1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1999-2004 Poul-Henning Kamp 5 * Copyright (c) 1999 Michael Smith 6 * Copyright (c) 1989, 1993 7 * The Regents of the University of California. All rights reserved. 8 * (c) UNIX System Laboratories, Inc. 9 * All or some portions of this file are derived from material licensed 10 * to the University of California by American Telephone and Telegraph 11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 12 * the permission of UNIX System Laboratories, Inc. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 */ 38 39 #include <sys/cdefs.h> 40 #include <sys/param.h> 41 #include <sys/conf.h> 42 #include <sys/smp.h> 43 #include <sys/devctl.h> 44 #include <sys/eventhandler.h> 45 #include <sys/fcntl.h> 46 #include <sys/jail.h> 47 #include <sys/kernel.h> 48 #include <sys/ktr.h> 49 #include <sys/libkern.h> 50 #include <sys/limits.h> 51 #include <sys/malloc.h> 52 #include <sys/mount.h> 53 #include <sys/mutex.h> 54 #include <sys/namei.h> 55 #include <sys/priv.h> 56 #include <sys/proc.h> 57 #include <sys/filedesc.h> 58 #include <sys/reboot.h> 59 #include <sys/sbuf.h> 60 #include <sys/syscallsubr.h> 61 #include <sys/sysproto.h> 62 #include <sys/sx.h> 63 #include <sys/sysctl.h> 64 #include <sys/systm.h> 65 #include <sys/taskqueue.h> 66 #include <sys/vnode.h> 67 #include <vm/uma.h> 68 69 #include <geom/geom.h> 70 71 #include <machine/stdarg.h> 72 73 #include <security/audit/audit.h> 74 #include <security/mac/mac_framework.h> 75 76 #define VFS_MOUNTARG_SIZE_MAX (1024 * 64) 77 78 static int vfs_domount(struct thread *td, const char *fstype, char *fspath, 79 uint64_t fsflags, bool jail_export, 80 struct vfsoptlist **optlist); 81 static void free_mntarg(struct mntarg *ma); 82 83 static int usermount = 0; 84 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0, 85 "Unprivileged users may mount and unmount file systems"); 86 87 static bool default_autoro = false; 88 SYSCTL_BOOL(_vfs, OID_AUTO, default_autoro, CTLFLAG_RW, &default_autoro, 0, 89 "Retry failed r/w mount as r/o if no explicit ro/rw option is specified"); 90 91 static bool recursive_forced_unmount = false; 92 SYSCTL_BOOL(_vfs, OID_AUTO, recursive_forced_unmount, CTLFLAG_RW, 93 &recursive_forced_unmount, 0, "Recursively unmount stacked upper mounts" 94 " when a file system is forcibly unmounted"); 95 96 static SYSCTL_NODE(_vfs, OID_AUTO, deferred_unmount, 97 CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "deferred unmount controls"); 98 99 static unsigned int deferred_unmount_retry_limit = 10; 100 SYSCTL_UINT(_vfs_deferred_unmount, OID_AUTO, retry_limit, CTLFLAG_RW, 101 &deferred_unmount_retry_limit, 0, 102 "Maximum number of retries for deferred unmount failure"); 103 104 static int deferred_unmount_retry_delay_hz; 105 SYSCTL_INT(_vfs_deferred_unmount, OID_AUTO, retry_delay_hz, CTLFLAG_RW, 106 &deferred_unmount_retry_delay_hz, 0, 107 "Delay in units of [1/kern.hz]s when retrying a failed deferred unmount"); 108 109 static int deferred_unmount_total_retries = 0; 110 SYSCTL_INT(_vfs_deferred_unmount, OID_AUTO, total_retries, CTLFLAG_RD, 111 &deferred_unmount_total_retries, 0, 112 "Total number of retried deferred unmounts"); 113 114 MALLOC_DEFINE(M_MOUNT, "mount", "vfs mount structure"); 115 MALLOC_DEFINE(M_STATFS, "statfs", "statfs structure"); 116 static uma_zone_t mount_zone; 117 118 /* List of mounted filesystems. */ 119 struct mntlist mountlist = TAILQ_HEAD_INITIALIZER(mountlist); 120 121 /* For any iteration/modification of mountlist */ 122 struct mtx_padalign __exclusive_cache_line mountlist_mtx; 123 124 EVENTHANDLER_LIST_DEFINE(vfs_mounted); 125 EVENTHANDLER_LIST_DEFINE(vfs_unmounted); 126 127 static void vfs_deferred_unmount(void *arg, int pending); 128 static struct timeout_task deferred_unmount_task; 129 static struct mtx deferred_unmount_lock; 130 MTX_SYSINIT(deferred_unmount, &deferred_unmount_lock, "deferred_unmount", 131 MTX_DEF); 132 static STAILQ_HEAD(, mount) deferred_unmount_list = 133 STAILQ_HEAD_INITIALIZER(deferred_unmount_list); 134 TASKQUEUE_DEFINE_THREAD(deferred_unmount); 135 136 static void mount_devctl_event(const char *type, struct mount *mp, bool donew); 137 138 /* 139 * Global opts, taken by all filesystems 140 */ 141 static const char *global_opts[] = { 142 "errmsg", 143 "fstype", 144 "fspath", 145 "ro", 146 "rw", 147 "nosuid", 148 "noexec", 149 NULL 150 }; 151 152 static int 153 mount_init(void *mem, int size, int flags) 154 { 155 struct mount *mp; 156 157 mp = (struct mount *)mem; 158 mtx_init(&mp->mnt_mtx, "struct mount mtx", NULL, MTX_DEF); 159 mtx_init(&mp->mnt_listmtx, "struct mount vlist mtx", NULL, MTX_DEF); 160 lockinit(&mp->mnt_explock, PVFS, "explock", 0, 0); 161 mp->mnt_pcpu = uma_zalloc_pcpu(pcpu_zone_16, M_WAITOK | M_ZERO); 162 mp->mnt_ref = 0; 163 mp->mnt_vfs_ops = 1; 164 mp->mnt_rootvnode = NULL; 165 return (0); 166 } 167 168 static void 169 mount_fini(void *mem, int size) 170 { 171 struct mount *mp; 172 173 mp = (struct mount *)mem; 174 uma_zfree_pcpu(pcpu_zone_16, mp->mnt_pcpu); 175 lockdestroy(&mp->mnt_explock); 176 mtx_destroy(&mp->mnt_listmtx); 177 mtx_destroy(&mp->mnt_mtx); 178 } 179 180 static void 181 vfs_mount_init(void *dummy __unused) 182 { 183 TIMEOUT_TASK_INIT(taskqueue_deferred_unmount, &deferred_unmount_task, 184 0, vfs_deferred_unmount, NULL); 185 deferred_unmount_retry_delay_hz = hz; 186 mount_zone = uma_zcreate("Mountpoints", sizeof(struct mount), NULL, 187 NULL, mount_init, mount_fini, UMA_ALIGN_CACHE, UMA_ZONE_NOFREE); 188 mtx_init(&mountlist_mtx, "mountlist", NULL, MTX_DEF); 189 } 190 SYSINIT(vfs_mount, SI_SUB_VFS, SI_ORDER_ANY, vfs_mount_init, NULL); 191 192 /* 193 * --------------------------------------------------------------------- 194 * Functions for building and sanitizing the mount options 195 */ 196 197 /* Remove one mount option. */ 198 static void 199 vfs_freeopt(struct vfsoptlist *opts, struct vfsopt *opt) 200 { 201 202 TAILQ_REMOVE(opts, opt, link); 203 free(opt->name, M_MOUNT); 204 if (opt->value != NULL) 205 free(opt->value, M_MOUNT); 206 free(opt, M_MOUNT); 207 } 208 209 /* Release all resources related to the mount options. */ 210 void 211 vfs_freeopts(struct vfsoptlist *opts) 212 { 213 struct vfsopt *opt; 214 215 while (!TAILQ_EMPTY(opts)) { 216 opt = TAILQ_FIRST(opts); 217 vfs_freeopt(opts, opt); 218 } 219 free(opts, M_MOUNT); 220 } 221 222 void 223 vfs_deleteopt(struct vfsoptlist *opts, const char *name) 224 { 225 struct vfsopt *opt, *temp; 226 227 if (opts == NULL) 228 return; 229 TAILQ_FOREACH_SAFE(opt, opts, link, temp) { 230 if (strcmp(opt->name, name) == 0) 231 vfs_freeopt(opts, opt); 232 } 233 } 234 235 static int 236 vfs_isopt_ro(const char *opt) 237 { 238 239 if (strcmp(opt, "ro") == 0 || strcmp(opt, "rdonly") == 0 || 240 strcmp(opt, "norw") == 0) 241 return (1); 242 return (0); 243 } 244 245 static int 246 vfs_isopt_rw(const char *opt) 247 { 248 249 if (strcmp(opt, "rw") == 0 || strcmp(opt, "noro") == 0) 250 return (1); 251 return (0); 252 } 253 254 /* 255 * Check if options are equal (with or without the "no" prefix). 256 */ 257 static int 258 vfs_equalopts(const char *opt1, const char *opt2) 259 { 260 char *p; 261 262 /* "opt" vs. "opt" or "noopt" vs. "noopt" */ 263 if (strcmp(opt1, opt2) == 0) 264 return (1); 265 /* "noopt" vs. "opt" */ 266 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0) 267 return (1); 268 /* "opt" vs. "noopt" */ 269 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0) 270 return (1); 271 while ((p = strchr(opt1, '.')) != NULL && 272 !strncmp(opt1, opt2, ++p - opt1)) { 273 opt2 += p - opt1; 274 opt1 = p; 275 /* "foo.noopt" vs. "foo.opt" */ 276 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0) 277 return (1); 278 /* "foo.opt" vs. "foo.noopt" */ 279 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0) 280 return (1); 281 } 282 /* "ro" / "rdonly" / "norw" / "rw" / "noro" */ 283 if ((vfs_isopt_ro(opt1) || vfs_isopt_rw(opt1)) && 284 (vfs_isopt_ro(opt2) || vfs_isopt_rw(opt2))) 285 return (1); 286 return (0); 287 } 288 289 /* 290 * If a mount option is specified several times, 291 * (with or without the "no" prefix) only keep 292 * the last occurrence of it. 293 */ 294 static void 295 vfs_sanitizeopts(struct vfsoptlist *opts) 296 { 297 struct vfsopt *opt, *opt2, *tmp; 298 299 TAILQ_FOREACH_REVERSE(opt, opts, vfsoptlist, link) { 300 opt2 = TAILQ_PREV(opt, vfsoptlist, link); 301 while (opt2 != NULL) { 302 if (vfs_equalopts(opt->name, opt2->name)) { 303 tmp = TAILQ_PREV(opt2, vfsoptlist, link); 304 vfs_freeopt(opts, opt2); 305 opt2 = tmp; 306 } else { 307 opt2 = TAILQ_PREV(opt2, vfsoptlist, link); 308 } 309 } 310 } 311 } 312 313 /* 314 * Build a linked list of mount options from a struct uio. 315 */ 316 int 317 vfs_buildopts(struct uio *auio, struct vfsoptlist **options) 318 { 319 struct vfsoptlist *opts; 320 struct vfsopt *opt; 321 size_t memused, namelen, optlen; 322 unsigned int i, iovcnt; 323 int error; 324 325 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK); 326 TAILQ_INIT(opts); 327 memused = 0; 328 iovcnt = auio->uio_iovcnt; 329 for (i = 0; i < iovcnt; i += 2) { 330 namelen = auio->uio_iov[i].iov_len; 331 optlen = auio->uio_iov[i + 1].iov_len; 332 memused += sizeof(struct vfsopt) + optlen + namelen; 333 /* 334 * Avoid consuming too much memory, and attempts to overflow 335 * memused. 336 */ 337 if (memused > VFS_MOUNTARG_SIZE_MAX || 338 optlen > VFS_MOUNTARG_SIZE_MAX || 339 namelen > VFS_MOUNTARG_SIZE_MAX) { 340 error = EINVAL; 341 goto bad; 342 } 343 344 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK); 345 opt->name = malloc(namelen, M_MOUNT, M_WAITOK); 346 opt->value = NULL; 347 opt->len = 0; 348 opt->pos = i / 2; 349 opt->seen = 0; 350 351 /* 352 * Do this early, so jumps to "bad" will free the current 353 * option. 354 */ 355 TAILQ_INSERT_TAIL(opts, opt, link); 356 357 if (auio->uio_segflg == UIO_SYSSPACE) { 358 bcopy(auio->uio_iov[i].iov_base, opt->name, namelen); 359 } else { 360 error = copyin(auio->uio_iov[i].iov_base, opt->name, 361 namelen); 362 if (error) 363 goto bad; 364 } 365 /* Ensure names are null-terminated strings. */ 366 if (namelen == 0 || opt->name[namelen - 1] != '\0') { 367 error = EINVAL; 368 goto bad; 369 } 370 if (optlen != 0) { 371 opt->len = optlen; 372 opt->value = malloc(optlen, M_MOUNT, M_WAITOK); 373 if (auio->uio_segflg == UIO_SYSSPACE) { 374 bcopy(auio->uio_iov[i + 1].iov_base, opt->value, 375 optlen); 376 } else { 377 error = copyin(auio->uio_iov[i + 1].iov_base, 378 opt->value, optlen); 379 if (error) 380 goto bad; 381 } 382 } 383 } 384 vfs_sanitizeopts(opts); 385 *options = opts; 386 return (0); 387 bad: 388 vfs_freeopts(opts); 389 return (error); 390 } 391 392 /* 393 * Merge the old mount options with the new ones passed 394 * in the MNT_UPDATE case. 395 * 396 * XXX: This function will keep a "nofoo" option in the new 397 * options. E.g, if the option's canonical name is "foo", 398 * "nofoo" ends up in the mount point's active options. 399 */ 400 static void 401 vfs_mergeopts(struct vfsoptlist *toopts, struct vfsoptlist *oldopts) 402 { 403 struct vfsopt *opt, *new; 404 405 TAILQ_FOREACH(opt, oldopts, link) { 406 new = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK); 407 new->name = strdup(opt->name, M_MOUNT); 408 if (opt->len != 0) { 409 new->value = malloc(opt->len, M_MOUNT, M_WAITOK); 410 bcopy(opt->value, new->value, opt->len); 411 } else 412 new->value = NULL; 413 new->len = opt->len; 414 new->seen = opt->seen; 415 TAILQ_INSERT_HEAD(toopts, new, link); 416 } 417 vfs_sanitizeopts(toopts); 418 } 419 420 /* 421 * Mount a filesystem. 422 */ 423 #ifndef _SYS_SYSPROTO_H_ 424 struct nmount_args { 425 struct iovec *iovp; 426 unsigned int iovcnt; 427 int flags; 428 }; 429 #endif 430 int 431 sys_nmount(struct thread *td, struct nmount_args *uap) 432 { 433 struct uio *auio; 434 int error; 435 u_int iovcnt; 436 uint64_t flags; 437 438 /* 439 * Mount flags are now 64-bits. On 32-bit archtectures only 440 * 32-bits are passed in, but from here on everything handles 441 * 64-bit flags correctly. 442 */ 443 flags = uap->flags; 444 445 AUDIT_ARG_FFLAGS(flags); 446 CTR4(KTR_VFS, "%s: iovp %p with iovcnt %d and flags %d", __func__, 447 uap->iovp, uap->iovcnt, flags); 448 449 /* 450 * Filter out MNT_ROOTFS. We do not want clients of nmount() in 451 * userspace to set this flag, but we must filter it out if we want 452 * MNT_UPDATE on the root file system to work. 453 * MNT_ROOTFS should only be set by the kernel when mounting its 454 * root file system. 455 */ 456 flags &= ~MNT_ROOTFS; 457 458 iovcnt = uap->iovcnt; 459 /* 460 * Check that we have an even number of iovec's 461 * and that we have at least two options. 462 */ 463 if ((iovcnt & 1) || (iovcnt < 4)) { 464 CTR2(KTR_VFS, "%s: failed for invalid iovcnt %d", __func__, 465 uap->iovcnt); 466 return (EINVAL); 467 } 468 469 error = copyinuio(uap->iovp, iovcnt, &auio); 470 if (error) { 471 CTR2(KTR_VFS, "%s: failed for invalid uio op with %d errno", 472 __func__, error); 473 return (error); 474 } 475 error = vfs_donmount(td, flags, auio); 476 477 free(auio, M_IOV); 478 return (error); 479 } 480 481 /* 482 * --------------------------------------------------------------------- 483 * Various utility functions 484 */ 485 486 /* 487 * Get a reference on a mount point from a vnode. 488 * 489 * The vnode is allowed to be passed unlocked and race against dooming. Note in 490 * such case there are no guarantees the referenced mount point will still be 491 * associated with it after the function returns. 492 */ 493 struct mount * 494 vfs_ref_from_vp(struct vnode *vp) 495 { 496 struct mount *mp; 497 struct mount_pcpu *mpcpu; 498 499 mp = atomic_load_ptr(&vp->v_mount); 500 if (__predict_false(mp == NULL)) { 501 return (mp); 502 } 503 if (vfs_op_thread_enter(mp, mpcpu)) { 504 if (__predict_true(mp == vp->v_mount)) { 505 vfs_mp_count_add_pcpu(mpcpu, ref, 1); 506 vfs_op_thread_exit(mp, mpcpu); 507 } else { 508 vfs_op_thread_exit(mp, mpcpu); 509 mp = NULL; 510 } 511 } else { 512 MNT_ILOCK(mp); 513 if (mp == vp->v_mount) { 514 MNT_REF(mp); 515 MNT_IUNLOCK(mp); 516 } else { 517 MNT_IUNLOCK(mp); 518 mp = NULL; 519 } 520 } 521 return (mp); 522 } 523 524 void 525 vfs_ref(struct mount *mp) 526 { 527 struct mount_pcpu *mpcpu; 528 529 CTR2(KTR_VFS, "%s: mp %p", __func__, mp); 530 if (vfs_op_thread_enter(mp, mpcpu)) { 531 vfs_mp_count_add_pcpu(mpcpu, ref, 1); 532 vfs_op_thread_exit(mp, mpcpu); 533 return; 534 } 535 536 MNT_ILOCK(mp); 537 MNT_REF(mp); 538 MNT_IUNLOCK(mp); 539 } 540 541 /* 542 * Register ump as an upper mount of the mount associated with 543 * vnode vp. This registration will be tracked through 544 * mount_upper_node upper, which should be allocated by the 545 * caller and stored in per-mount data associated with mp. 546 * 547 * If successful, this function will return the mount associated 548 * with vp, and will ensure that it cannot be unmounted until 549 * ump has been unregistered as one of its upper mounts. 550 * 551 * Upon failure this function will return NULL. 552 */ 553 struct mount * 554 vfs_register_upper_from_vp(struct vnode *vp, struct mount *ump, 555 struct mount_upper_node *upper) 556 { 557 struct mount *mp; 558 559 mp = atomic_load_ptr(&vp->v_mount); 560 if (mp == NULL) 561 return (NULL); 562 MNT_ILOCK(mp); 563 if (mp != vp->v_mount || 564 ((mp->mnt_kern_flag & (MNTK_UNMOUNT | MNTK_RECURSE)) != 0)) { 565 MNT_IUNLOCK(mp); 566 return (NULL); 567 } 568 KASSERT(ump != mp, ("upper and lower mounts are identical")); 569 upper->mp = ump; 570 MNT_REF(mp); 571 TAILQ_INSERT_TAIL(&mp->mnt_uppers, upper, mnt_upper_link); 572 MNT_IUNLOCK(mp); 573 return (mp); 574 } 575 576 /* 577 * Register upper mount ump to receive vnode unlink/reclaim 578 * notifications from lower mount mp. This registration will 579 * be tracked through mount_upper_node upper, which should be 580 * allocated by the caller and stored in per-mount data 581 * associated with mp. 582 * 583 * ump must already be registered as an upper mount of mp 584 * through a call to vfs_register_upper_from_vp(). 585 */ 586 void 587 vfs_register_for_notification(struct mount *mp, struct mount *ump, 588 struct mount_upper_node *upper) 589 { 590 upper->mp = ump; 591 MNT_ILOCK(mp); 592 TAILQ_INSERT_TAIL(&mp->mnt_notify, upper, mnt_upper_link); 593 MNT_IUNLOCK(mp); 594 } 595 596 static void 597 vfs_drain_upper_locked(struct mount *mp) 598 { 599 mtx_assert(MNT_MTX(mp), MA_OWNED); 600 while (mp->mnt_upper_pending != 0) { 601 mp->mnt_kern_flag |= MNTK_UPPER_WAITER; 602 msleep(&mp->mnt_uppers, MNT_MTX(mp), 0, "mntupw", 0); 603 } 604 } 605 606 /* 607 * Undo a previous call to vfs_register_for_notification(). 608 * The mount represented by upper must be currently registered 609 * as an upper mount for mp. 610 */ 611 void 612 vfs_unregister_for_notification(struct mount *mp, 613 struct mount_upper_node *upper) 614 { 615 MNT_ILOCK(mp); 616 vfs_drain_upper_locked(mp); 617 TAILQ_REMOVE(&mp->mnt_notify, upper, mnt_upper_link); 618 MNT_IUNLOCK(mp); 619 } 620 621 /* 622 * Undo a previous call to vfs_register_upper_from_vp(). 623 * This must be done before mp can be unmounted. 624 */ 625 void 626 vfs_unregister_upper(struct mount *mp, struct mount_upper_node *upper) 627 { 628 MNT_ILOCK(mp); 629 KASSERT((mp->mnt_kern_flag & MNTK_UNMOUNT) == 0, 630 ("registered upper with pending unmount")); 631 vfs_drain_upper_locked(mp); 632 TAILQ_REMOVE(&mp->mnt_uppers, upper, mnt_upper_link); 633 if ((mp->mnt_kern_flag & MNTK_TASKQUEUE_WAITER) != 0 && 634 TAILQ_EMPTY(&mp->mnt_uppers)) { 635 mp->mnt_kern_flag &= ~MNTK_TASKQUEUE_WAITER; 636 wakeup(&mp->mnt_taskqueue_link); 637 } 638 MNT_REL(mp); 639 MNT_IUNLOCK(mp); 640 } 641 642 void 643 vfs_rel(struct mount *mp) 644 { 645 struct mount_pcpu *mpcpu; 646 647 CTR2(KTR_VFS, "%s: mp %p", __func__, mp); 648 if (vfs_op_thread_enter(mp, mpcpu)) { 649 vfs_mp_count_sub_pcpu(mpcpu, ref, 1); 650 vfs_op_thread_exit(mp, mpcpu); 651 return; 652 } 653 654 MNT_ILOCK(mp); 655 MNT_REL(mp); 656 MNT_IUNLOCK(mp); 657 } 658 659 /* 660 * Allocate and initialize the mount point struct. 661 */ 662 struct mount * 663 vfs_mount_alloc(struct vnode *vp, struct vfsconf *vfsp, const char *fspath, 664 struct ucred *cred) 665 { 666 struct mount *mp; 667 668 mp = uma_zalloc(mount_zone, M_WAITOK); 669 bzero(&mp->mnt_startzero, 670 __rangeof(struct mount, mnt_startzero, mnt_endzero)); 671 mp->mnt_kern_flag = 0; 672 mp->mnt_flag = 0; 673 mp->mnt_rootvnode = NULL; 674 mp->mnt_vnodecovered = NULL; 675 mp->mnt_op = NULL; 676 mp->mnt_vfc = NULL; 677 TAILQ_INIT(&mp->mnt_nvnodelist); 678 mp->mnt_nvnodelistsize = 0; 679 TAILQ_INIT(&mp->mnt_lazyvnodelist); 680 mp->mnt_lazyvnodelistsize = 0; 681 MPPASS(mp->mnt_ref == 0 && mp->mnt_lockref == 0 && 682 mp->mnt_writeopcount == 0, mp); 683 MPASSERT(mp->mnt_vfs_ops == 1, mp, 684 ("vfs_ops should be 1 but %d found", mp->mnt_vfs_ops)); 685 (void) vfs_busy(mp, MBF_NOWAIT); 686 atomic_add_acq_int(&vfsp->vfc_refcount, 1); 687 mp->mnt_op = vfsp->vfc_vfsops; 688 mp->mnt_vfc = vfsp; 689 mp->mnt_stat.f_type = vfsp->vfc_typenum; 690 mp->mnt_gen++; 691 strlcpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN); 692 mp->mnt_vnodecovered = vp; 693 mp->mnt_cred = crdup(cred); 694 mp->mnt_stat.f_owner = cred->cr_uid; 695 strlcpy(mp->mnt_stat.f_mntonname, fspath, MNAMELEN); 696 mp->mnt_iosize_max = DFLTPHYS; 697 #ifdef MAC 698 mac_mount_init(mp); 699 mac_mount_create(cred, mp); 700 #endif 701 arc4rand(&mp->mnt_hashseed, sizeof mp->mnt_hashseed, 0); 702 mp->mnt_upper_pending = 0; 703 TAILQ_INIT(&mp->mnt_uppers); 704 TAILQ_INIT(&mp->mnt_notify); 705 mp->mnt_taskqueue_flags = 0; 706 mp->mnt_unmount_retries = 0; 707 return (mp); 708 } 709 710 /* 711 * Destroy the mount struct previously allocated by vfs_mount_alloc(). 712 */ 713 void 714 vfs_mount_destroy(struct mount *mp) 715 { 716 717 MPPASS(mp->mnt_vfs_ops != 0, mp); 718 719 vfs_assert_mount_counters(mp); 720 721 MNT_ILOCK(mp); 722 mp->mnt_kern_flag |= MNTK_REFEXPIRE; 723 if (mp->mnt_kern_flag & MNTK_MWAIT) { 724 mp->mnt_kern_flag &= ~MNTK_MWAIT; 725 wakeup(mp); 726 } 727 while (mp->mnt_ref) 728 msleep(mp, MNT_MTX(mp), PVFS, "mntref", 0); 729 KASSERT(mp->mnt_ref == 0, 730 ("%s: invalid refcount in the drain path @ %s:%d", __func__, 731 __FILE__, __LINE__)); 732 MPPASS(mp->mnt_writeopcount == 0, mp); 733 MPPASS(mp->mnt_secondary_writes == 0, mp); 734 atomic_subtract_rel_int(&mp->mnt_vfc->vfc_refcount, 1); 735 if (!TAILQ_EMPTY(&mp->mnt_nvnodelist)) { 736 struct vnode *vp; 737 738 TAILQ_FOREACH(vp, &mp->mnt_nvnodelist, v_nmntvnodes) 739 vn_printf(vp, "dangling vnode "); 740 panic("unmount: dangling vnode"); 741 } 742 KASSERT(mp->mnt_upper_pending == 0, ("mnt_upper_pending")); 743 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers")); 744 KASSERT(TAILQ_EMPTY(&mp->mnt_notify), ("mnt_notify")); 745 MPPASS(mp->mnt_nvnodelistsize == 0, mp); 746 MPPASS(mp->mnt_lazyvnodelistsize == 0, mp); 747 MPPASS(mp->mnt_lockref == 0, mp); 748 MNT_IUNLOCK(mp); 749 750 MPASSERT(mp->mnt_vfs_ops == 1, mp, 751 ("vfs_ops should be 1 but %d found", mp->mnt_vfs_ops)); 752 753 MPASSERT(mp->mnt_rootvnode == NULL, mp, 754 ("mount point still has a root vnode %p", mp->mnt_rootvnode)); 755 756 if (mp->mnt_vnodecovered != NULL) 757 vrele(mp->mnt_vnodecovered); 758 #ifdef MAC 759 mac_mount_destroy(mp); 760 #endif 761 if (mp->mnt_opt != NULL) 762 vfs_freeopts(mp->mnt_opt); 763 if (mp->mnt_exjail != NULL) { 764 atomic_subtract_int(&mp->mnt_exjail->cr_prison->pr_exportcnt, 765 1); 766 crfree(mp->mnt_exjail); 767 } 768 if (mp->mnt_export != NULL) { 769 vfs_free_addrlist(mp->mnt_export); 770 free(mp->mnt_export, M_MOUNT); 771 } 772 crfree(mp->mnt_cred); 773 uma_zfree(mount_zone, mp); 774 } 775 776 static bool 777 vfs_should_downgrade_to_ro_mount(uint64_t fsflags, int error) 778 { 779 /* This is an upgrade of an exisiting mount. */ 780 if ((fsflags & MNT_UPDATE) != 0) 781 return (false); 782 /* This is already an R/O mount. */ 783 if ((fsflags & MNT_RDONLY) != 0) 784 return (false); 785 786 switch (error) { 787 case ENODEV: /* generic, geom, ... */ 788 case EACCES: /* cam/scsi, ... */ 789 case EROFS: /* md, mmcsd, ... */ 790 /* 791 * These errors can be returned by the storage layer to signal 792 * that the media is read-only. No harm in the R/O mount 793 * attempt if the error was returned for some other reason. 794 */ 795 return (true); 796 default: 797 return (false); 798 } 799 } 800 801 int 802 vfs_donmount(struct thread *td, uint64_t fsflags, struct uio *fsoptions) 803 { 804 struct vfsoptlist *optlist; 805 struct vfsopt *opt, *tmp_opt; 806 char *fstype, *fspath, *errmsg; 807 int error, fstypelen, fspathlen, errmsg_len, errmsg_pos; 808 bool autoro, has_nonexport, jail_export; 809 810 errmsg = fspath = NULL; 811 errmsg_len = fspathlen = 0; 812 errmsg_pos = -1; 813 autoro = default_autoro; 814 815 error = vfs_buildopts(fsoptions, &optlist); 816 if (error) 817 return (error); 818 819 if (vfs_getopt(optlist, "errmsg", (void **)&errmsg, &errmsg_len) == 0) 820 errmsg_pos = vfs_getopt_pos(optlist, "errmsg"); 821 822 /* 823 * We need these two options before the others, 824 * and they are mandatory for any filesystem. 825 * Ensure they are NUL terminated as well. 826 */ 827 fstypelen = 0; 828 error = vfs_getopt(optlist, "fstype", (void **)&fstype, &fstypelen); 829 if (error || fstypelen <= 0 || fstype[fstypelen - 1] != '\0') { 830 error = EINVAL; 831 if (errmsg != NULL) 832 strncpy(errmsg, "Invalid fstype", errmsg_len); 833 goto bail; 834 } 835 fspathlen = 0; 836 error = vfs_getopt(optlist, "fspath", (void **)&fspath, &fspathlen); 837 if (error || fspathlen <= 0 || fspath[fspathlen - 1] != '\0') { 838 error = EINVAL; 839 if (errmsg != NULL) 840 strncpy(errmsg, "Invalid fspath", errmsg_len); 841 goto bail; 842 } 843 844 /* 845 * Check to see that "export" is only used with the "update", "fstype", 846 * "fspath", "from" and "errmsg" options when in a vnet jail. 847 * These are the ones used to set/update exports by mountd(8). 848 * If only the above options are set in a jail that can run mountd(8), 849 * then the jail_export argument of vfs_domount() will be true. 850 * When jail_export is true, the vfs_suser() check does not cause 851 * failure, but limits the update to exports only. 852 * This allows mountd(8) running within the vnet jail 853 * to export file systems visible within the jail, but 854 * mounted outside of the jail. 855 */ 856 /* 857 * We need to see if we have the "update" option 858 * before we call vfs_domount(), since vfs_domount() has special 859 * logic based on MNT_UPDATE. This is very important 860 * when we want to update the root filesystem. 861 */ 862 has_nonexport = false; 863 jail_export = false; 864 TAILQ_FOREACH_SAFE(opt, optlist, link, tmp_opt) { 865 int do_freeopt = 0; 866 867 if (jailed(td->td_ucred) && 868 strcmp(opt->name, "export") != 0 && 869 strcmp(opt->name, "update") != 0 && 870 strcmp(opt->name, "fstype") != 0 && 871 strcmp(opt->name, "fspath") != 0 && 872 strcmp(opt->name, "from") != 0 && 873 strcmp(opt->name, "errmsg") != 0) 874 has_nonexport = true; 875 if (strcmp(opt->name, "update") == 0) { 876 fsflags |= MNT_UPDATE; 877 do_freeopt = 1; 878 } 879 else if (strcmp(opt->name, "async") == 0) 880 fsflags |= MNT_ASYNC; 881 else if (strcmp(opt->name, "force") == 0) { 882 fsflags |= MNT_FORCE; 883 do_freeopt = 1; 884 } 885 else if (strcmp(opt->name, "reload") == 0) { 886 fsflags |= MNT_RELOAD; 887 do_freeopt = 1; 888 } 889 else if (strcmp(opt->name, "multilabel") == 0) 890 fsflags |= MNT_MULTILABEL; 891 else if (strcmp(opt->name, "noasync") == 0) 892 fsflags &= ~MNT_ASYNC; 893 else if (strcmp(opt->name, "noatime") == 0) 894 fsflags |= MNT_NOATIME; 895 else if (strcmp(opt->name, "atime") == 0) { 896 free(opt->name, M_MOUNT); 897 opt->name = strdup("nonoatime", M_MOUNT); 898 } 899 else if (strcmp(opt->name, "noclusterr") == 0) 900 fsflags |= MNT_NOCLUSTERR; 901 else if (strcmp(opt->name, "clusterr") == 0) { 902 free(opt->name, M_MOUNT); 903 opt->name = strdup("nonoclusterr", M_MOUNT); 904 } 905 else if (strcmp(opt->name, "noclusterw") == 0) 906 fsflags |= MNT_NOCLUSTERW; 907 else if (strcmp(opt->name, "clusterw") == 0) { 908 free(opt->name, M_MOUNT); 909 opt->name = strdup("nonoclusterw", M_MOUNT); 910 } 911 else if (strcmp(opt->name, "noexec") == 0) 912 fsflags |= MNT_NOEXEC; 913 else if (strcmp(opt->name, "exec") == 0) { 914 free(opt->name, M_MOUNT); 915 opt->name = strdup("nonoexec", M_MOUNT); 916 } 917 else if (strcmp(opt->name, "nosuid") == 0) 918 fsflags |= MNT_NOSUID; 919 else if (strcmp(opt->name, "suid") == 0) { 920 free(opt->name, M_MOUNT); 921 opt->name = strdup("nonosuid", M_MOUNT); 922 } 923 else if (strcmp(opt->name, "nosymfollow") == 0) 924 fsflags |= MNT_NOSYMFOLLOW; 925 else if (strcmp(opt->name, "symfollow") == 0) { 926 free(opt->name, M_MOUNT); 927 opt->name = strdup("nonosymfollow", M_MOUNT); 928 } 929 else if (strcmp(opt->name, "noro") == 0) { 930 fsflags &= ~MNT_RDONLY; 931 autoro = false; 932 } 933 else if (strcmp(opt->name, "rw") == 0) { 934 fsflags &= ~MNT_RDONLY; 935 autoro = false; 936 } 937 else if (strcmp(opt->name, "ro") == 0) { 938 fsflags |= MNT_RDONLY; 939 autoro = false; 940 } 941 else if (strcmp(opt->name, "rdonly") == 0) { 942 free(opt->name, M_MOUNT); 943 opt->name = strdup("ro", M_MOUNT); 944 fsflags |= MNT_RDONLY; 945 autoro = false; 946 } 947 else if (strcmp(opt->name, "autoro") == 0) { 948 do_freeopt = 1; 949 autoro = true; 950 } 951 else if (strcmp(opt->name, "suiddir") == 0) 952 fsflags |= MNT_SUIDDIR; 953 else if (strcmp(opt->name, "sync") == 0) 954 fsflags |= MNT_SYNCHRONOUS; 955 else if (strcmp(opt->name, "union") == 0) 956 fsflags |= MNT_UNION; 957 else if (strcmp(opt->name, "export") == 0) { 958 fsflags |= MNT_EXPORTED; 959 jail_export = true; 960 } else if (strcmp(opt->name, "automounted") == 0) { 961 fsflags |= MNT_AUTOMOUNTED; 962 do_freeopt = 1; 963 } else if (strcmp(opt->name, "nocover") == 0) { 964 fsflags |= MNT_NOCOVER; 965 do_freeopt = 1; 966 } else if (strcmp(opt->name, "cover") == 0) { 967 fsflags &= ~MNT_NOCOVER; 968 do_freeopt = 1; 969 } else if (strcmp(opt->name, "emptydir") == 0) { 970 fsflags |= MNT_EMPTYDIR; 971 do_freeopt = 1; 972 } else if (strcmp(opt->name, "noemptydir") == 0) { 973 fsflags &= ~MNT_EMPTYDIR; 974 do_freeopt = 1; 975 } 976 if (do_freeopt) 977 vfs_freeopt(optlist, opt); 978 } 979 980 /* 981 * Be ultra-paranoid about making sure the type and fspath 982 * variables will fit in our mp buffers, including the 983 * terminating NUL. 984 */ 985 if (fstypelen > MFSNAMELEN || fspathlen > MNAMELEN) { 986 error = ENAMETOOLONG; 987 goto bail; 988 } 989 990 /* 991 * If has_nonexport is true or the caller is not running within a 992 * vnet prison that can run mountd(8), set jail_export false. 993 */ 994 if (has_nonexport || !jailed(td->td_ucred) || 995 !prison_check_nfsd(td->td_ucred)) 996 jail_export = false; 997 998 error = vfs_domount(td, fstype, fspath, fsflags, jail_export, &optlist); 999 if (error == ENODEV) { 1000 error = EINVAL; 1001 if (errmsg != NULL) 1002 strncpy(errmsg, "Invalid fstype", errmsg_len); 1003 goto bail; 1004 } 1005 1006 /* 1007 * See if we can mount in the read-only mode if the error code suggests 1008 * that it could be possible and the mount options allow for that. 1009 * Never try it if "[no]{ro|rw}" has been explicitly requested and not 1010 * overridden by "autoro". 1011 */ 1012 if (autoro && vfs_should_downgrade_to_ro_mount(fsflags, error)) { 1013 printf("%s: R/W mount failed, possibly R/O media," 1014 " trying R/O mount\n", __func__); 1015 fsflags |= MNT_RDONLY; 1016 error = vfs_domount(td, fstype, fspath, fsflags, jail_export, 1017 &optlist); 1018 } 1019 bail: 1020 /* copyout the errmsg */ 1021 if (errmsg_pos != -1 && ((2 * errmsg_pos + 1) < fsoptions->uio_iovcnt) 1022 && errmsg_len > 0 && errmsg != NULL) { 1023 if (fsoptions->uio_segflg == UIO_SYSSPACE) { 1024 bcopy(errmsg, 1025 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, 1026 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); 1027 } else { 1028 copyout(errmsg, 1029 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, 1030 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); 1031 } 1032 } 1033 1034 if (optlist != NULL) 1035 vfs_freeopts(optlist); 1036 return (error); 1037 } 1038 1039 /* 1040 * Old mount API. 1041 */ 1042 #ifndef _SYS_SYSPROTO_H_ 1043 struct mount_args { 1044 char *type; 1045 char *path; 1046 int flags; 1047 caddr_t data; 1048 }; 1049 #endif 1050 /* ARGSUSED */ 1051 int 1052 sys_mount(struct thread *td, struct mount_args *uap) 1053 { 1054 char *fstype; 1055 struct vfsconf *vfsp = NULL; 1056 struct mntarg *ma = NULL; 1057 uint64_t flags; 1058 int error; 1059 1060 /* 1061 * Mount flags are now 64-bits. On 32-bit architectures only 1062 * 32-bits are passed in, but from here on everything handles 1063 * 64-bit flags correctly. 1064 */ 1065 flags = uap->flags; 1066 1067 AUDIT_ARG_FFLAGS(flags); 1068 1069 /* 1070 * Filter out MNT_ROOTFS. We do not want clients of mount() in 1071 * userspace to set this flag, but we must filter it out if we want 1072 * MNT_UPDATE on the root file system to work. 1073 * MNT_ROOTFS should only be set by the kernel when mounting its 1074 * root file system. 1075 */ 1076 flags &= ~MNT_ROOTFS; 1077 1078 fstype = malloc(MFSNAMELEN, M_TEMP, M_WAITOK); 1079 error = copyinstr(uap->type, fstype, MFSNAMELEN, NULL); 1080 if (error) { 1081 free(fstype, M_TEMP); 1082 return (error); 1083 } 1084 1085 AUDIT_ARG_TEXT(fstype); 1086 vfsp = vfs_byname_kld(fstype, td, &error); 1087 free(fstype, M_TEMP); 1088 if (vfsp == NULL) 1089 return (EINVAL); 1090 if (((vfsp->vfc_flags & VFCF_SBDRY) != 0 && 1091 vfsp->vfc_vfsops_sd->vfs_cmount == NULL) || 1092 ((vfsp->vfc_flags & VFCF_SBDRY) == 0 && 1093 vfsp->vfc_vfsops->vfs_cmount == NULL)) 1094 return (EOPNOTSUPP); 1095 1096 ma = mount_argsu(ma, "fstype", uap->type, MFSNAMELEN); 1097 ma = mount_argsu(ma, "fspath", uap->path, MNAMELEN); 1098 ma = mount_argb(ma, flags & MNT_RDONLY, "noro"); 1099 ma = mount_argb(ma, !(flags & MNT_NOSUID), "nosuid"); 1100 ma = mount_argb(ma, !(flags & MNT_NOEXEC), "noexec"); 1101 1102 if ((vfsp->vfc_flags & VFCF_SBDRY) != 0) 1103 return (vfsp->vfc_vfsops_sd->vfs_cmount(ma, uap->data, flags)); 1104 return (vfsp->vfc_vfsops->vfs_cmount(ma, uap->data, flags)); 1105 } 1106 1107 /* 1108 * vfs_domount_first(): first file system mount (not update) 1109 */ 1110 static int 1111 vfs_domount_first( 1112 struct thread *td, /* Calling thread. */ 1113 struct vfsconf *vfsp, /* File system type. */ 1114 char *fspath, /* Mount path. */ 1115 struct vnode *vp, /* Vnode to be covered. */ 1116 uint64_t fsflags, /* Flags common to all filesystems. */ 1117 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1118 ) 1119 { 1120 struct vattr va; 1121 struct mount *mp; 1122 struct vnode *newdp, *rootvp; 1123 int error, error1; 1124 bool unmounted; 1125 1126 ASSERT_VOP_ELOCKED(vp, __func__); 1127 KASSERT((fsflags & MNT_UPDATE) == 0, ("MNT_UPDATE shouldn't be here")); 1128 1129 /* 1130 * If the jail of the calling thread lacks permission for this type of 1131 * file system, or is trying to cover its own root, deny immediately. 1132 */ 1133 if (jailed(td->td_ucred) && (!prison_allow(td->td_ucred, 1134 vfsp->vfc_prison_flag) || vp == td->td_ucred->cr_prison->pr_root)) { 1135 vput(vp); 1136 return (EPERM); 1137 } 1138 1139 /* 1140 * If the user is not root, ensure that they own the directory 1141 * onto which we are attempting to mount. 1142 */ 1143 error = VOP_GETATTR(vp, &va, td->td_ucred); 1144 if (error == 0 && va.va_uid != td->td_ucred->cr_uid) 1145 error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN); 1146 if (error == 0) 1147 error = vinvalbuf(vp, V_SAVE, 0, 0); 1148 if (vfsp->vfc_flags & VFCF_FILEMOUNT) { 1149 if (error == 0 && vp->v_type != VDIR && vp->v_type != VREG) 1150 error = EINVAL; 1151 /* 1152 * For file mounts, ensure that there is only one hardlink to the file. 1153 */ 1154 if (error == 0 && vp->v_type == VREG && va.va_nlink != 1) 1155 error = EINVAL; 1156 } else { 1157 if (error == 0 && vp->v_type != VDIR) 1158 error = ENOTDIR; 1159 } 1160 if (error == 0 && (fsflags & MNT_EMPTYDIR) != 0) 1161 error = vn_dir_check_empty(vp); 1162 if (error == 0) { 1163 VI_LOCK(vp); 1164 if ((vp->v_iflag & VI_MOUNT) == 0 && vp->v_mountedhere == NULL) 1165 vp->v_iflag |= VI_MOUNT; 1166 else 1167 error = EBUSY; 1168 VI_UNLOCK(vp); 1169 } 1170 if (error != 0) { 1171 vput(vp); 1172 return (error); 1173 } 1174 vn_seqc_write_begin(vp); 1175 VOP_UNLOCK(vp); 1176 1177 /* Allocate and initialize the filesystem. */ 1178 mp = vfs_mount_alloc(vp, vfsp, fspath, td->td_ucred); 1179 /* XXXMAC: pass to vfs_mount_alloc? */ 1180 mp->mnt_optnew = *optlist; 1181 /* Set the mount level flags. */ 1182 mp->mnt_flag = (fsflags & 1183 (MNT_UPDATEMASK | MNT_ROOTFS | MNT_RDONLY | MNT_FORCE)); 1184 1185 /* 1186 * Mount the filesystem. 1187 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they 1188 * get. No freeing of cn_pnbuf. 1189 */ 1190 error1 = 0; 1191 unmounted = true; 1192 if ((error = VFS_MOUNT(mp)) != 0 || 1193 (error1 = VFS_STATFS(mp, &mp->mnt_stat)) != 0 || 1194 (error1 = VFS_ROOT(mp, LK_EXCLUSIVE, &newdp)) != 0) { 1195 rootvp = NULL; 1196 if (error1 != 0) { 1197 MPASS(error == 0); 1198 rootvp = vfs_cache_root_clear(mp); 1199 if (rootvp != NULL) { 1200 vhold(rootvp); 1201 vrele(rootvp); 1202 } 1203 (void)vn_start_write(NULL, &mp, V_WAIT); 1204 MNT_ILOCK(mp); 1205 mp->mnt_kern_flag |= MNTK_UNMOUNT | MNTK_UNMOUNTF; 1206 MNT_IUNLOCK(mp); 1207 VFS_PURGE(mp); 1208 error = VFS_UNMOUNT(mp, 0); 1209 vn_finished_write(mp); 1210 if (error != 0) { 1211 printf( 1212 "failed post-mount (%d): rollback unmount returned %d\n", 1213 error1, error); 1214 unmounted = false; 1215 } 1216 error = error1; 1217 } 1218 vfs_unbusy(mp); 1219 mp->mnt_vnodecovered = NULL; 1220 if (unmounted) { 1221 /* XXXKIB wait for mnt_lockref drain? */ 1222 vfs_mount_destroy(mp); 1223 } 1224 VI_LOCK(vp); 1225 vp->v_iflag &= ~VI_MOUNT; 1226 VI_UNLOCK(vp); 1227 if (rootvp != NULL) { 1228 vn_seqc_write_end(rootvp); 1229 vdrop(rootvp); 1230 } 1231 vn_seqc_write_end(vp); 1232 vrele(vp); 1233 return (error); 1234 } 1235 vn_seqc_write_begin(newdp); 1236 VOP_UNLOCK(newdp); 1237 1238 if (mp->mnt_opt != NULL) 1239 vfs_freeopts(mp->mnt_opt); 1240 mp->mnt_opt = mp->mnt_optnew; 1241 *optlist = NULL; 1242 1243 /* 1244 * Prevent external consumers of mount options from reading mnt_optnew. 1245 */ 1246 mp->mnt_optnew = NULL; 1247 1248 MNT_ILOCK(mp); 1249 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 1250 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 1251 mp->mnt_kern_flag |= MNTK_ASYNC; 1252 else 1253 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1254 MNT_IUNLOCK(mp); 1255 1256 /* 1257 * VIRF_MOUNTPOINT and v_mountedhere need to be set under the 1258 * vp lock to satisfy vfs_lookup() requirements. 1259 */ 1260 VOP_LOCK(vp, LK_EXCLUSIVE | LK_RETRY); 1261 VI_LOCK(vp); 1262 vn_irflag_set_locked(vp, VIRF_MOUNTPOINT); 1263 vp->v_mountedhere = mp; 1264 VI_UNLOCK(vp); 1265 VOP_UNLOCK(vp); 1266 cache_purge(vp); 1267 1268 /* 1269 * We need to lock both vnodes. 1270 * 1271 * Use vn_lock_pair to avoid establishing an ordering between vnodes 1272 * from different filesystems. 1273 */ 1274 vn_lock_pair(vp, false, LK_EXCLUSIVE, newdp, false, LK_EXCLUSIVE); 1275 1276 VI_LOCK(vp); 1277 vp->v_iflag &= ~VI_MOUNT; 1278 VI_UNLOCK(vp); 1279 /* Place the new filesystem at the end of the mount list. */ 1280 mtx_lock(&mountlist_mtx); 1281 TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list); 1282 mtx_unlock(&mountlist_mtx); 1283 vfs_event_signal(NULL, VQ_MOUNT, 0); 1284 VOP_UNLOCK(vp); 1285 EVENTHANDLER_DIRECT_INVOKE(vfs_mounted, mp, newdp, td); 1286 VOP_UNLOCK(newdp); 1287 mount_devctl_event("MOUNT", mp, false); 1288 mountcheckdirs(vp, newdp); 1289 vn_seqc_write_end(vp); 1290 vn_seqc_write_end(newdp); 1291 vrele(newdp); 1292 if ((mp->mnt_flag & MNT_RDONLY) == 0) 1293 vfs_allocate_syncvnode(mp); 1294 vfs_op_exit(mp); 1295 vfs_unbusy(mp); 1296 return (0); 1297 } 1298 1299 /* 1300 * vfs_domount_update(): update of mounted file system 1301 */ 1302 static int 1303 vfs_domount_update( 1304 struct thread *td, /* Calling thread. */ 1305 struct vnode *vp, /* Mount point vnode. */ 1306 uint64_t fsflags, /* Flags common to all filesystems. */ 1307 bool jail_export, /* Got export option in vnet prison. */ 1308 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1309 ) 1310 { 1311 struct export_args export; 1312 struct o2export_args o2export; 1313 struct vnode *rootvp; 1314 void *bufp; 1315 struct mount *mp; 1316 int error, export_error, i, len, fsid_up_len; 1317 uint64_t flag; 1318 gid_t *grps; 1319 fsid_t *fsid_up; 1320 bool vfs_suser_failed; 1321 1322 ASSERT_VOP_ELOCKED(vp, __func__); 1323 KASSERT((fsflags & MNT_UPDATE) != 0, ("MNT_UPDATE should be here")); 1324 mp = vp->v_mount; 1325 1326 if ((vp->v_vflag & VV_ROOT) == 0) { 1327 if (vfs_copyopt(*optlist, "export", &export, sizeof(export)) 1328 == 0) 1329 error = EXDEV; 1330 else 1331 error = EINVAL; 1332 vput(vp); 1333 return (error); 1334 } 1335 1336 /* 1337 * We only allow the filesystem to be reloaded if it 1338 * is currently mounted read-only. 1339 */ 1340 flag = mp->mnt_flag; 1341 if ((fsflags & MNT_RELOAD) != 0 && (flag & MNT_RDONLY) == 0) { 1342 vput(vp); 1343 return (EOPNOTSUPP); /* Needs translation */ 1344 } 1345 /* 1346 * Only privileged root, or (if MNT_USER is set) the user that 1347 * did the original mount is permitted to update it. 1348 */ 1349 /* 1350 * For the case of mountd(8) doing exports in a jail, the vfs_suser() 1351 * call does not cause failure. vfs_domount() has already checked 1352 * that "root" is doing this and vfs_suser() will fail when 1353 * the file system has been mounted outside the jail. 1354 * jail_export set true indicates that "export" is not mixed 1355 * with other options that change mount behaviour. 1356 */ 1357 vfs_suser_failed = false; 1358 error = vfs_suser(mp, td); 1359 if (jail_export && error != 0) { 1360 error = 0; 1361 vfs_suser_failed = true; 1362 } 1363 if (error != 0) { 1364 vput(vp); 1365 return (error); 1366 } 1367 if (vfs_busy(mp, MBF_NOWAIT)) { 1368 vput(vp); 1369 return (EBUSY); 1370 } 1371 VI_LOCK(vp); 1372 if ((vp->v_iflag & VI_MOUNT) != 0 || vp->v_mountedhere != NULL) { 1373 VI_UNLOCK(vp); 1374 vfs_unbusy(mp); 1375 vput(vp); 1376 return (EBUSY); 1377 } 1378 vp->v_iflag |= VI_MOUNT; 1379 VI_UNLOCK(vp); 1380 VOP_UNLOCK(vp); 1381 1382 rootvp = NULL; 1383 vfs_op_enter(mp); 1384 vn_seqc_write_begin(vp); 1385 1386 if (vfs_getopt(*optlist, "fsid", (void **)&fsid_up, 1387 &fsid_up_len) == 0) { 1388 if (fsid_up_len != sizeof(*fsid_up)) { 1389 error = EINVAL; 1390 goto end; 1391 } 1392 if (fsidcmp(&fsid_up, &mp->mnt_stat.f_fsid) != 0) { 1393 error = ENOENT; 1394 goto end; 1395 } 1396 vfs_deleteopt(*optlist, "fsid"); 1397 } 1398 1399 MNT_ILOCK(mp); 1400 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0) { 1401 MNT_IUNLOCK(mp); 1402 error = EBUSY; 1403 goto end; 1404 } 1405 if (vfs_suser_failed) { 1406 KASSERT((fsflags & (MNT_EXPORTED | MNT_UPDATE)) == 1407 (MNT_EXPORTED | MNT_UPDATE), 1408 ("%s: jailed export did not set expected fsflags", 1409 __func__)); 1410 /* 1411 * For this case, only MNT_UPDATE and 1412 * MNT_EXPORTED have been set in fsflags 1413 * by the options. Only set MNT_UPDATE, 1414 * since that is the one that would be set 1415 * when set in fsflags, below. 1416 */ 1417 mp->mnt_flag |= MNT_UPDATE; 1418 } else { 1419 mp->mnt_flag &= ~MNT_UPDATEMASK; 1420 mp->mnt_flag |= fsflags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE | 1421 MNT_SNAPSHOT | MNT_ROOTFS | MNT_UPDATEMASK | MNT_RDONLY); 1422 if ((mp->mnt_flag & MNT_ASYNC) == 0) 1423 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1424 } 1425 rootvp = vfs_cache_root_clear(mp); 1426 MNT_IUNLOCK(mp); 1427 mp->mnt_optnew = *optlist; 1428 vfs_mergeopts(mp->mnt_optnew, mp->mnt_opt); 1429 1430 /* 1431 * Mount the filesystem. 1432 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they 1433 * get. No freeing of cn_pnbuf. 1434 */ 1435 /* 1436 * For the case of mountd(8) doing exports from within a vnet jail, 1437 * "from" is typically not set correctly such that VFS_MOUNT() will 1438 * return ENOENT. It is not obvious that VFS_MOUNT() ever needs to be 1439 * called when mountd is doing exports, but this check only applies to 1440 * the specific case where it is running inside a vnet jail, to 1441 * avoid any POLA violation. 1442 */ 1443 error = 0; 1444 if (!jail_export) 1445 error = VFS_MOUNT(mp); 1446 1447 export_error = 0; 1448 /* Process the export option. */ 1449 if (error == 0 && vfs_getopt(mp->mnt_optnew, "export", &bufp, 1450 &len) == 0) { 1451 /* Assume that there is only 1 ABI for each length. */ 1452 switch (len) { 1453 case (sizeof(struct oexport_args)): 1454 bzero(&o2export, sizeof(o2export)); 1455 /* FALLTHROUGH */ 1456 case (sizeof(o2export)): 1457 bcopy(bufp, &o2export, len); 1458 export.ex_flags = (uint64_t)o2export.ex_flags; 1459 export.ex_root = o2export.ex_root; 1460 export.ex_uid = o2export.ex_anon.cr_uid; 1461 export.ex_groups = NULL; 1462 export.ex_ngroups = o2export.ex_anon.cr_ngroups; 1463 if (export.ex_ngroups > 0) { 1464 if (export.ex_ngroups <= XU_NGROUPS) { 1465 export.ex_groups = malloc( 1466 export.ex_ngroups * sizeof(gid_t), 1467 M_TEMP, M_WAITOK); 1468 for (i = 0; i < export.ex_ngroups; i++) 1469 export.ex_groups[i] = 1470 o2export.ex_anon.cr_groups[i]; 1471 } else 1472 export_error = EINVAL; 1473 } else if (export.ex_ngroups < 0) 1474 export_error = EINVAL; 1475 export.ex_addr = o2export.ex_addr; 1476 export.ex_addrlen = o2export.ex_addrlen; 1477 export.ex_mask = o2export.ex_mask; 1478 export.ex_masklen = o2export.ex_masklen; 1479 export.ex_indexfile = o2export.ex_indexfile; 1480 export.ex_numsecflavors = o2export.ex_numsecflavors; 1481 if (export.ex_numsecflavors < MAXSECFLAVORS) { 1482 for (i = 0; i < export.ex_numsecflavors; i++) 1483 export.ex_secflavors[i] = 1484 o2export.ex_secflavors[i]; 1485 } else 1486 export_error = EINVAL; 1487 if (export_error == 0) 1488 export_error = vfs_export(mp, &export, true); 1489 free(export.ex_groups, M_TEMP); 1490 break; 1491 case (sizeof(export)): 1492 bcopy(bufp, &export, len); 1493 grps = NULL; 1494 if (export.ex_ngroups > 0) { 1495 if (export.ex_ngroups <= NGROUPS_MAX) { 1496 grps = malloc(export.ex_ngroups * 1497 sizeof(gid_t), M_TEMP, M_WAITOK); 1498 export_error = copyin(export.ex_groups, 1499 grps, export.ex_ngroups * 1500 sizeof(gid_t)); 1501 if (export_error == 0) 1502 export.ex_groups = grps; 1503 } else 1504 export_error = EINVAL; 1505 } else if (export.ex_ngroups == 0) 1506 export.ex_groups = NULL; 1507 else 1508 export_error = EINVAL; 1509 if (export_error == 0) 1510 export_error = vfs_export(mp, &export, true); 1511 free(grps, M_TEMP); 1512 break; 1513 default: 1514 export_error = EINVAL; 1515 break; 1516 } 1517 } 1518 1519 MNT_ILOCK(mp); 1520 if (error == 0) { 1521 mp->mnt_flag &= ~(MNT_UPDATE | MNT_RELOAD | MNT_FORCE | 1522 MNT_SNAPSHOT); 1523 } else { 1524 /* 1525 * If we fail, restore old mount flags. MNT_QUOTA is special, 1526 * because it is not part of MNT_UPDATEMASK, but it could have 1527 * changed in the meantime if quotactl(2) was called. 1528 * All in all we want current value of MNT_QUOTA, not the old 1529 * one. 1530 */ 1531 mp->mnt_flag = (mp->mnt_flag & MNT_QUOTA) | (flag & ~MNT_QUOTA); 1532 } 1533 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 1534 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 1535 mp->mnt_kern_flag |= MNTK_ASYNC; 1536 else 1537 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1538 MNT_IUNLOCK(mp); 1539 1540 if (error != 0) 1541 goto end; 1542 1543 mount_devctl_event("REMOUNT", mp, true); 1544 if (mp->mnt_opt != NULL) 1545 vfs_freeopts(mp->mnt_opt); 1546 mp->mnt_opt = mp->mnt_optnew; 1547 *optlist = NULL; 1548 (void)VFS_STATFS(mp, &mp->mnt_stat); 1549 /* 1550 * Prevent external consumers of mount options from reading 1551 * mnt_optnew. 1552 */ 1553 mp->mnt_optnew = NULL; 1554 1555 if ((mp->mnt_flag & MNT_RDONLY) == 0) 1556 vfs_allocate_syncvnode(mp); 1557 else 1558 vfs_deallocate_syncvnode(mp); 1559 end: 1560 vfs_op_exit(mp); 1561 if (rootvp != NULL) { 1562 vn_seqc_write_end(rootvp); 1563 vrele(rootvp); 1564 } 1565 vn_seqc_write_end(vp); 1566 vfs_unbusy(mp); 1567 VI_LOCK(vp); 1568 vp->v_iflag &= ~VI_MOUNT; 1569 VI_UNLOCK(vp); 1570 vrele(vp); 1571 return (error != 0 ? error : export_error); 1572 } 1573 1574 /* 1575 * vfs_domount(): actually attempt a filesystem mount. 1576 */ 1577 static int 1578 vfs_domount( 1579 struct thread *td, /* Calling thread. */ 1580 const char *fstype, /* Filesystem type. */ 1581 char *fspath, /* Mount path. */ 1582 uint64_t fsflags, /* Flags common to all filesystems. */ 1583 bool jail_export, /* Got export option in vnet prison. */ 1584 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1585 ) 1586 { 1587 struct vfsconf *vfsp; 1588 struct nameidata nd; 1589 struct vnode *vp; 1590 char *pathbuf; 1591 int error; 1592 1593 /* 1594 * Be ultra-paranoid about making sure the type and fspath 1595 * variables will fit in our mp buffers, including the 1596 * terminating NUL. 1597 */ 1598 if (strlen(fstype) >= MFSNAMELEN || strlen(fspath) >= MNAMELEN) 1599 return (ENAMETOOLONG); 1600 1601 if (jail_export) { 1602 error = priv_check(td, PRIV_NFS_DAEMON); 1603 if (error) 1604 return (error); 1605 } else if (jailed(td->td_ucred) || usermount == 0) { 1606 if ((error = priv_check(td, PRIV_VFS_MOUNT)) != 0) 1607 return (error); 1608 } 1609 1610 /* 1611 * Do not allow NFS export or MNT_SUIDDIR by unprivileged users. 1612 */ 1613 if (fsflags & MNT_EXPORTED) { 1614 error = priv_check(td, PRIV_VFS_MOUNT_EXPORTED); 1615 if (error) 1616 return (error); 1617 } 1618 if (fsflags & MNT_SUIDDIR) { 1619 error = priv_check(td, PRIV_VFS_MOUNT_SUIDDIR); 1620 if (error) 1621 return (error); 1622 } 1623 /* 1624 * Silently enforce MNT_NOSUID and MNT_USER for unprivileged users. 1625 */ 1626 if ((fsflags & (MNT_NOSUID | MNT_USER)) != (MNT_NOSUID | MNT_USER)) { 1627 if (priv_check(td, PRIV_VFS_MOUNT_NONUSER) != 0) 1628 fsflags |= MNT_NOSUID | MNT_USER; 1629 } 1630 1631 /* Load KLDs before we lock the covered vnode to avoid reversals. */ 1632 vfsp = NULL; 1633 if ((fsflags & MNT_UPDATE) == 0) { 1634 /* Don't try to load KLDs if we're mounting the root. */ 1635 if (fsflags & MNT_ROOTFS) { 1636 if ((vfsp = vfs_byname(fstype)) == NULL) 1637 return (ENODEV); 1638 } else { 1639 if ((vfsp = vfs_byname_kld(fstype, td, &error)) == NULL) 1640 return (error); 1641 } 1642 } 1643 1644 /* 1645 * Get vnode to be covered or mount point's vnode in case of MNT_UPDATE. 1646 */ 1647 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1 | WANTPARENT, 1648 UIO_SYSSPACE, fspath); 1649 error = namei(&nd); 1650 if (error != 0) 1651 return (error); 1652 vp = nd.ni_vp; 1653 /* 1654 * Don't allow stacking file mounts to work around problems with the way 1655 * that namei sets nd.ni_dvp to vp_crossmp for these. 1656 */ 1657 if (vp->v_type == VREG) 1658 fsflags |= MNT_NOCOVER; 1659 if ((fsflags & MNT_UPDATE) == 0) { 1660 if ((vp->v_vflag & VV_ROOT) != 0 && 1661 (fsflags & MNT_NOCOVER) != 0) { 1662 vput(vp); 1663 error = EBUSY; 1664 goto out; 1665 } 1666 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1667 strcpy(pathbuf, fspath); 1668 /* 1669 * Note: we allow any vnode type here. If the path sanity check 1670 * succeeds, the type will be validated in vfs_domount_first 1671 * above. 1672 */ 1673 if (vp->v_type == VDIR) 1674 error = vn_path_to_global_path(td, vp, pathbuf, 1675 MNAMELEN); 1676 else 1677 error = vn_path_to_global_path_hardlink(td, vp, 1678 nd.ni_dvp, pathbuf, MNAMELEN, 1679 nd.ni_cnd.cn_nameptr, nd.ni_cnd.cn_namelen); 1680 if (error == 0) { 1681 error = vfs_domount_first(td, vfsp, pathbuf, vp, 1682 fsflags, optlist); 1683 } 1684 free(pathbuf, M_TEMP); 1685 } else 1686 error = vfs_domount_update(td, vp, fsflags, jail_export, 1687 optlist); 1688 1689 out: 1690 NDFREE_PNBUF(&nd); 1691 vrele(nd.ni_dvp); 1692 1693 return (error); 1694 } 1695 1696 /* 1697 * Unmount a filesystem. 1698 * 1699 * Note: unmount takes a path to the vnode mounted on as argument, not 1700 * special file (as before). 1701 */ 1702 #ifndef _SYS_SYSPROTO_H_ 1703 struct unmount_args { 1704 char *path; 1705 int flags; 1706 }; 1707 #endif 1708 /* ARGSUSED */ 1709 int 1710 sys_unmount(struct thread *td, struct unmount_args *uap) 1711 { 1712 1713 return (kern_unmount(td, uap->path, uap->flags)); 1714 } 1715 1716 int 1717 kern_unmount(struct thread *td, const char *path, int flags) 1718 { 1719 struct nameidata nd; 1720 struct mount *mp; 1721 char *fsidbuf, *pathbuf; 1722 fsid_t fsid; 1723 int error; 1724 1725 AUDIT_ARG_VALUE(flags); 1726 if (jailed(td->td_ucred) || usermount == 0) { 1727 error = priv_check(td, PRIV_VFS_UNMOUNT); 1728 if (error) 1729 return (error); 1730 } 1731 1732 if (flags & MNT_BYFSID) { 1733 fsidbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1734 error = copyinstr(path, fsidbuf, MNAMELEN, NULL); 1735 if (error) { 1736 free(fsidbuf, M_TEMP); 1737 return (error); 1738 } 1739 1740 AUDIT_ARG_TEXT(fsidbuf); 1741 /* Decode the filesystem ID. */ 1742 if (sscanf(fsidbuf, "FSID:%d:%d", &fsid.val[0], &fsid.val[1]) != 2) { 1743 free(fsidbuf, M_TEMP); 1744 return (EINVAL); 1745 } 1746 1747 mp = vfs_getvfs(&fsid); 1748 free(fsidbuf, M_TEMP); 1749 if (mp == NULL) { 1750 return (ENOENT); 1751 } 1752 } else { 1753 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1754 error = copyinstr(path, pathbuf, MNAMELEN, NULL); 1755 if (error) { 1756 free(pathbuf, M_TEMP); 1757 return (error); 1758 } 1759 1760 /* 1761 * Try to find global path for path argument. 1762 */ 1763 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, 1764 UIO_SYSSPACE, pathbuf); 1765 if (namei(&nd) == 0) { 1766 NDFREE_PNBUF(&nd); 1767 error = vn_path_to_global_path(td, nd.ni_vp, pathbuf, 1768 MNAMELEN); 1769 if (error == 0) 1770 vput(nd.ni_vp); 1771 } 1772 mtx_lock(&mountlist_mtx); 1773 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 1774 if (strcmp(mp->mnt_stat.f_mntonname, pathbuf) == 0) { 1775 vfs_ref(mp); 1776 break; 1777 } 1778 } 1779 mtx_unlock(&mountlist_mtx); 1780 free(pathbuf, M_TEMP); 1781 if (mp == NULL) { 1782 /* 1783 * Previously we returned ENOENT for a nonexistent path and 1784 * EINVAL for a non-mountpoint. We cannot tell these apart 1785 * now, so in the !MNT_BYFSID case return the more likely 1786 * EINVAL for compatibility. 1787 */ 1788 return (EINVAL); 1789 } 1790 } 1791 1792 /* 1793 * Don't allow unmounting the root filesystem. 1794 */ 1795 if (mp->mnt_flag & MNT_ROOTFS) { 1796 vfs_rel(mp); 1797 return (EINVAL); 1798 } 1799 error = dounmount(mp, flags, td); 1800 return (error); 1801 } 1802 1803 /* 1804 * Return error if any of the vnodes, ignoring the root vnode 1805 * and the syncer vnode, have non-zero usecount. 1806 * 1807 * This function is purely advisory - it can return false positives 1808 * and negatives. 1809 */ 1810 static int 1811 vfs_check_usecounts(struct mount *mp) 1812 { 1813 struct vnode *vp, *mvp; 1814 1815 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) { 1816 if ((vp->v_vflag & VV_ROOT) == 0 && vp->v_type != VNON && 1817 vp->v_usecount != 0) { 1818 VI_UNLOCK(vp); 1819 MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp); 1820 return (EBUSY); 1821 } 1822 VI_UNLOCK(vp); 1823 } 1824 1825 return (0); 1826 } 1827 1828 static void 1829 dounmount_cleanup(struct mount *mp, struct vnode *coveredvp, int mntkflags) 1830 { 1831 1832 mtx_assert(MNT_MTX(mp), MA_OWNED); 1833 mp->mnt_kern_flag &= ~mntkflags; 1834 if ((mp->mnt_kern_flag & MNTK_MWAIT) != 0) { 1835 mp->mnt_kern_flag &= ~MNTK_MWAIT; 1836 wakeup(mp); 1837 } 1838 vfs_op_exit_locked(mp); 1839 MNT_IUNLOCK(mp); 1840 if (coveredvp != NULL) { 1841 VOP_UNLOCK(coveredvp); 1842 vdrop(coveredvp); 1843 } 1844 vn_finished_write(mp); 1845 vfs_rel(mp); 1846 } 1847 1848 /* 1849 * There are various reference counters associated with the mount point. 1850 * Normally it is permitted to modify them without taking the mnt ilock, 1851 * but this behavior can be temporarily disabled if stable value is needed 1852 * or callers are expected to block (e.g. to not allow new users during 1853 * forced unmount). 1854 */ 1855 void 1856 vfs_op_enter(struct mount *mp) 1857 { 1858 struct mount_pcpu *mpcpu; 1859 int cpu; 1860 1861 MNT_ILOCK(mp); 1862 mp->mnt_vfs_ops++; 1863 if (mp->mnt_vfs_ops > 1) { 1864 MNT_IUNLOCK(mp); 1865 return; 1866 } 1867 vfs_op_barrier_wait(mp); 1868 CPU_FOREACH(cpu) { 1869 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1870 1871 mp->mnt_ref += mpcpu->mntp_ref; 1872 mpcpu->mntp_ref = 0; 1873 1874 mp->mnt_lockref += mpcpu->mntp_lockref; 1875 mpcpu->mntp_lockref = 0; 1876 1877 mp->mnt_writeopcount += mpcpu->mntp_writeopcount; 1878 mpcpu->mntp_writeopcount = 0; 1879 } 1880 MPASSERT(mp->mnt_ref > 0 && mp->mnt_lockref >= 0 && 1881 mp->mnt_writeopcount >= 0, mp, 1882 ("invalid count(s): ref %d lockref %d writeopcount %d", 1883 mp->mnt_ref, mp->mnt_lockref, mp->mnt_writeopcount)); 1884 MNT_IUNLOCK(mp); 1885 vfs_assert_mount_counters(mp); 1886 } 1887 1888 void 1889 vfs_op_exit_locked(struct mount *mp) 1890 { 1891 1892 mtx_assert(MNT_MTX(mp), MA_OWNED); 1893 1894 MPASSERT(mp->mnt_vfs_ops > 0, mp, 1895 ("invalid vfs_ops count %d", mp->mnt_vfs_ops)); 1896 MPASSERT(mp->mnt_vfs_ops > 1 || 1897 (mp->mnt_kern_flag & (MNTK_UNMOUNT | MNTK_SUSPEND)) == 0, mp, 1898 ("vfs_ops too low %d in unmount or suspend", mp->mnt_vfs_ops)); 1899 mp->mnt_vfs_ops--; 1900 } 1901 1902 void 1903 vfs_op_exit(struct mount *mp) 1904 { 1905 1906 MNT_ILOCK(mp); 1907 vfs_op_exit_locked(mp); 1908 MNT_IUNLOCK(mp); 1909 } 1910 1911 struct vfs_op_barrier_ipi { 1912 struct mount *mp; 1913 struct smp_rendezvous_cpus_retry_arg srcra; 1914 }; 1915 1916 static void 1917 vfs_op_action_func(void *arg) 1918 { 1919 struct vfs_op_barrier_ipi *vfsopipi; 1920 struct mount *mp; 1921 1922 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra); 1923 mp = vfsopipi->mp; 1924 1925 if (!vfs_op_thread_entered(mp)) 1926 smp_rendezvous_cpus_done(arg); 1927 } 1928 1929 static void 1930 vfs_op_wait_func(void *arg, int cpu) 1931 { 1932 struct vfs_op_barrier_ipi *vfsopipi; 1933 struct mount *mp; 1934 struct mount_pcpu *mpcpu; 1935 1936 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra); 1937 mp = vfsopipi->mp; 1938 1939 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1940 while (atomic_load_int(&mpcpu->mntp_thread_in_ops)) 1941 cpu_spinwait(); 1942 } 1943 1944 void 1945 vfs_op_barrier_wait(struct mount *mp) 1946 { 1947 struct vfs_op_barrier_ipi vfsopipi; 1948 1949 vfsopipi.mp = mp; 1950 1951 smp_rendezvous_cpus_retry(all_cpus, 1952 smp_no_rendezvous_barrier, 1953 vfs_op_action_func, 1954 smp_no_rendezvous_barrier, 1955 vfs_op_wait_func, 1956 &vfsopipi.srcra); 1957 } 1958 1959 #ifdef DIAGNOSTIC 1960 void 1961 vfs_assert_mount_counters(struct mount *mp) 1962 { 1963 struct mount_pcpu *mpcpu; 1964 int cpu; 1965 1966 if (mp->mnt_vfs_ops == 0) 1967 return; 1968 1969 CPU_FOREACH(cpu) { 1970 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1971 if (mpcpu->mntp_ref != 0 || 1972 mpcpu->mntp_lockref != 0 || 1973 mpcpu->mntp_writeopcount != 0) 1974 vfs_dump_mount_counters(mp); 1975 } 1976 } 1977 1978 void 1979 vfs_dump_mount_counters(struct mount *mp) 1980 { 1981 struct mount_pcpu *mpcpu; 1982 int ref, lockref, writeopcount; 1983 int cpu; 1984 1985 printf("%s: mp %p vfs_ops %d\n", __func__, mp, mp->mnt_vfs_ops); 1986 1987 printf(" ref : "); 1988 ref = mp->mnt_ref; 1989 CPU_FOREACH(cpu) { 1990 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1991 printf("%d ", mpcpu->mntp_ref); 1992 ref += mpcpu->mntp_ref; 1993 } 1994 printf("\n"); 1995 printf(" lockref : "); 1996 lockref = mp->mnt_lockref; 1997 CPU_FOREACH(cpu) { 1998 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1999 printf("%d ", mpcpu->mntp_lockref); 2000 lockref += mpcpu->mntp_lockref; 2001 } 2002 printf("\n"); 2003 printf("writeopcount: "); 2004 writeopcount = mp->mnt_writeopcount; 2005 CPU_FOREACH(cpu) { 2006 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 2007 printf("%d ", mpcpu->mntp_writeopcount); 2008 writeopcount += mpcpu->mntp_writeopcount; 2009 } 2010 printf("\n"); 2011 2012 printf("counter struct total\n"); 2013 printf("ref %-5d %-5d\n", mp->mnt_ref, ref); 2014 printf("lockref %-5d %-5d\n", mp->mnt_lockref, lockref); 2015 printf("writeopcount %-5d %-5d\n", mp->mnt_writeopcount, writeopcount); 2016 2017 panic("invalid counts on struct mount"); 2018 } 2019 #endif 2020 2021 int 2022 vfs_mount_fetch_counter(struct mount *mp, enum mount_counter which) 2023 { 2024 struct mount_pcpu *mpcpu; 2025 int cpu, sum; 2026 2027 switch (which) { 2028 case MNT_COUNT_REF: 2029 sum = mp->mnt_ref; 2030 break; 2031 case MNT_COUNT_LOCKREF: 2032 sum = mp->mnt_lockref; 2033 break; 2034 case MNT_COUNT_WRITEOPCOUNT: 2035 sum = mp->mnt_writeopcount; 2036 break; 2037 } 2038 2039 CPU_FOREACH(cpu) { 2040 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 2041 switch (which) { 2042 case MNT_COUNT_REF: 2043 sum += mpcpu->mntp_ref; 2044 break; 2045 case MNT_COUNT_LOCKREF: 2046 sum += mpcpu->mntp_lockref; 2047 break; 2048 case MNT_COUNT_WRITEOPCOUNT: 2049 sum += mpcpu->mntp_writeopcount; 2050 break; 2051 } 2052 } 2053 return (sum); 2054 } 2055 2056 static bool 2057 deferred_unmount_enqueue(struct mount *mp, uint64_t flags, bool requeue, 2058 int timeout_ticks) 2059 { 2060 bool enqueued; 2061 2062 enqueued = false; 2063 mtx_lock(&deferred_unmount_lock); 2064 if ((mp->mnt_taskqueue_flags & MNT_DEFERRED) == 0 || requeue) { 2065 mp->mnt_taskqueue_flags = flags | MNT_DEFERRED; 2066 STAILQ_INSERT_TAIL(&deferred_unmount_list, mp, 2067 mnt_taskqueue_link); 2068 enqueued = true; 2069 } 2070 mtx_unlock(&deferred_unmount_lock); 2071 2072 if (enqueued) { 2073 taskqueue_enqueue_timeout(taskqueue_deferred_unmount, 2074 &deferred_unmount_task, timeout_ticks); 2075 } 2076 2077 return (enqueued); 2078 } 2079 2080 /* 2081 * Taskqueue handler for processing async/recursive unmounts 2082 */ 2083 static void 2084 vfs_deferred_unmount(void *argi __unused, int pending __unused) 2085 { 2086 STAILQ_HEAD(, mount) local_unmounts; 2087 uint64_t flags; 2088 struct mount *mp, *tmp; 2089 int error; 2090 unsigned int retries; 2091 bool unmounted; 2092 2093 STAILQ_INIT(&local_unmounts); 2094 mtx_lock(&deferred_unmount_lock); 2095 STAILQ_CONCAT(&local_unmounts, &deferred_unmount_list); 2096 mtx_unlock(&deferred_unmount_lock); 2097 2098 STAILQ_FOREACH_SAFE(mp, &local_unmounts, mnt_taskqueue_link, tmp) { 2099 flags = mp->mnt_taskqueue_flags; 2100 KASSERT((flags & MNT_DEFERRED) != 0, 2101 ("taskqueue unmount without MNT_DEFERRED")); 2102 error = dounmount(mp, flags, curthread); 2103 if (error != 0) { 2104 MNT_ILOCK(mp); 2105 unmounted = ((mp->mnt_kern_flag & MNTK_REFEXPIRE) != 0); 2106 MNT_IUNLOCK(mp); 2107 2108 /* 2109 * The deferred unmount thread is the only thread that 2110 * modifies the retry counts, so locking/atomics aren't 2111 * needed here. 2112 */ 2113 retries = (mp->mnt_unmount_retries)++; 2114 deferred_unmount_total_retries++; 2115 if (!unmounted && retries < deferred_unmount_retry_limit) { 2116 deferred_unmount_enqueue(mp, flags, true, 2117 -deferred_unmount_retry_delay_hz); 2118 } else { 2119 if (retries >= deferred_unmount_retry_limit) { 2120 printf("giving up on deferred unmount " 2121 "of %s after %d retries, error %d\n", 2122 mp->mnt_stat.f_mntonname, retries, error); 2123 } 2124 vfs_rel(mp); 2125 } 2126 } 2127 } 2128 } 2129 2130 /* 2131 * Do the actual filesystem unmount. 2132 */ 2133 int 2134 dounmount(struct mount *mp, uint64_t flags, struct thread *td) 2135 { 2136 struct mount_upper_node *upper; 2137 struct vnode *coveredvp, *rootvp; 2138 int error; 2139 uint64_t async_flag; 2140 int mnt_gen_r; 2141 unsigned int retries; 2142 2143 KASSERT((flags & MNT_DEFERRED) == 0 || 2144 (flags & (MNT_RECURSE | MNT_FORCE)) == (MNT_RECURSE | MNT_FORCE), 2145 ("MNT_DEFERRED requires MNT_RECURSE | MNT_FORCE")); 2146 2147 /* 2148 * If the caller has explicitly requested the unmount to be handled by 2149 * the taskqueue and we're not already in taskqueue context, queue 2150 * up the unmount request and exit. This is done prior to any 2151 * credential checks; MNT_DEFERRED should be used only for kernel- 2152 * initiated unmounts and will therefore be processed with the 2153 * (kernel) credentials of the taskqueue thread. Still, callers 2154 * should be sure this is the behavior they want. 2155 */ 2156 if ((flags & MNT_DEFERRED) != 0 && 2157 taskqueue_member(taskqueue_deferred_unmount, curthread) == 0) { 2158 if (!deferred_unmount_enqueue(mp, flags, false, 0)) 2159 vfs_rel(mp); 2160 return (EINPROGRESS); 2161 } 2162 2163 /* 2164 * Only privileged root, or (if MNT_USER is set) the user that did the 2165 * original mount is permitted to unmount this filesystem. 2166 * This check should be made prior to queueing up any recursive 2167 * unmounts of upper filesystems. Those unmounts will be executed 2168 * with kernel thread credentials and are expected to succeed, so 2169 * we must at least ensure the originating context has sufficient 2170 * privilege to unmount the base filesystem before proceeding with 2171 * the uppers. 2172 */ 2173 error = vfs_suser(mp, td); 2174 if (error != 0) { 2175 KASSERT((flags & MNT_DEFERRED) == 0, 2176 ("taskqueue unmount with insufficient privilege")); 2177 vfs_rel(mp); 2178 return (error); 2179 } 2180 2181 if (recursive_forced_unmount && ((flags & MNT_FORCE) != 0)) 2182 flags |= MNT_RECURSE; 2183 2184 if ((flags & MNT_RECURSE) != 0) { 2185 KASSERT((flags & MNT_FORCE) != 0, 2186 ("MNT_RECURSE requires MNT_FORCE")); 2187 2188 MNT_ILOCK(mp); 2189 /* 2190 * Set MNTK_RECURSE to prevent new upper mounts from being 2191 * added, and note that an operation on the uppers list is in 2192 * progress. This will ensure that unregistration from the 2193 * uppers list, and therefore any pending unmount of the upper 2194 * FS, can't complete until after we finish walking the list. 2195 */ 2196 mp->mnt_kern_flag |= MNTK_RECURSE; 2197 mp->mnt_upper_pending++; 2198 TAILQ_FOREACH(upper, &mp->mnt_uppers, mnt_upper_link) { 2199 retries = upper->mp->mnt_unmount_retries; 2200 if (retries > deferred_unmount_retry_limit) { 2201 error = EBUSY; 2202 continue; 2203 } 2204 MNT_IUNLOCK(mp); 2205 2206 vfs_ref(upper->mp); 2207 if (!deferred_unmount_enqueue(upper->mp, flags, 2208 false, 0)) 2209 vfs_rel(upper->mp); 2210 MNT_ILOCK(mp); 2211 } 2212 mp->mnt_upper_pending--; 2213 if ((mp->mnt_kern_flag & MNTK_UPPER_WAITER) != 0 && 2214 mp->mnt_upper_pending == 0) { 2215 mp->mnt_kern_flag &= ~MNTK_UPPER_WAITER; 2216 wakeup(&mp->mnt_uppers); 2217 } 2218 2219 /* 2220 * If we're not on the taskqueue, wait until the uppers list 2221 * is drained before proceeding with unmount. Otherwise, if 2222 * we are on the taskqueue and there are still pending uppers, 2223 * just re-enqueue on the end of the taskqueue. 2224 */ 2225 if ((flags & MNT_DEFERRED) == 0) { 2226 while (error == 0 && !TAILQ_EMPTY(&mp->mnt_uppers)) { 2227 mp->mnt_kern_flag |= MNTK_TASKQUEUE_WAITER; 2228 error = msleep(&mp->mnt_taskqueue_link, 2229 MNT_MTX(mp), PCATCH, "umntqw", 0); 2230 } 2231 if (error != 0) { 2232 MNT_REL(mp); 2233 MNT_IUNLOCK(mp); 2234 return (error); 2235 } 2236 } else if (!TAILQ_EMPTY(&mp->mnt_uppers)) { 2237 MNT_IUNLOCK(mp); 2238 if (error == 0) 2239 deferred_unmount_enqueue(mp, flags, true, 0); 2240 return (error); 2241 } 2242 MNT_IUNLOCK(mp); 2243 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers not empty")); 2244 } 2245 2246 /* Allow the taskqueue to safely re-enqueue on failure */ 2247 if ((flags & MNT_DEFERRED) != 0) 2248 vfs_ref(mp); 2249 2250 if ((coveredvp = mp->mnt_vnodecovered) != NULL) { 2251 mnt_gen_r = mp->mnt_gen; 2252 VI_LOCK(coveredvp); 2253 vholdl(coveredvp); 2254 vn_lock(coveredvp, LK_EXCLUSIVE | LK_INTERLOCK | LK_RETRY); 2255 /* 2256 * Check for mp being unmounted while waiting for the 2257 * covered vnode lock. 2258 */ 2259 if (coveredvp->v_mountedhere != mp || 2260 coveredvp->v_mountedhere->mnt_gen != mnt_gen_r) { 2261 VOP_UNLOCK(coveredvp); 2262 vdrop(coveredvp); 2263 vfs_rel(mp); 2264 return (EBUSY); 2265 } 2266 } 2267 2268 vfs_op_enter(mp); 2269 2270 vn_start_write(NULL, &mp, V_WAIT); 2271 MNT_ILOCK(mp); 2272 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0 || 2273 (mp->mnt_flag & MNT_UPDATE) != 0 || 2274 !TAILQ_EMPTY(&mp->mnt_uppers)) { 2275 dounmount_cleanup(mp, coveredvp, 0); 2276 return (EBUSY); 2277 } 2278 mp->mnt_kern_flag |= MNTK_UNMOUNT; 2279 rootvp = vfs_cache_root_clear(mp); 2280 if (coveredvp != NULL) 2281 vn_seqc_write_begin(coveredvp); 2282 if (flags & MNT_NONBUSY) { 2283 MNT_IUNLOCK(mp); 2284 error = vfs_check_usecounts(mp); 2285 MNT_ILOCK(mp); 2286 if (error != 0) { 2287 vn_seqc_write_end(coveredvp); 2288 dounmount_cleanup(mp, coveredvp, MNTK_UNMOUNT); 2289 if (rootvp != NULL) { 2290 vn_seqc_write_end(rootvp); 2291 vrele(rootvp); 2292 } 2293 return (error); 2294 } 2295 } 2296 /* Allow filesystems to detect that a forced unmount is in progress. */ 2297 if (flags & MNT_FORCE) { 2298 mp->mnt_kern_flag |= MNTK_UNMOUNTF; 2299 MNT_IUNLOCK(mp); 2300 /* 2301 * Must be done after setting MNTK_UNMOUNTF and before 2302 * waiting for mnt_lockref to become 0. 2303 */ 2304 VFS_PURGE(mp); 2305 MNT_ILOCK(mp); 2306 } 2307 error = 0; 2308 if (mp->mnt_lockref) { 2309 mp->mnt_kern_flag |= MNTK_DRAINING; 2310 error = msleep(&mp->mnt_lockref, MNT_MTX(mp), PVFS, 2311 "mount drain", 0); 2312 } 2313 MNT_IUNLOCK(mp); 2314 KASSERT(mp->mnt_lockref == 0, 2315 ("%s: invalid lock refcount in the drain path @ %s:%d", 2316 __func__, __FILE__, __LINE__)); 2317 KASSERT(error == 0, 2318 ("%s: invalid return value for msleep in the drain path @ %s:%d", 2319 __func__, __FILE__, __LINE__)); 2320 2321 /* 2322 * We want to keep the vnode around so that we can vn_seqc_write_end 2323 * after we are done with unmount. Downgrade our reference to a mere 2324 * hold count so that we don't interefere with anything. 2325 */ 2326 if (rootvp != NULL) { 2327 vhold(rootvp); 2328 vrele(rootvp); 2329 } 2330 2331 if (mp->mnt_flag & MNT_EXPUBLIC) 2332 vfs_setpublicfs(NULL, NULL, NULL); 2333 2334 vfs_periodic(mp, MNT_WAIT); 2335 MNT_ILOCK(mp); 2336 async_flag = mp->mnt_flag & MNT_ASYNC; 2337 mp->mnt_flag &= ~MNT_ASYNC; 2338 mp->mnt_kern_flag &= ~MNTK_ASYNC; 2339 MNT_IUNLOCK(mp); 2340 vfs_deallocate_syncvnode(mp); 2341 error = VFS_UNMOUNT(mp, flags); 2342 vn_finished_write(mp); 2343 vfs_rel(mp); 2344 /* 2345 * If we failed to flush the dirty blocks for this mount point, 2346 * undo all the cdir/rdir and rootvnode changes we made above. 2347 * Unless we failed to do so because the device is reporting that 2348 * it doesn't exist anymore. 2349 */ 2350 if (error && error != ENXIO) { 2351 MNT_ILOCK(mp); 2352 if ((mp->mnt_flag & MNT_RDONLY) == 0) { 2353 MNT_IUNLOCK(mp); 2354 vfs_allocate_syncvnode(mp); 2355 MNT_ILOCK(mp); 2356 } 2357 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF); 2358 mp->mnt_flag |= async_flag; 2359 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 2360 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 2361 mp->mnt_kern_flag |= MNTK_ASYNC; 2362 if (mp->mnt_kern_flag & MNTK_MWAIT) { 2363 mp->mnt_kern_flag &= ~MNTK_MWAIT; 2364 wakeup(mp); 2365 } 2366 vfs_op_exit_locked(mp); 2367 MNT_IUNLOCK(mp); 2368 if (coveredvp) { 2369 vn_seqc_write_end(coveredvp); 2370 VOP_UNLOCK(coveredvp); 2371 vdrop(coveredvp); 2372 } 2373 if (rootvp != NULL) { 2374 vn_seqc_write_end(rootvp); 2375 vdrop(rootvp); 2376 } 2377 return (error); 2378 } 2379 2380 mtx_lock(&mountlist_mtx); 2381 TAILQ_REMOVE(&mountlist, mp, mnt_list); 2382 mtx_unlock(&mountlist_mtx); 2383 EVENTHANDLER_DIRECT_INVOKE(vfs_unmounted, mp, td); 2384 if (coveredvp != NULL) { 2385 VI_LOCK(coveredvp); 2386 vn_irflag_unset_locked(coveredvp, VIRF_MOUNTPOINT); 2387 coveredvp->v_mountedhere = NULL; 2388 vn_seqc_write_end_locked(coveredvp); 2389 VI_UNLOCK(coveredvp); 2390 VOP_UNLOCK(coveredvp); 2391 vdrop(coveredvp); 2392 } 2393 mount_devctl_event("UNMOUNT", mp, false); 2394 if (rootvp != NULL) { 2395 vn_seqc_write_end(rootvp); 2396 vdrop(rootvp); 2397 } 2398 vfs_event_signal(NULL, VQ_UNMOUNT, 0); 2399 if (rootvnode != NULL && mp == rootvnode->v_mount) { 2400 vrele(rootvnode); 2401 rootvnode = NULL; 2402 } 2403 if (mp == rootdevmp) 2404 rootdevmp = NULL; 2405 if ((flags & MNT_DEFERRED) != 0) 2406 vfs_rel(mp); 2407 vfs_mount_destroy(mp); 2408 return (0); 2409 } 2410 2411 /* 2412 * Report errors during filesystem mounting. 2413 */ 2414 void 2415 vfs_mount_error(struct mount *mp, const char *fmt, ...) 2416 { 2417 struct vfsoptlist *moptlist = mp->mnt_optnew; 2418 va_list ap; 2419 int error, len; 2420 char *errmsg; 2421 2422 error = vfs_getopt(moptlist, "errmsg", (void **)&errmsg, &len); 2423 if (error || errmsg == NULL || len <= 0) 2424 return; 2425 2426 va_start(ap, fmt); 2427 vsnprintf(errmsg, (size_t)len, fmt, ap); 2428 va_end(ap); 2429 } 2430 2431 void 2432 vfs_opterror(struct vfsoptlist *opts, const char *fmt, ...) 2433 { 2434 va_list ap; 2435 int error, len; 2436 char *errmsg; 2437 2438 error = vfs_getopt(opts, "errmsg", (void **)&errmsg, &len); 2439 if (error || errmsg == NULL || len <= 0) 2440 return; 2441 2442 va_start(ap, fmt); 2443 vsnprintf(errmsg, (size_t)len, fmt, ap); 2444 va_end(ap); 2445 } 2446 2447 /* 2448 * --------------------------------------------------------------------- 2449 * Functions for querying mount options/arguments from filesystems. 2450 */ 2451 2452 /* 2453 * Check that no unknown options are given 2454 */ 2455 int 2456 vfs_filteropt(struct vfsoptlist *opts, const char **legal) 2457 { 2458 struct vfsopt *opt; 2459 char errmsg[255]; 2460 const char **t, *p, *q; 2461 int ret = 0; 2462 2463 TAILQ_FOREACH(opt, opts, link) { 2464 p = opt->name; 2465 q = NULL; 2466 if (p[0] == 'n' && p[1] == 'o') 2467 q = p + 2; 2468 for(t = global_opts; *t != NULL; t++) { 2469 if (strcmp(*t, p) == 0) 2470 break; 2471 if (q != NULL) { 2472 if (strcmp(*t, q) == 0) 2473 break; 2474 } 2475 } 2476 if (*t != NULL) 2477 continue; 2478 for(t = legal; *t != NULL; t++) { 2479 if (strcmp(*t, p) == 0) 2480 break; 2481 if (q != NULL) { 2482 if (strcmp(*t, q) == 0) 2483 break; 2484 } 2485 } 2486 if (*t != NULL) 2487 continue; 2488 snprintf(errmsg, sizeof(errmsg), 2489 "mount option <%s> is unknown", p); 2490 ret = EINVAL; 2491 } 2492 if (ret != 0) { 2493 TAILQ_FOREACH(opt, opts, link) { 2494 if (strcmp(opt->name, "errmsg") == 0) { 2495 strncpy((char *)opt->value, errmsg, opt->len); 2496 break; 2497 } 2498 } 2499 if (opt == NULL) 2500 printf("%s\n", errmsg); 2501 } 2502 return (ret); 2503 } 2504 2505 /* 2506 * Get a mount option by its name. 2507 * 2508 * Return 0 if the option was found, ENOENT otherwise. 2509 * If len is non-NULL it will be filled with the length 2510 * of the option. If buf is non-NULL, it will be filled 2511 * with the address of the option. 2512 */ 2513 int 2514 vfs_getopt(struct vfsoptlist *opts, const char *name, void **buf, int *len) 2515 { 2516 struct vfsopt *opt; 2517 2518 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL")); 2519 2520 TAILQ_FOREACH(opt, opts, link) { 2521 if (strcmp(name, opt->name) == 0) { 2522 opt->seen = 1; 2523 if (len != NULL) 2524 *len = opt->len; 2525 if (buf != NULL) 2526 *buf = opt->value; 2527 return (0); 2528 } 2529 } 2530 return (ENOENT); 2531 } 2532 2533 int 2534 vfs_getopt_pos(struct vfsoptlist *opts, const char *name) 2535 { 2536 struct vfsopt *opt; 2537 2538 if (opts == NULL) 2539 return (-1); 2540 2541 TAILQ_FOREACH(opt, opts, link) { 2542 if (strcmp(name, opt->name) == 0) { 2543 opt->seen = 1; 2544 return (opt->pos); 2545 } 2546 } 2547 return (-1); 2548 } 2549 2550 int 2551 vfs_getopt_size(struct vfsoptlist *opts, const char *name, off_t *value) 2552 { 2553 char *opt_value, *vtp; 2554 quad_t iv; 2555 int error, opt_len; 2556 2557 error = vfs_getopt(opts, name, (void **)&opt_value, &opt_len); 2558 if (error != 0) 2559 return (error); 2560 if (opt_len == 0 || opt_value == NULL) 2561 return (EINVAL); 2562 if (opt_value[0] == '\0' || opt_value[opt_len - 1] != '\0') 2563 return (EINVAL); 2564 iv = strtoq(opt_value, &vtp, 0); 2565 if (vtp == opt_value || (vtp[0] != '\0' && vtp[1] != '\0')) 2566 return (EINVAL); 2567 if (iv < 0) 2568 return (EINVAL); 2569 switch (vtp[0]) { 2570 case 't': case 'T': 2571 iv *= 1024; 2572 /* FALLTHROUGH */ 2573 case 'g': case 'G': 2574 iv *= 1024; 2575 /* FALLTHROUGH */ 2576 case 'm': case 'M': 2577 iv *= 1024; 2578 /* FALLTHROUGH */ 2579 case 'k': case 'K': 2580 iv *= 1024; 2581 case '\0': 2582 break; 2583 default: 2584 return (EINVAL); 2585 } 2586 *value = iv; 2587 2588 return (0); 2589 } 2590 2591 char * 2592 vfs_getopts(struct vfsoptlist *opts, const char *name, int *error) 2593 { 2594 struct vfsopt *opt; 2595 2596 *error = 0; 2597 TAILQ_FOREACH(opt, opts, link) { 2598 if (strcmp(name, opt->name) != 0) 2599 continue; 2600 opt->seen = 1; 2601 if (opt->len == 0 || 2602 ((char *)opt->value)[opt->len - 1] != '\0') { 2603 *error = EINVAL; 2604 return (NULL); 2605 } 2606 return (opt->value); 2607 } 2608 *error = ENOENT; 2609 return (NULL); 2610 } 2611 2612 int 2613 vfs_flagopt(struct vfsoptlist *opts, const char *name, uint64_t *w, 2614 uint64_t val) 2615 { 2616 struct vfsopt *opt; 2617 2618 TAILQ_FOREACH(opt, opts, link) { 2619 if (strcmp(name, opt->name) == 0) { 2620 opt->seen = 1; 2621 if (w != NULL) 2622 *w |= val; 2623 return (1); 2624 } 2625 } 2626 if (w != NULL) 2627 *w &= ~val; 2628 return (0); 2629 } 2630 2631 int 2632 vfs_scanopt(struct vfsoptlist *opts, const char *name, const char *fmt, ...) 2633 { 2634 va_list ap; 2635 struct vfsopt *opt; 2636 int ret; 2637 2638 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL")); 2639 2640 TAILQ_FOREACH(opt, opts, link) { 2641 if (strcmp(name, opt->name) != 0) 2642 continue; 2643 opt->seen = 1; 2644 if (opt->len == 0 || opt->value == NULL) 2645 return (0); 2646 if (((char *)opt->value)[opt->len - 1] != '\0') 2647 return (0); 2648 va_start(ap, fmt); 2649 ret = vsscanf(opt->value, fmt, ap); 2650 va_end(ap); 2651 return (ret); 2652 } 2653 return (0); 2654 } 2655 2656 int 2657 vfs_setopt(struct vfsoptlist *opts, const char *name, void *value, int len) 2658 { 2659 struct vfsopt *opt; 2660 2661 TAILQ_FOREACH(opt, opts, link) { 2662 if (strcmp(name, opt->name) != 0) 2663 continue; 2664 opt->seen = 1; 2665 if (opt->value == NULL) 2666 opt->len = len; 2667 else { 2668 if (opt->len != len) 2669 return (EINVAL); 2670 bcopy(value, opt->value, len); 2671 } 2672 return (0); 2673 } 2674 return (ENOENT); 2675 } 2676 2677 int 2678 vfs_setopt_part(struct vfsoptlist *opts, const char *name, void *value, int len) 2679 { 2680 struct vfsopt *opt; 2681 2682 TAILQ_FOREACH(opt, opts, link) { 2683 if (strcmp(name, opt->name) != 0) 2684 continue; 2685 opt->seen = 1; 2686 if (opt->value == NULL) 2687 opt->len = len; 2688 else { 2689 if (opt->len < len) 2690 return (EINVAL); 2691 opt->len = len; 2692 bcopy(value, opt->value, len); 2693 } 2694 return (0); 2695 } 2696 return (ENOENT); 2697 } 2698 2699 int 2700 vfs_setopts(struct vfsoptlist *opts, const char *name, const char *value) 2701 { 2702 struct vfsopt *opt; 2703 2704 TAILQ_FOREACH(opt, opts, link) { 2705 if (strcmp(name, opt->name) != 0) 2706 continue; 2707 opt->seen = 1; 2708 if (opt->value == NULL) 2709 opt->len = strlen(value) + 1; 2710 else if (strlcpy(opt->value, value, opt->len) >= opt->len) 2711 return (EINVAL); 2712 return (0); 2713 } 2714 return (ENOENT); 2715 } 2716 2717 /* 2718 * Find and copy a mount option. 2719 * 2720 * The size of the buffer has to be specified 2721 * in len, if it is not the same length as the 2722 * mount option, EINVAL is returned. 2723 * Returns ENOENT if the option is not found. 2724 */ 2725 int 2726 vfs_copyopt(struct vfsoptlist *opts, const char *name, void *dest, int len) 2727 { 2728 struct vfsopt *opt; 2729 2730 KASSERT(opts != NULL, ("vfs_copyopt: caller passed 'opts' as NULL")); 2731 2732 TAILQ_FOREACH(opt, opts, link) { 2733 if (strcmp(name, opt->name) == 0) { 2734 opt->seen = 1; 2735 if (len != opt->len) 2736 return (EINVAL); 2737 bcopy(opt->value, dest, opt->len); 2738 return (0); 2739 } 2740 } 2741 return (ENOENT); 2742 } 2743 2744 int 2745 __vfs_statfs(struct mount *mp, struct statfs *sbp) 2746 { 2747 /* 2748 * Filesystems only fill in part of the structure for updates, we 2749 * have to read the entirety first to get all content. 2750 */ 2751 if (sbp != &mp->mnt_stat) 2752 memcpy(sbp, &mp->mnt_stat, sizeof(*sbp)); 2753 2754 /* 2755 * Set these in case the underlying filesystem fails to do so. 2756 */ 2757 sbp->f_version = STATFS_VERSION; 2758 sbp->f_namemax = NAME_MAX; 2759 sbp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; 2760 sbp->f_nvnodelistsize = mp->mnt_nvnodelistsize; 2761 2762 return (mp->mnt_op->vfs_statfs(mp, sbp)); 2763 } 2764 2765 void 2766 vfs_mountedfrom(struct mount *mp, const char *from) 2767 { 2768 2769 bzero(mp->mnt_stat.f_mntfromname, sizeof mp->mnt_stat.f_mntfromname); 2770 strlcpy(mp->mnt_stat.f_mntfromname, from, 2771 sizeof mp->mnt_stat.f_mntfromname); 2772 } 2773 2774 /* 2775 * --------------------------------------------------------------------- 2776 * This is the api for building mount args and mounting filesystems from 2777 * inside the kernel. 2778 * 2779 * The API works by accumulation of individual args. First error is 2780 * latched. 2781 * 2782 * XXX: should be documented in new manpage kernel_mount(9) 2783 */ 2784 2785 /* A memory allocation which must be freed when we are done */ 2786 struct mntaarg { 2787 SLIST_ENTRY(mntaarg) next; 2788 }; 2789 2790 /* The header for the mount arguments */ 2791 struct mntarg { 2792 struct iovec *v; 2793 int len; 2794 int error; 2795 SLIST_HEAD(, mntaarg) list; 2796 }; 2797 2798 /* 2799 * Add a boolean argument. 2800 * 2801 * flag is the boolean value. 2802 * name must start with "no". 2803 */ 2804 struct mntarg * 2805 mount_argb(struct mntarg *ma, int flag, const char *name) 2806 { 2807 2808 KASSERT(name[0] == 'n' && name[1] == 'o', 2809 ("mount_argb(...,%s): name must start with 'no'", name)); 2810 2811 return (mount_arg(ma, name + (flag ? 2 : 0), NULL, 0)); 2812 } 2813 2814 /* 2815 * Add an argument printf style 2816 */ 2817 struct mntarg * 2818 mount_argf(struct mntarg *ma, const char *name, const char *fmt, ...) 2819 { 2820 va_list ap; 2821 struct mntaarg *maa; 2822 struct sbuf *sb; 2823 int len; 2824 2825 if (ma == NULL) { 2826 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2827 SLIST_INIT(&ma->list); 2828 } 2829 if (ma->error) 2830 return (ma); 2831 2832 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2), 2833 M_MOUNT, M_WAITOK); 2834 ma->v[ma->len].iov_base = (void *)(uintptr_t)name; 2835 ma->v[ma->len].iov_len = strlen(name) + 1; 2836 ma->len++; 2837 2838 sb = sbuf_new_auto(); 2839 va_start(ap, fmt); 2840 sbuf_vprintf(sb, fmt, ap); 2841 va_end(ap); 2842 sbuf_finish(sb); 2843 len = sbuf_len(sb) + 1; 2844 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO); 2845 SLIST_INSERT_HEAD(&ma->list, maa, next); 2846 bcopy(sbuf_data(sb), maa + 1, len); 2847 sbuf_delete(sb); 2848 2849 ma->v[ma->len].iov_base = maa + 1; 2850 ma->v[ma->len].iov_len = len; 2851 ma->len++; 2852 2853 return (ma); 2854 } 2855 2856 /* 2857 * Add an argument which is a userland string. 2858 */ 2859 struct mntarg * 2860 mount_argsu(struct mntarg *ma, const char *name, const void *val, int len) 2861 { 2862 struct mntaarg *maa; 2863 char *tbuf; 2864 2865 if (val == NULL) 2866 return (ma); 2867 if (ma == NULL) { 2868 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2869 SLIST_INIT(&ma->list); 2870 } 2871 if (ma->error) 2872 return (ma); 2873 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO); 2874 SLIST_INSERT_HEAD(&ma->list, maa, next); 2875 tbuf = (void *)(maa + 1); 2876 ma->error = copyinstr(val, tbuf, len, NULL); 2877 return (mount_arg(ma, name, tbuf, -1)); 2878 } 2879 2880 /* 2881 * Plain argument. 2882 * 2883 * If length is -1, treat value as a C string. 2884 */ 2885 struct mntarg * 2886 mount_arg(struct mntarg *ma, const char *name, const void *val, int len) 2887 { 2888 2889 if (ma == NULL) { 2890 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2891 SLIST_INIT(&ma->list); 2892 } 2893 if (ma->error) 2894 return (ma); 2895 2896 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2), 2897 M_MOUNT, M_WAITOK); 2898 ma->v[ma->len].iov_base = (void *)(uintptr_t)name; 2899 ma->v[ma->len].iov_len = strlen(name) + 1; 2900 ma->len++; 2901 2902 ma->v[ma->len].iov_base = (void *)(uintptr_t)val; 2903 if (len < 0) 2904 ma->v[ma->len].iov_len = strlen(val) + 1; 2905 else 2906 ma->v[ma->len].iov_len = len; 2907 ma->len++; 2908 return (ma); 2909 } 2910 2911 /* 2912 * Free a mntarg structure 2913 */ 2914 static void 2915 free_mntarg(struct mntarg *ma) 2916 { 2917 struct mntaarg *maa; 2918 2919 while (!SLIST_EMPTY(&ma->list)) { 2920 maa = SLIST_FIRST(&ma->list); 2921 SLIST_REMOVE_HEAD(&ma->list, next); 2922 free(maa, M_MOUNT); 2923 } 2924 free(ma->v, M_MOUNT); 2925 free(ma, M_MOUNT); 2926 } 2927 2928 /* 2929 * Mount a filesystem 2930 */ 2931 int 2932 kernel_mount(struct mntarg *ma, uint64_t flags) 2933 { 2934 struct uio auio; 2935 int error; 2936 2937 KASSERT(ma != NULL, ("kernel_mount NULL ma")); 2938 KASSERT(ma->error != 0 || ma->v != NULL, ("kernel_mount NULL ma->v")); 2939 KASSERT(!(ma->len & 1), ("kernel_mount odd ma->len (%d)", ma->len)); 2940 2941 error = ma->error; 2942 if (error == 0) { 2943 auio.uio_iov = ma->v; 2944 auio.uio_iovcnt = ma->len; 2945 auio.uio_segflg = UIO_SYSSPACE; 2946 error = vfs_donmount(curthread, flags, &auio); 2947 } 2948 free_mntarg(ma); 2949 return (error); 2950 } 2951 2952 /* Map from mount options to printable formats. */ 2953 static struct mntoptnames optnames[] = { 2954 MNTOPT_NAMES 2955 }; 2956 2957 #define DEVCTL_LEN 1024 2958 static void 2959 mount_devctl_event(const char *type, struct mount *mp, bool donew) 2960 { 2961 const uint8_t *cp; 2962 struct mntoptnames *fp; 2963 struct sbuf sb; 2964 struct statfs *sfp = &mp->mnt_stat; 2965 char *buf; 2966 2967 buf = malloc(DEVCTL_LEN, M_MOUNT, M_NOWAIT); 2968 if (buf == NULL) 2969 return; 2970 sbuf_new(&sb, buf, DEVCTL_LEN, SBUF_FIXEDLEN); 2971 sbuf_cpy(&sb, "mount-point=\""); 2972 devctl_safe_quote_sb(&sb, sfp->f_mntonname); 2973 sbuf_cat(&sb, "\" mount-dev=\""); 2974 devctl_safe_quote_sb(&sb, sfp->f_mntfromname); 2975 sbuf_cat(&sb, "\" mount-type=\""); 2976 devctl_safe_quote_sb(&sb, sfp->f_fstypename); 2977 sbuf_cat(&sb, "\" fsid=0x"); 2978 cp = (const uint8_t *)&sfp->f_fsid.val[0]; 2979 for (int i = 0; i < sizeof(sfp->f_fsid); i++) 2980 sbuf_printf(&sb, "%02x", cp[i]); 2981 sbuf_printf(&sb, " owner=%u flags=\"", sfp->f_owner); 2982 for (fp = optnames; fp->o_opt != 0; fp++) { 2983 if ((mp->mnt_flag & fp->o_opt) != 0) { 2984 sbuf_cat(&sb, fp->o_name); 2985 sbuf_putc(&sb, ';'); 2986 } 2987 } 2988 sbuf_putc(&sb, '"'); 2989 sbuf_finish(&sb); 2990 2991 /* 2992 * Options are not published because the form of the options depends on 2993 * the file system and may include binary data. In addition, they don't 2994 * necessarily provide enough useful information to be actionable when 2995 * devd processes them. 2996 */ 2997 2998 if (sbuf_error(&sb) == 0) 2999 devctl_notify("VFS", "FS", type, sbuf_data(&sb)); 3000 sbuf_delete(&sb); 3001 free(buf, M_MOUNT); 3002 } 3003 3004 /* 3005 * Force remount specified mount point to read-only. The argument 3006 * must be busied to avoid parallel unmount attempts. 3007 * 3008 * Intended use is to prevent further writes if some metadata 3009 * inconsistency is detected. Note that the function still flushes 3010 * all cached metadata and data for the mount point, which might be 3011 * not always suitable. 3012 */ 3013 int 3014 vfs_remount_ro(struct mount *mp) 3015 { 3016 struct vfsoptlist *opts; 3017 struct vfsopt *opt; 3018 struct vnode *vp_covered, *rootvp; 3019 int error; 3020 3021 vfs_op_enter(mp); 3022 KASSERT(mp->mnt_lockref > 0, 3023 ("vfs_remount_ro: mp %p is not busied", mp)); 3024 KASSERT((mp->mnt_kern_flag & MNTK_UNMOUNT) == 0, 3025 ("vfs_remount_ro: mp %p is being unmounted (and busy?)", mp)); 3026 3027 rootvp = NULL; 3028 vp_covered = mp->mnt_vnodecovered; 3029 error = vget(vp_covered, LK_EXCLUSIVE | LK_NOWAIT); 3030 if (error != 0) { 3031 vfs_op_exit(mp); 3032 return (error); 3033 } 3034 VI_LOCK(vp_covered); 3035 if ((vp_covered->v_iflag & VI_MOUNT) != 0) { 3036 VI_UNLOCK(vp_covered); 3037 vput(vp_covered); 3038 vfs_op_exit(mp); 3039 return (EBUSY); 3040 } 3041 vp_covered->v_iflag |= VI_MOUNT; 3042 VI_UNLOCK(vp_covered); 3043 vn_seqc_write_begin(vp_covered); 3044 3045 MNT_ILOCK(mp); 3046 if ((mp->mnt_flag & MNT_RDONLY) != 0) { 3047 MNT_IUNLOCK(mp); 3048 error = EBUSY; 3049 goto out; 3050 } 3051 mp->mnt_flag |= MNT_UPDATE | MNT_FORCE | MNT_RDONLY; 3052 rootvp = vfs_cache_root_clear(mp); 3053 MNT_IUNLOCK(mp); 3054 3055 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK | M_ZERO); 3056 TAILQ_INIT(opts); 3057 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK | M_ZERO); 3058 opt->name = strdup("ro", M_MOUNT); 3059 opt->value = NULL; 3060 TAILQ_INSERT_TAIL(opts, opt, link); 3061 vfs_mergeopts(opts, mp->mnt_opt); 3062 mp->mnt_optnew = opts; 3063 3064 error = VFS_MOUNT(mp); 3065 3066 if (error == 0) { 3067 MNT_ILOCK(mp); 3068 mp->mnt_flag &= ~(MNT_UPDATE | MNT_FORCE); 3069 MNT_IUNLOCK(mp); 3070 vfs_deallocate_syncvnode(mp); 3071 if (mp->mnt_opt != NULL) 3072 vfs_freeopts(mp->mnt_opt); 3073 mp->mnt_opt = mp->mnt_optnew; 3074 } else { 3075 MNT_ILOCK(mp); 3076 mp->mnt_flag &= ~(MNT_UPDATE | MNT_FORCE | MNT_RDONLY); 3077 MNT_IUNLOCK(mp); 3078 vfs_freeopts(mp->mnt_optnew); 3079 } 3080 mp->mnt_optnew = NULL; 3081 3082 out: 3083 vfs_op_exit(mp); 3084 VI_LOCK(vp_covered); 3085 vp_covered->v_iflag &= ~VI_MOUNT; 3086 VI_UNLOCK(vp_covered); 3087 vput(vp_covered); 3088 vn_seqc_write_end(vp_covered); 3089 if (rootvp != NULL) { 3090 vn_seqc_write_end(rootvp); 3091 vrele(rootvp); 3092 } 3093 return (error); 3094 } 3095 3096 /* 3097 * Suspend write operations on all local writeable filesystems. Does 3098 * full sync of them in the process. 3099 * 3100 * Iterate over the mount points in reverse order, suspending most 3101 * recently mounted filesystems first. It handles a case where a 3102 * filesystem mounted from a md(4) vnode-backed device should be 3103 * suspended before the filesystem that owns the vnode. 3104 */ 3105 void 3106 suspend_all_fs(void) 3107 { 3108 struct mount *mp; 3109 int error; 3110 3111 mtx_lock(&mountlist_mtx); 3112 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 3113 error = vfs_busy(mp, MBF_MNTLSTLOCK | MBF_NOWAIT); 3114 if (error != 0) 3115 continue; 3116 if ((mp->mnt_flag & (MNT_RDONLY | MNT_LOCAL)) != MNT_LOCAL || 3117 (mp->mnt_kern_flag & MNTK_SUSPEND) != 0) { 3118 mtx_lock(&mountlist_mtx); 3119 vfs_unbusy(mp); 3120 continue; 3121 } 3122 error = vfs_write_suspend(mp, 0); 3123 if (error == 0) { 3124 MNT_ILOCK(mp); 3125 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0); 3126 mp->mnt_kern_flag |= MNTK_SUSPEND_ALL; 3127 MNT_IUNLOCK(mp); 3128 mtx_lock(&mountlist_mtx); 3129 } else { 3130 printf("suspend of %s failed, error %d\n", 3131 mp->mnt_stat.f_mntonname, error); 3132 mtx_lock(&mountlist_mtx); 3133 vfs_unbusy(mp); 3134 } 3135 } 3136 mtx_unlock(&mountlist_mtx); 3137 } 3138 3139 /* 3140 * Clone the mnt_exjail field to a new mount point. 3141 */ 3142 void 3143 vfs_exjail_clone(struct mount *inmp, struct mount *outmp) 3144 { 3145 struct ucred *cr; 3146 struct prison *pr; 3147 3148 MNT_ILOCK(inmp); 3149 cr = inmp->mnt_exjail; 3150 if (cr != NULL) { 3151 crhold(cr); 3152 MNT_IUNLOCK(inmp); 3153 pr = cr->cr_prison; 3154 sx_slock(&allprison_lock); 3155 if (!prison_isalive(pr)) { 3156 sx_sunlock(&allprison_lock); 3157 crfree(cr); 3158 return; 3159 } 3160 MNT_ILOCK(outmp); 3161 if (outmp->mnt_exjail == NULL) { 3162 outmp->mnt_exjail = cr; 3163 atomic_add_int(&pr->pr_exportcnt, 1); 3164 cr = NULL; 3165 } 3166 MNT_IUNLOCK(outmp); 3167 sx_sunlock(&allprison_lock); 3168 if (cr != NULL) 3169 crfree(cr); 3170 } else 3171 MNT_IUNLOCK(inmp); 3172 } 3173 3174 void 3175 resume_all_fs(void) 3176 { 3177 struct mount *mp; 3178 3179 mtx_lock(&mountlist_mtx); 3180 TAILQ_FOREACH(mp, &mountlist, mnt_list) { 3181 if ((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0) 3182 continue; 3183 mtx_unlock(&mountlist_mtx); 3184 MNT_ILOCK(mp); 3185 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND) != 0); 3186 mp->mnt_kern_flag &= ~MNTK_SUSPEND_ALL; 3187 MNT_IUNLOCK(mp); 3188 vfs_write_resume(mp, 0); 3189 mtx_lock(&mountlist_mtx); 3190 vfs_unbusy(mp); 3191 } 3192 mtx_unlock(&mountlist_mtx); 3193 } 3194