled with the length 1962 * of the option. If buf is non-NULL, it will be filled 1963 * with the address of the option. 1964 */ 1965 int 1966 vfs_getopt(struct vfsoptlist *opts, const char *name, void **buf, int *len) 1967 { 1968 struct vfsopt *opt; 1969 1970 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL")); 1971 1972 TAILQ_FOREACH(opt, opts, link) { 1973 if (strcmp(name, opt->name) == 0) { 1974 opt->seen = 1; 1975 if (len != NULL) 1976 *len = opt->len; 1977 if (buf != NULL) 1978 *buf = opt->value; 1979 return (0); 1980 } 1981 } 1982 return (ENOENT); 1983 } 1984 1985 int 1986 vfs_getopt_pos(struct vfsoptlist *opts, const char *name) 1987 { 1988 struct vfsopt *opt; 1989 1990 if (opts == NULL) 1991 return (-1); 1992 1993 TAILQ_FOREACH(opt, opts, link) { 1994 if (strcmp(name, opt->name) == 0) { 1995 opt->seen = 1; 1996 return (opt->pos); 1997 } 1998 } 1999 return (-1); 2000 } 2001 2002 int 2003 vfs_getopt_size(struct vfsoptlist *opts, const char *name, off_t *value) 2004 { 2005 char *opt_value, *vtp; 2006 quad_t iv; 2007 int error, opt_len; 2008 2009 error = vfs_getopt(opts, name, (void **)&opt_value, &opt_len); 2010 if (error != 0) 2011 return (error); 2012 if (opt_len == 0 || opt_value == NULL) 2013 return (EINVAL); 2014 if (opt_value[0] == '\0' || opt_value[opt_len - 1] != '\0') 2015 return (EINVAL); 2016 iv = strtoq(opt_value, &vtp, 0); 2017 if (vtp == opt_value || (vtp[0] != '\0' && vtp[1] != '\0')) 2018 return (EINVAL); 2019 if (iv < 0) 2020 return (EINVAL); 2021 switch (vtp[0]) { 2022 case 't': case 'T': 2023 iv *= 1024; 2024 /* FALLTHROUGH */ 2025 case 'g': case 'G': 2026 iv *= 1024; 2027 /* FALLTHROUGH */ 2028 case 'm': case 'M': 2029 iv *= 1024; 2030 /* FALLTHROUGH */ 2031 case 'k': case 'K': 2032 iv *= 1024; 2033 case '\0': 2034 break; 2035 default: 2036 return (EINVAL); 2037 } 2038 *value = iv; 2039 2040 return (0); 2041 } 2042 2043 char * 2044 vfs_getopts(struct vfsoptlist *opts, const char *name, int *error) 2045 { 2046 struct vfsopt *opt; 2047 2048 *error = 0; 2049 TAILQ_FOREACH(opt, opts, link) { 2050 if (strcmp(name, opt->name) != 0) 2051 continue; 2052 opt->seen = 1; 2053 if (opt->len == 0 || 2054 ((char *)opt->value)[opt->len - 1] != '\0') { 2055 *error = EINVAL; 2056 return (NULL); 2057 } 2058 return (opt->value); 2059 } 2060 *error = ENOENT; 2061 return (NULL); 2062 } 2063 2064 int 2065 vfs_flagopt(struct vfsoptlist *opts, const char *name, uint64_t *w, 2066 uint64_t val) 2067 { 2068 struct vfsopt *opt; 2069 2070 TAILQ_FOREACH(opt, opts, link) { 2071 if (strcmp(name, opt->name) == 0) { 2072 opt->seen = 1; 2073 if (w != NULL) 2074 *w |= val; 2075 return (1); 2076 } 2077 } 2078 if (w != NULL) 2079 *w &= ~val; 2080 return (0); 2081 } 2082 2083 int 2084 vfs_scanopt(struct vfsoptlist *opts, const char *name, const char *fmt, ...) 2085 { 2086 va_list ap; 2087 struct vfsopt *opt; 2088 int ret; 2089 2090 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL")); 2091 2092 TAILQ_FOREACH(opt, opts, link) { 2093 if (strcmp(name, opt->name) != 0) 2094 continue; 2095 opt->seen = 1; 2096 if (opt->len == 0 || opt->value == NULL) 2097 return (0); 2098 if (((char *)opt->value)[opt->len - 1] != '\0') 2099 return (0); 2100 va_start(ap, fmt); 2101 ret = vsscanf(opt->value, fmt, ap); 2102 va_end(ap); 2103 return (ret); 2104 } 2105 return (0); 2106 } 2107 2108 int 2109 vfs_setopt(struct vfsoptlist *opts, const char *name, void *value, int len) 2110 { 2111 struct vfsopt *opt; 2112 2113 TAILQ_FOREACH(opt, opts, link) { 2114 if (strcmp(name, opt->name) != 0) 2115 continue; 2116 opt->seen = 1; 2117 if (opt->value == NULL) 2118 opt->len = len; 2119 else { 2120 if (opt->len != len) 2121 return (EINVAL); 2122 bcopy(value, opt->value, len); 2123 } 2124 return (0); 2125 } 2126 return (ENOENT); 2127 } 2128 2129 int 2130 vfs_setopt_part(struct vfsoptlist *opts, const char *name, void *value, int len) 2131 { 2132 struct vfsopt *opt; 2133 2134 TAILQ_FOREACH(opt, opts, link) { 2135 if (strcmp(name, opt->name) != 0) 2136 continue; 2137 opt->seen = 1; 2138 if (opt->value == NULL) 2139 opt->len = len; 2140 else { 2141 if (opt->len < len) 2142 return (EINVAL); 2143 opt->len = len; 2144 bcopy(value, opt->value, len); 2145 } 2146 return (0); 2147 } 2148 return (ENOENT); 2149 } 2150 2151 int 2152 vfs_setopts(struct vfsoptlist *opts, const char *name, const char *value) 2153 { 2154 struct vfsopt *opt; 2155 2156 TAILQ_FOREACH(opt, opts, link) { 2157 if (strcmp(name, opt->name) != 0) 2158 continue; 2159 opt->seen = 1; 2160 if (opt->value == NULL) 2161 opt->len = strlen(value) + 1; 2162 else if (strlcpy(opt->value, value, opt->len) >= opt->len) 2163 return (EINVAL); 2164 return (0); 2165 } 2166 return (ENOENT); 2167 } 2168 2169 /* 2170 * Find and copy a mount option. 2171 * 2172 * The size of the buffer has to be specified 2173 * in len, if it is not the same length as the 2174 * mount option, EINVAL is returned. 2175 * Returns ENOENT if the option is not found. 2176 */ 2177 int 2178 vfs_copyopt(struct vfsoptlist *opts, const char *name, void *dest, int len) 2179 { 2180 struct vfsopt *opt; 2181 2182 KASSERT(opts != NULL, ("vfs_copyopt: caller passed 'opts' as NULL")); 2183 2184 TAILQ_FOREACH(opt, opts, link) { 2185 if (strcmp(name, opt->name) == 0) { 2186 opt->seen = 1; 2187 if (len != opt->len) 2188 return (EINVAL); 2189 bcopy(opt->value, dest, opt->len); 2190 return (0); 2191 } 2192 } 2193 return (ENOENT); 2194 } 2195 2196 int 2197 __vfs_statfs(struct mount *mp, struct statfs *sbp) 2198 { 2199 2200 /* 2201 * Filesystems only fill in part of the structure for updates, we 2202 * have to read the entirety first to get all content. 2203 */ 2204 if (sbp != &mp->mnt_stat) 2205 memcpy(sbp, &mp->mnt_stat, sizeof(*sbp)); 2206 2207 /* 2208 * Set these in case the underlying filesystem fails to do so. 2209 */ 2210 sbp->f_version = STATFS_VERSION; 2211 sbp->f_namemax = NAME_MAX; 2212 sbp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; 2213 2214 return (mp->mnt_op->vfs_statfs(mp, sbp)); 2215 } 2216 2217 void 2218 vfs_mountedfrom(struct mount *mp, const char *from) 2219 { 2220 2221 bzero(mp->mnt_stat.f_mntfromname, sizeof mp->mnt_stat.f_mntfromname); 2222 strlcpy(mp->mnt_stat.f_mntfromname, from, 2223 sizeof mp->mnt_stat.f_mntfromname); 2224 } 2225 2226 /* 2227 * --------------------------------------------------------------------- 2228 * This is the api for building mount args and mounting filesystems from 2229 * inside the kernel. 2230 * 2231 * The API works by accumulation of individual args. First error is 2232 * latched. 2233 * 2234 * XXX: should be documented in new manpage kernel_mount(9) 2235 */ 2236 2237 /* A memory allocation which must be freed when we are done */ 2238 struct mntaarg { 2239 SLIST_ENTRY(mntaarg) next; 2240 }; 2241 2242 /* The header for the mount arguments */ 2243 struct mntarg { 2244 struct iovec *v; 2245 int len; 2246 int error; 2247 SLIST_HEAD(, mntaarg) list; 2248 }; 2249 2250 /* 2251 * Add a boolean argument. 2252 * 2253 * flag is the boolean value. 2254 * name must start with "no". 2255 */ 2256 struct mntarg * 2257 mount_argb(struct mntarg *ma, int flag, const char *name) 2258 { 2259 2260 KASSERT(name[0] == 'n' && name[1] == 'o', 2261 ("mount_argb(...,%s): name must start with 'no'", name)); 2262 2263 return (mount_arg(ma, name + (flag ? 2 : 0), NULL, 0)); 2264 } 2265 2266 /* 2267 * Add an argument printf style 2268 */ 2269 struct mntarg * 2270 mount_argf(struct mntarg *ma, const char *name, const char *fmt, ...) 2271 { 2272 va_list ap; 2273 struct mntaarg *maa; 2274 struct sbuf *sb; 2275 int len; 2276 2277 if (ma == NULL) { 2278 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2279 SLIST_INIT(&ma->list); 2280 } 2281 if (ma->error) 2282 return (ma); 2283 2284 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2), 2285 M_MOUNT, M_WAITOK); 2286 ma->v[ma->len].iov_base = (void *)(uintptr_t)name; 2287 ma->v[ma->len].iov_len = strlen(name) + 1; 2288 ma->len++; 2289 2290 sb = sbuf_new_auto(); 2291 va_start(ap, fmt); 2292 sbuf_vprintf(sb, fmt, ap); 2293 va_end(ap); 2294 sbuf_finish(sb); 2295 len = sbuf_len(sb) + 1; 2296 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO); 2297 SLIST_INSERT_HEAD(&ma->list, maa, next); 2298 bcopy(sbuf_data(sb), maa + 1, len); 2299 sbuf_delete(sb); 2300 2301 ma->v[ma->len].iov_base = maa + 1; 2302 ma->v[ma->len].iov_len = len; 2303 ma->len++; 2304 2305 return (ma); 2306 } 2307 2308 /* 2309 * Add an argument which is a userland string. 2310 */ 2311 struct mntarg * 2312 mount_argsu(struct mntarg *ma, const char *name, const void *val, int len) 2313 { 2314 struct mntaarg *maa; 2315 char *tbuf; 2316 2317 if (val == NULL) 2318 return (ma); 2319 if (ma == NULL) { 2320 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2321 SLIST_INIT(&ma->list); 2322 } 2323 if (ma->error) 2324 return (ma); 2325 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO); 2326 SLIST_INSERT_HEAD(&ma->list, maa, next); 2327 tbuf = (void *)(maa + 1); 2328 ma->error = copyinstr(val, tbuf, len, NULL); 2329 return (mount_arg(ma, name, tbuf, -1)); 2330 } 2331 2332 /* 2333 * Plain argument. 2334 * 2335 * If length is -1, treat value as a C string. 2336 */ 2337 struct mntarg * 2338 mount_arg(struct mntarg *ma, const char *name, const void *val, int len) 2339 { 2340 2341 if (ma == NULL) { 2342 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2343 SLIST_INIT(&ma->list); 2344 } 2345 if (ma->error) 2346 return (ma); 2347 2348 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2), 2349 M_MOUNT, M_WAITOK); 2350 ma->v[ma->len].iov_base = (void *)(uintptr_t)name; 2351 ma->v[ma->len].iov_len = strlen(name) + 1; 2352 ma->len++; 2353 2354 ma->v[ma->len].iov_base = (void *)(uintptr_t)val; 2355 if (len < 0) 2356 ma->v[ma->len].iov_len = strlen(val) + 1; 2357 else 2358 ma->v[ma->len].iov_len = len; 2359 ma->len++; 2360 return (ma); 2361 } 2362 2363 /* 2364 * Free a mntarg structure 2365 */ 2366 static void 2367 free_mntarg(struct mntarg *ma) 2368 { 2369 struct mntaarg *maa; 2370 2371 while (!SLIST_EMPTY(&ma->list)) { 2372 maa = SLIST_FIRST(&ma->list); 2373 SLIST_REMOVE_HEAD(&ma->list, next); 2374 free(maa, M_MOUNT); 2375 } 2376 free(ma->v, M_MOUNT); 2377 free(ma, M_MOUNT); 2378 } 2379 2380 /* 2381 * Mount a filesystem 2382 */ 2383 int 2384 kernel_mount(struct mntarg *ma, uint64_t flags) 2385 { 2386 struct uio auio; 2387 int error; 2388 2389 KASSERT(ma != NULL, ("kernel_mount NULL ma")); 2390 KASSERT(ma->v != NULL, ("kernel_mount NULL ma->v")); 2391 KASSERT(!(ma->len & 1), ("kernel_mount odd ma->len (%d)", ma->len)); 2392 2393 auio.uio_iov = ma->v; 2394 auio.uio_iovcnt = ma->len; 2395 auio.uio_segflg = UIO_SYSSPACE; 2396 2397 error = ma->error; 2398 if (!error) 2399 error = vfs_donmount(curthread, flags, &auio); 2400 free_mntarg(ma); 2401 return (error); 2402 } 2403 2404 /* 2405 * A printflike function to mount a filesystem. 2406 */ 2407 int 2408 kernel_vmount(int flags, ...) 2409 { 2410 struct mntarg *ma = NULL; 2411 va_list ap; 2412 const char *cp; 2413 const void *vp; 2414 int error; 2415 2416 va_start(ap, flags); 2417 for (;;) { 2418 cp = va_arg(ap, const char *); 2419 if (cp == NULL) 2420 break; 2421 vp = va_arg(ap, const void *); 2422 ma = mount_arg(ma, cp, vp, (vp != NULL ? -1 : 0)); 2423 } 2424 va_end(ap); 2425 2426 error = kernel_mount(ma, flags); 2427 return (error); 2428 } 2429