1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1999-2004 Poul-Henning Kamp 5 * Copyright (c) 1999 Michael Smith 6 * Copyright (c) 1989, 1993 7 * The Regents of the University of California. All rights reserved. 8 * (c) UNIX System Laboratories, Inc. 9 * All or some portions of this file are derived from material licensed 10 * to the University of California by American Telephone and Telegraph 11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 12 * the permission of UNIX System Laboratories, Inc. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 */ 38 39 #include <sys/cdefs.h> 40 __FBSDID("$FreeBSD$"); 41 42 #include <sys/param.h> 43 #include <sys/conf.h> 44 #include <sys/smp.h> 45 #include <sys/devctl.h> 46 #include <sys/eventhandler.h> 47 #include <sys/fcntl.h> 48 #include <sys/jail.h> 49 #include <sys/kernel.h> 50 #include <sys/ktr.h> 51 #include <sys/libkern.h> 52 #include <sys/malloc.h> 53 #include <sys/mount.h> 54 #include <sys/mutex.h> 55 #include <sys/namei.h> 56 #include <sys/priv.h> 57 #include <sys/proc.h> 58 #include <sys/filedesc.h> 59 #include <sys/reboot.h> 60 #include <sys/sbuf.h> 61 #include <sys/syscallsubr.h> 62 #include <sys/sysproto.h> 63 #include <sys/sx.h> 64 #include <sys/sysctl.h> 65 #include <sys/sysent.h> 66 #include <sys/systm.h> 67 #include <sys/vnode.h> 68 #include <vm/uma.h> 69 70 #include <geom/geom.h> 71 72 #include <machine/stdarg.h> 73 74 #include <security/audit/audit.h> 75 #include <security/mac/mac_framework.h> 76 77 #define VFS_MOUNTARG_SIZE_MAX (1024 * 64) 78 79 static int vfs_domount(struct thread *td, const char *fstype, char *fspath, 80 uint64_t fsflags, struct vfsoptlist **optlist); 81 static void free_mntarg(struct mntarg *ma); 82 83 static int usermount = 0; 84 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0, 85 "Unprivileged users may mount and unmount file systems"); 86 87 static bool default_autoro = false; 88 SYSCTL_BOOL(_vfs, OID_AUTO, default_autoro, CTLFLAG_RW, &default_autoro, 0, 89 "Retry failed r/w mount as r/o if no explicit ro/rw option is specified"); 90 91 MALLOC_DEFINE(M_MOUNT, "mount", "vfs mount structure"); 92 MALLOC_DEFINE(M_STATFS, "statfs", "statfs structure"); 93 static uma_zone_t mount_zone; 94 95 /* List of mounted filesystems. */ 96 struct mntlist mountlist = TAILQ_HEAD_INITIALIZER(mountlist); 97 98 /* For any iteration/modification of mountlist */ 99 struct mtx_padalign __exclusive_cache_line mountlist_mtx; 100 MTX_SYSINIT(mountlist, &mountlist_mtx, "mountlist", MTX_DEF); 101 102 EVENTHANDLER_LIST_DEFINE(vfs_mounted); 103 EVENTHANDLER_LIST_DEFINE(vfs_unmounted); 104 105 static void mount_devctl_event(const char *type, struct mount *mp, bool donew); 106 107 /* 108 * Global opts, taken by all filesystems 109 */ 110 static const char *global_opts[] = { 111 "errmsg", 112 "fstype", 113 "fspath", 114 "ro", 115 "rw", 116 "nosuid", 117 "noexec", 118 NULL 119 }; 120 121 static int 122 mount_init(void *mem, int size, int flags) 123 { 124 struct mount *mp; 125 126 mp = (struct mount *)mem; 127 mtx_init(&mp->mnt_mtx, "struct mount mtx", NULL, MTX_DEF); 128 mtx_init(&mp->mnt_listmtx, "struct mount vlist mtx", NULL, MTX_DEF); 129 lockinit(&mp->mnt_explock, PVFS, "explock", 0, 0); 130 mp->mnt_pcpu = uma_zalloc_pcpu(pcpu_zone_16, M_WAITOK | M_ZERO); 131 mp->mnt_ref = 0; 132 mp->mnt_vfs_ops = 1; 133 mp->mnt_rootvnode = NULL; 134 return (0); 135 } 136 137 static void 138 mount_fini(void *mem, int size) 139 { 140 struct mount *mp; 141 142 mp = (struct mount *)mem; 143 uma_zfree_pcpu(pcpu_zone_16, mp->mnt_pcpu); 144 lockdestroy(&mp->mnt_explock); 145 mtx_destroy(&mp->mnt_listmtx); 146 mtx_destroy(&mp->mnt_mtx); 147 } 148 149 static void 150 vfs_mount_init(void *dummy __unused) 151 { 152 153 mount_zone = uma_zcreate("Mountpoints", sizeof(struct mount), NULL, 154 NULL, mount_init, mount_fini, UMA_ALIGN_CACHE, UMA_ZONE_NOFREE); 155 } 156 SYSINIT(vfs_mount, SI_SUB_VFS, SI_ORDER_ANY, vfs_mount_init, NULL); 157 158 /* 159 * --------------------------------------------------------------------- 160 * Functions for building and sanitizing the mount options 161 */ 162 163 /* Remove one mount option. */ 164 static void 165 vfs_freeopt(struct vfsoptlist *opts, struct vfsopt *opt) 166 { 167 168 TAILQ_REMOVE(opts, opt, link); 169 free(opt->name, M_MOUNT); 170 if (opt->value != NULL) 171 free(opt->value, M_MOUNT); 172 free(opt, M_MOUNT); 173 } 174 175 /* Release all resources related to the mount options. */ 176 void 177 vfs_freeopts(struct vfsoptlist *opts) 178 { 179 struct vfsopt *opt; 180 181 while (!TAILQ_EMPTY(opts)) { 182 opt = TAILQ_FIRST(opts); 183 vfs_freeopt(opts, opt); 184 } 185 free(opts, M_MOUNT); 186 } 187 188 void 189 vfs_deleteopt(struct vfsoptlist *opts, const char *name) 190 { 191 struct vfsopt *opt, *temp; 192 193 if (opts == NULL) 194 return; 195 TAILQ_FOREACH_SAFE(opt, opts, link, temp) { 196 if (strcmp(opt->name, name) == 0) 197 vfs_freeopt(opts, opt); 198 } 199 } 200 201 static int 202 vfs_isopt_ro(const char *opt) 203 { 204 205 if (strcmp(opt, "ro") == 0 || strcmp(opt, "rdonly") == 0 || 206 strcmp(opt, "norw") == 0) 207 return (1); 208 return (0); 209 } 210 211 static int 212 vfs_isopt_rw(const char *opt) 213 { 214 215 if (strcmp(opt, "rw") == 0 || strcmp(opt, "noro") == 0) 216 return (1); 217 return (0); 218 } 219 220 /* 221 * Check if options are equal (with or without the "no" prefix). 222 */ 223 static int 224 vfs_equalopts(const char *opt1, const char *opt2) 225 { 226 char *p; 227 228 /* "opt" vs. "opt" or "noopt" vs. "noopt" */ 229 if (strcmp(opt1, opt2) == 0) 230 return (1); 231 /* "noopt" vs. "opt" */ 232 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0) 233 return (1); 234 /* "opt" vs. "noopt" */ 235 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0) 236 return (1); 237 while ((p = strchr(opt1, '.')) != NULL && 238 !strncmp(opt1, opt2, ++p - opt1)) { 239 opt2 += p - opt1; 240 opt1 = p; 241 /* "foo.noopt" vs. "foo.opt" */ 242 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0) 243 return (1); 244 /* "foo.opt" vs. "foo.noopt" */ 245 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0) 246 return (1); 247 } 248 /* "ro" / "rdonly" / "norw" / "rw" / "noro" */ 249 if ((vfs_isopt_ro(opt1) || vfs_isopt_rw(opt1)) && 250 (vfs_isopt_ro(opt2) || vfs_isopt_rw(opt2))) 251 return (1); 252 return (0); 253 } 254 255 /* 256 * If a mount option is specified several times, 257 * (with or without the "no" prefix) only keep 258 * the last occurrence of it. 259 */ 260 static void 261 vfs_sanitizeopts(struct vfsoptlist *opts) 262 { 263 struct vfsopt *opt, *opt2, *tmp; 264 265 TAILQ_FOREACH_REVERSE(opt, opts, vfsoptlist, link) { 266 opt2 = TAILQ_PREV(opt, vfsoptlist, link); 267 while (opt2 != NULL) { 268 if (vfs_equalopts(opt->name, opt2->name)) { 269 tmp = TAILQ_PREV(opt2, vfsoptlist, link); 270 vfs_freeopt(opts, opt2); 271 opt2 = tmp; 272 } else { 273 opt2 = TAILQ_PREV(opt2, vfsoptlist, link); 274 } 275 } 276 } 277 } 278 279 /* 280 * Build a linked list of mount options from a struct uio. 281 */ 282 int 283 vfs_buildopts(struct uio *auio, struct vfsoptlist **options) 284 { 285 struct vfsoptlist *opts; 286 struct vfsopt *opt; 287 size_t memused, namelen, optlen; 288 unsigned int i, iovcnt; 289 int error; 290 291 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK); 292 TAILQ_INIT(opts); 293 memused = 0; 294 iovcnt = auio->uio_iovcnt; 295 for (i = 0; i < iovcnt; i += 2) { 296 namelen = auio->uio_iov[i].iov_len; 297 optlen = auio->uio_iov[i + 1].iov_len; 298 memused += sizeof(struct vfsopt) + optlen + namelen; 299 /* 300 * Avoid consuming too much memory, and attempts to overflow 301 * memused. 302 */ 303 if (memused > VFS_MOUNTARG_SIZE_MAX || 304 optlen > VFS_MOUNTARG_SIZE_MAX || 305 namelen > VFS_MOUNTARG_SIZE_MAX) { 306 error = EINVAL; 307 goto bad; 308 } 309 310 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK); 311 opt->name = malloc(namelen, M_MOUNT, M_WAITOK); 312 opt->value = NULL; 313 opt->len = 0; 314 opt->pos = i / 2; 315 opt->seen = 0; 316 317 /* 318 * Do this early, so jumps to "bad" will free the current 319 * option. 320 */ 321 TAILQ_INSERT_TAIL(opts, opt, link); 322 323 if (auio->uio_segflg == UIO_SYSSPACE) { 324 bcopy(auio->uio_iov[i].iov_base, opt->name, namelen); 325 } else { 326 error = copyin(auio->uio_iov[i].iov_base, opt->name, 327 namelen); 328 if (error) 329 goto bad; 330 } 331 /* Ensure names are null-terminated strings. */ 332 if (namelen == 0 || opt->name[namelen - 1] != '\0') { 333 error = EINVAL; 334 goto bad; 335 } 336 if (optlen != 0) { 337 opt->len = optlen; 338 opt->value = malloc(optlen, M_MOUNT, M_WAITOK); 339 if (auio->uio_segflg == UIO_SYSSPACE) { 340 bcopy(auio->uio_iov[i + 1].iov_base, opt->value, 341 optlen); 342 } else { 343 error = copyin(auio->uio_iov[i + 1].iov_base, 344 opt->value, optlen); 345 if (error) 346 goto bad; 347 } 348 } 349 } 350 vfs_sanitizeopts(opts); 351 *options = opts; 352 return (0); 353 bad: 354 vfs_freeopts(opts); 355 return (error); 356 } 357 358 /* 359 * Merge the old mount options with the new ones passed 360 * in the MNT_UPDATE case. 361 * 362 * XXX: This function will keep a "nofoo" option in the new 363 * options. E.g, if the option's canonical name is "foo", 364 * "nofoo" ends up in the mount point's active options. 365 */ 366 static void 367 vfs_mergeopts(struct vfsoptlist *toopts, struct vfsoptlist *oldopts) 368 { 369 struct vfsopt *opt, *new; 370 371 TAILQ_FOREACH(opt, oldopts, link) { 372 new = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK); 373 new->name = strdup(opt->name, M_MOUNT); 374 if (opt->len != 0) { 375 new->value = malloc(opt->len, M_MOUNT, M_WAITOK); 376 bcopy(opt->value, new->value, opt->len); 377 } else 378 new->value = NULL; 379 new->len = opt->len; 380 new->seen = opt->seen; 381 TAILQ_INSERT_HEAD(toopts, new, link); 382 } 383 vfs_sanitizeopts(toopts); 384 } 385 386 /* 387 * Mount a filesystem. 388 */ 389 #ifndef _SYS_SYSPROTO_H_ 390 struct nmount_args { 391 struct iovec *iovp; 392 unsigned int iovcnt; 393 int flags; 394 }; 395 #endif 396 int 397 sys_nmount(struct thread *td, struct nmount_args *uap) 398 { 399 struct uio *auio; 400 int error; 401 u_int iovcnt; 402 uint64_t flags; 403 404 /* 405 * Mount flags are now 64-bits. On 32-bit archtectures only 406 * 32-bits are passed in, but from here on everything handles 407 * 64-bit flags correctly. 408 */ 409 flags = uap->flags; 410 411 AUDIT_ARG_FFLAGS(flags); 412 CTR4(KTR_VFS, "%s: iovp %p with iovcnt %d and flags %d", __func__, 413 uap->iovp, uap->iovcnt, flags); 414 415 /* 416 * Filter out MNT_ROOTFS. We do not want clients of nmount() in 417 * userspace to set this flag, but we must filter it out if we want 418 * MNT_UPDATE on the root file system to work. 419 * MNT_ROOTFS should only be set by the kernel when mounting its 420 * root file system. 421 */ 422 flags &= ~MNT_ROOTFS; 423 424 iovcnt = uap->iovcnt; 425 /* 426 * Check that we have an even number of iovec's 427 * and that we have at least two options. 428 */ 429 if ((iovcnt & 1) || (iovcnt < 4)) { 430 CTR2(KTR_VFS, "%s: failed for invalid iovcnt %d", __func__, 431 uap->iovcnt); 432 return (EINVAL); 433 } 434 435 error = copyinuio(uap->iovp, iovcnt, &auio); 436 if (error) { 437 CTR2(KTR_VFS, "%s: failed for invalid uio op with %d errno", 438 __func__, error); 439 return (error); 440 } 441 error = vfs_donmount(td, flags, auio); 442 443 free(auio, M_IOV); 444 return (error); 445 } 446 447 /* 448 * --------------------------------------------------------------------- 449 * Various utility functions 450 */ 451 452 /* 453 * Get a reference on a mount point from a vnode. 454 * 455 * The vnode is allowed to be passed unlocked and race against dooming. Note in 456 * such case there are no guarantees the referenced mount point will still be 457 * associated with it after the function returns. 458 */ 459 struct mount * 460 vfs_ref_from_vp(struct vnode *vp) 461 { 462 struct mount *mp; 463 struct mount_pcpu *mpcpu; 464 465 mp = atomic_load_ptr(&vp->v_mount); 466 if (__predict_false(mp == NULL)) { 467 return (mp); 468 } 469 if (vfs_op_thread_enter(mp, mpcpu)) { 470 if (__predict_true(mp == vp->v_mount)) { 471 vfs_mp_count_add_pcpu(mpcpu, ref, 1); 472 vfs_op_thread_exit(mp, mpcpu); 473 } else { 474 vfs_op_thread_exit(mp, mpcpu); 475 mp = NULL; 476 } 477 } else { 478 MNT_ILOCK(mp); 479 if (mp == vp->v_mount) { 480 MNT_REF(mp); 481 MNT_IUNLOCK(mp); 482 } else { 483 MNT_IUNLOCK(mp); 484 mp = NULL; 485 } 486 } 487 return (mp); 488 } 489 490 void 491 vfs_ref(struct mount *mp) 492 { 493 struct mount_pcpu *mpcpu; 494 495 CTR2(KTR_VFS, "%s: mp %p", __func__, mp); 496 if (vfs_op_thread_enter(mp, mpcpu)) { 497 vfs_mp_count_add_pcpu(mpcpu, ref, 1); 498 vfs_op_thread_exit(mp, mpcpu); 499 return; 500 } 501 502 MNT_ILOCK(mp); 503 MNT_REF(mp); 504 MNT_IUNLOCK(mp); 505 } 506 507 void 508 vfs_rel(struct mount *mp) 509 { 510 struct mount_pcpu *mpcpu; 511 512 CTR2(KTR_VFS, "%s: mp %p", __func__, mp); 513 if (vfs_op_thread_enter(mp, mpcpu)) { 514 vfs_mp_count_sub_pcpu(mpcpu, ref, 1); 515 vfs_op_thread_exit(mp, mpcpu); 516 return; 517 } 518 519 MNT_ILOCK(mp); 520 MNT_REL(mp); 521 MNT_IUNLOCK(mp); 522 } 523 524 /* 525 * Allocate and initialize the mount point struct. 526 */ 527 struct mount * 528 vfs_mount_alloc(struct vnode *vp, struct vfsconf *vfsp, const char *fspath, 529 struct ucred *cred) 530 { 531 struct mount *mp; 532 533 mp = uma_zalloc(mount_zone, M_WAITOK); 534 bzero(&mp->mnt_startzero, 535 __rangeof(struct mount, mnt_startzero, mnt_endzero)); 536 mp->mnt_kern_flag = 0; 537 mp->mnt_flag = 0; 538 mp->mnt_rootvnode = NULL; 539 mp->mnt_vnodecovered = NULL; 540 mp->mnt_op = NULL; 541 mp->mnt_vfc = NULL; 542 TAILQ_INIT(&mp->mnt_nvnodelist); 543 mp->mnt_nvnodelistsize = 0; 544 TAILQ_INIT(&mp->mnt_lazyvnodelist); 545 mp->mnt_lazyvnodelistsize = 0; 546 if (mp->mnt_ref != 0 || mp->mnt_lockref != 0 || 547 mp->mnt_writeopcount != 0) 548 panic("%s: non-zero counters on new mp %p\n", __func__, mp); 549 if (mp->mnt_vfs_ops != 1) 550 panic("%s: vfs_ops should be 1 but %d found\n", __func__, 551 mp->mnt_vfs_ops); 552 (void) vfs_busy(mp, MBF_NOWAIT); 553 atomic_add_acq_int(&vfsp->vfc_refcount, 1); 554 mp->mnt_op = vfsp->vfc_vfsops; 555 mp->mnt_vfc = vfsp; 556 mp->mnt_stat.f_type = vfsp->vfc_typenum; 557 mp->mnt_gen++; 558 strlcpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN); 559 mp->mnt_vnodecovered = vp; 560 mp->mnt_cred = crdup(cred); 561 mp->mnt_stat.f_owner = cred->cr_uid; 562 strlcpy(mp->mnt_stat.f_mntonname, fspath, MNAMELEN); 563 mp->mnt_iosize_max = DFLTPHYS; 564 #ifdef MAC 565 mac_mount_init(mp); 566 mac_mount_create(cred, mp); 567 #endif 568 arc4rand(&mp->mnt_hashseed, sizeof mp->mnt_hashseed, 0); 569 TAILQ_INIT(&mp->mnt_uppers); 570 return (mp); 571 } 572 573 /* 574 * Destroy the mount struct previously allocated by vfs_mount_alloc(). 575 */ 576 void 577 vfs_mount_destroy(struct mount *mp) 578 { 579 580 if (mp->mnt_vfs_ops == 0) 581 panic("%s: entered with zero vfs_ops\n", __func__); 582 583 vfs_assert_mount_counters(mp); 584 585 MNT_ILOCK(mp); 586 mp->mnt_kern_flag |= MNTK_REFEXPIRE; 587 if (mp->mnt_kern_flag & MNTK_MWAIT) { 588 mp->mnt_kern_flag &= ~MNTK_MWAIT; 589 wakeup(mp); 590 } 591 while (mp->mnt_ref) 592 msleep(mp, MNT_MTX(mp), PVFS, "mntref", 0); 593 KASSERT(mp->mnt_ref == 0, 594 ("%s: invalid refcount in the drain path @ %s:%d", __func__, 595 __FILE__, __LINE__)); 596 if (mp->mnt_writeopcount != 0) 597 panic("vfs_mount_destroy: nonzero writeopcount"); 598 if (mp->mnt_secondary_writes != 0) 599 panic("vfs_mount_destroy: nonzero secondary_writes"); 600 atomic_subtract_rel_int(&mp->mnt_vfc->vfc_refcount, 1); 601 if (!TAILQ_EMPTY(&mp->mnt_nvnodelist)) { 602 struct vnode *vp; 603 604 TAILQ_FOREACH(vp, &mp->mnt_nvnodelist, v_nmntvnodes) 605 vn_printf(vp, "dangling vnode "); 606 panic("unmount: dangling vnode"); 607 } 608 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers")); 609 if (mp->mnt_nvnodelistsize != 0) 610 panic("vfs_mount_destroy: nonzero nvnodelistsize"); 611 if (mp->mnt_lazyvnodelistsize != 0) 612 panic("vfs_mount_destroy: nonzero lazyvnodelistsize"); 613 if (mp->mnt_lockref != 0) 614 panic("vfs_mount_destroy: nonzero lock refcount"); 615 MNT_IUNLOCK(mp); 616 617 if (mp->mnt_vfs_ops != 1) 618 panic("%s: vfs_ops should be 1 but %d found\n", __func__, 619 mp->mnt_vfs_ops); 620 621 if (mp->mnt_rootvnode != NULL) 622 panic("%s: mount point still has a root vnode %p\n", __func__, 623 mp->mnt_rootvnode); 624 625 if (mp->mnt_vnodecovered != NULL) 626 vrele(mp->mnt_vnodecovered); 627 #ifdef MAC 628 mac_mount_destroy(mp); 629 #endif 630 if (mp->mnt_opt != NULL) 631 vfs_freeopts(mp->mnt_opt); 632 crfree(mp->mnt_cred); 633 uma_zfree(mount_zone, mp); 634 } 635 636 static bool 637 vfs_should_downgrade_to_ro_mount(uint64_t fsflags, int error) 638 { 639 /* This is an upgrade of an exisiting mount. */ 640 if ((fsflags & MNT_UPDATE) != 0) 641 return (false); 642 /* This is already an R/O mount. */ 643 if ((fsflags & MNT_RDONLY) != 0) 644 return (false); 645 646 switch (error) { 647 case ENODEV: /* generic, geom, ... */ 648 case EACCES: /* cam/scsi, ... */ 649 case EROFS: /* md, mmcsd, ... */ 650 /* 651 * These errors can be returned by the storage layer to signal 652 * that the media is read-only. No harm in the R/O mount 653 * attempt if the error was returned for some other reason. 654 */ 655 return (true); 656 default: 657 return (false); 658 } 659 } 660 661 int 662 vfs_donmount(struct thread *td, uint64_t fsflags, struct uio *fsoptions) 663 { 664 struct vfsoptlist *optlist; 665 struct vfsopt *opt, *tmp_opt; 666 char *fstype, *fspath, *errmsg; 667 int error, fstypelen, fspathlen, errmsg_len, errmsg_pos; 668 bool autoro; 669 670 errmsg = fspath = NULL; 671 errmsg_len = fspathlen = 0; 672 errmsg_pos = -1; 673 autoro = default_autoro; 674 675 error = vfs_buildopts(fsoptions, &optlist); 676 if (error) 677 return (error); 678 679 if (vfs_getopt(optlist, "errmsg", (void **)&errmsg, &errmsg_len) == 0) 680 errmsg_pos = vfs_getopt_pos(optlist, "errmsg"); 681 682 /* 683 * We need these two options before the others, 684 * and they are mandatory for any filesystem. 685 * Ensure they are NUL terminated as well. 686 */ 687 fstypelen = 0; 688 error = vfs_getopt(optlist, "fstype", (void **)&fstype, &fstypelen); 689 if (error || fstypelen <= 0 || fstype[fstypelen - 1] != '\0') { 690 error = EINVAL; 691 if (errmsg != NULL) 692 strncpy(errmsg, "Invalid fstype", errmsg_len); 693 goto bail; 694 } 695 fspathlen = 0; 696 error = vfs_getopt(optlist, "fspath", (void **)&fspath, &fspathlen); 697 if (error || fspathlen <= 0 || fspath[fspathlen - 1] != '\0') { 698 error = EINVAL; 699 if (errmsg != NULL) 700 strncpy(errmsg, "Invalid fspath", errmsg_len); 701 goto bail; 702 } 703 704 /* 705 * We need to see if we have the "update" option 706 * before we call vfs_domount(), since vfs_domount() has special 707 * logic based on MNT_UPDATE. This is very important 708 * when we want to update the root filesystem. 709 */ 710 TAILQ_FOREACH_SAFE(opt, optlist, link, tmp_opt) { 711 int do_freeopt = 0; 712 713 if (strcmp(opt->name, "update") == 0) { 714 fsflags |= MNT_UPDATE; 715 do_freeopt = 1; 716 } 717 else if (strcmp(opt->name, "async") == 0) 718 fsflags |= MNT_ASYNC; 719 else if (strcmp(opt->name, "force") == 0) { 720 fsflags |= MNT_FORCE; 721 do_freeopt = 1; 722 } 723 else if (strcmp(opt->name, "reload") == 0) { 724 fsflags |= MNT_RELOAD; 725 do_freeopt = 1; 726 } 727 else if (strcmp(opt->name, "multilabel") == 0) 728 fsflags |= MNT_MULTILABEL; 729 else if (strcmp(opt->name, "noasync") == 0) 730 fsflags &= ~MNT_ASYNC; 731 else if (strcmp(opt->name, "noatime") == 0) 732 fsflags |= MNT_NOATIME; 733 else if (strcmp(opt->name, "atime") == 0) { 734 free(opt->name, M_MOUNT); 735 opt->name = strdup("nonoatime", M_MOUNT); 736 } 737 else if (strcmp(opt->name, "noclusterr") == 0) 738 fsflags |= MNT_NOCLUSTERR; 739 else if (strcmp(opt->name, "clusterr") == 0) { 740 free(opt->name, M_MOUNT); 741 opt->name = strdup("nonoclusterr", M_MOUNT); 742 } 743 else if (strcmp(opt->name, "noclusterw") == 0) 744 fsflags |= MNT_NOCLUSTERW; 745 else if (strcmp(opt->name, "clusterw") == 0) { 746 free(opt->name, M_MOUNT); 747 opt->name = strdup("nonoclusterw", M_MOUNT); 748 } 749 else if (strcmp(opt->name, "noexec") == 0) 750 fsflags |= MNT_NOEXEC; 751 else if (strcmp(opt->name, "exec") == 0) { 752 free(opt->name, M_MOUNT); 753 opt->name = strdup("nonoexec", M_MOUNT); 754 } 755 else if (strcmp(opt->name, "nosuid") == 0) 756 fsflags |= MNT_NOSUID; 757 else if (strcmp(opt->name, "suid") == 0) { 758 free(opt->name, M_MOUNT); 759 opt->name = strdup("nonosuid", M_MOUNT); 760 } 761 else if (strcmp(opt->name, "nosymfollow") == 0) 762 fsflags |= MNT_NOSYMFOLLOW; 763 else if (strcmp(opt->name, "symfollow") == 0) { 764 free(opt->name, M_MOUNT); 765 opt->name = strdup("nonosymfollow", M_MOUNT); 766 } 767 else if (strcmp(opt->name, "noro") == 0) { 768 fsflags &= ~MNT_RDONLY; 769 autoro = false; 770 } 771 else if (strcmp(opt->name, "rw") == 0) { 772 fsflags &= ~MNT_RDONLY; 773 autoro = false; 774 } 775 else if (strcmp(opt->name, "ro") == 0) { 776 fsflags |= MNT_RDONLY; 777 autoro = false; 778 } 779 else if (strcmp(opt->name, "rdonly") == 0) { 780 free(opt->name, M_MOUNT); 781 opt->name = strdup("ro", M_MOUNT); 782 fsflags |= MNT_RDONLY; 783 autoro = false; 784 } 785 else if (strcmp(opt->name, "autoro") == 0) { 786 do_freeopt = 1; 787 autoro = true; 788 } 789 else if (strcmp(opt->name, "suiddir") == 0) 790 fsflags |= MNT_SUIDDIR; 791 else if (strcmp(opt->name, "sync") == 0) 792 fsflags |= MNT_SYNCHRONOUS; 793 else if (strcmp(opt->name, "union") == 0) 794 fsflags |= MNT_UNION; 795 else if (strcmp(opt->name, "automounted") == 0) { 796 fsflags |= MNT_AUTOMOUNTED; 797 do_freeopt = 1; 798 } else if (strcmp(opt->name, "nocover") == 0) { 799 fsflags |= MNT_NOCOVER; 800 do_freeopt = 1; 801 } else if (strcmp(opt->name, "cover") == 0) { 802 fsflags &= ~MNT_NOCOVER; 803 do_freeopt = 1; 804 } else if (strcmp(opt->name, "emptydir") == 0) { 805 fsflags |= MNT_EMPTYDIR; 806 do_freeopt = 1; 807 } else if (strcmp(opt->name, "noemptydir") == 0) { 808 fsflags &= ~MNT_EMPTYDIR; 809 do_freeopt = 1; 810 } 811 if (do_freeopt) 812 vfs_freeopt(optlist, opt); 813 } 814 815 /* 816 * Be ultra-paranoid about making sure the type and fspath 817 * variables will fit in our mp buffers, including the 818 * terminating NUL. 819 */ 820 if (fstypelen > MFSNAMELEN || fspathlen > MNAMELEN) { 821 error = ENAMETOOLONG; 822 goto bail; 823 } 824 825 error = vfs_domount(td, fstype, fspath, fsflags, &optlist); 826 827 /* 828 * See if we can mount in the read-only mode if the error code suggests 829 * that it could be possible and the mount options allow for that. 830 * Never try it if "[no]{ro|rw}" has been explicitly requested and not 831 * overridden by "autoro". 832 */ 833 if (autoro && vfs_should_downgrade_to_ro_mount(fsflags, error)) { 834 printf("%s: R/W mount failed, possibly R/O media," 835 " trying R/O mount\n", __func__); 836 fsflags |= MNT_RDONLY; 837 error = vfs_domount(td, fstype, fspath, fsflags, &optlist); 838 } 839 bail: 840 /* copyout the errmsg */ 841 if (errmsg_pos != -1 && ((2 * errmsg_pos + 1) < fsoptions->uio_iovcnt) 842 && errmsg_len > 0 && errmsg != NULL) { 843 if (fsoptions->uio_segflg == UIO_SYSSPACE) { 844 bcopy(errmsg, 845 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, 846 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); 847 } else { 848 copyout(errmsg, 849 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, 850 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); 851 } 852 } 853 854 if (optlist != NULL) 855 vfs_freeopts(optlist); 856 return (error); 857 } 858 859 /* 860 * Old mount API. 861 */ 862 #ifndef _SYS_SYSPROTO_H_ 863 struct mount_args { 864 char *type; 865 char *path; 866 int flags; 867 caddr_t data; 868 }; 869 #endif 870 /* ARGSUSED */ 871 int 872 sys_mount(struct thread *td, struct mount_args *uap) 873 { 874 char *fstype; 875 struct vfsconf *vfsp = NULL; 876 struct mntarg *ma = NULL; 877 uint64_t flags; 878 int error; 879 880 /* 881 * Mount flags are now 64-bits. On 32-bit architectures only 882 * 32-bits are passed in, but from here on everything handles 883 * 64-bit flags correctly. 884 */ 885 flags = uap->flags; 886 887 AUDIT_ARG_FFLAGS(flags); 888 889 /* 890 * Filter out MNT_ROOTFS. We do not want clients of mount() in 891 * userspace to set this flag, but we must filter it out if we want 892 * MNT_UPDATE on the root file system to work. 893 * MNT_ROOTFS should only be set by the kernel when mounting its 894 * root file system. 895 */ 896 flags &= ~MNT_ROOTFS; 897 898 fstype = malloc(MFSNAMELEN, M_TEMP, M_WAITOK); 899 error = copyinstr(uap->type, fstype, MFSNAMELEN, NULL); 900 if (error) { 901 free(fstype, M_TEMP); 902 return (error); 903 } 904 905 AUDIT_ARG_TEXT(fstype); 906 vfsp = vfs_byname_kld(fstype, td, &error); 907 free(fstype, M_TEMP); 908 if (vfsp == NULL) 909 return (ENOENT); 910 if (((vfsp->vfc_flags & VFCF_SBDRY) != 0 && 911 vfsp->vfc_vfsops_sd->vfs_cmount == NULL) || 912 ((vfsp->vfc_flags & VFCF_SBDRY) == 0 && 913 vfsp->vfc_vfsops->vfs_cmount == NULL)) 914 return (EOPNOTSUPP); 915 916 ma = mount_argsu(ma, "fstype", uap->type, MFSNAMELEN); 917 ma = mount_argsu(ma, "fspath", uap->path, MNAMELEN); 918 ma = mount_argb(ma, flags & MNT_RDONLY, "noro"); 919 ma = mount_argb(ma, !(flags & MNT_NOSUID), "nosuid"); 920 ma = mount_argb(ma, !(flags & MNT_NOEXEC), "noexec"); 921 922 if ((vfsp->vfc_flags & VFCF_SBDRY) != 0) 923 return (vfsp->vfc_vfsops_sd->vfs_cmount(ma, uap->data, flags)); 924 return (vfsp->vfc_vfsops->vfs_cmount(ma, uap->data, flags)); 925 } 926 927 /* 928 * vfs_domount_first(): first file system mount (not update) 929 */ 930 static int 931 vfs_domount_first( 932 struct thread *td, /* Calling thread. */ 933 struct vfsconf *vfsp, /* File system type. */ 934 char *fspath, /* Mount path. */ 935 struct vnode *vp, /* Vnode to be covered. */ 936 uint64_t fsflags, /* Flags common to all filesystems. */ 937 struct vfsoptlist **optlist /* Options local to the filesystem. */ 938 ) 939 { 940 struct vattr va; 941 struct mount *mp; 942 struct vnode *newdp, *rootvp; 943 int error, error1; 944 bool unmounted; 945 946 ASSERT_VOP_ELOCKED(vp, __func__); 947 KASSERT((fsflags & MNT_UPDATE) == 0, ("MNT_UPDATE shouldn't be here")); 948 949 if ((fsflags & MNT_EMPTYDIR) != 0) { 950 error = vfs_emptydir(vp); 951 if (error != 0) { 952 vput(vp); 953 return (error); 954 } 955 } 956 957 /* 958 * If the jail of the calling thread lacks permission for this type of 959 * file system, or is trying to cover its own root, deny immediately. 960 */ 961 if (jailed(td->td_ucred) && (!prison_allow(td->td_ucred, 962 vfsp->vfc_prison_flag) || vp == td->td_ucred->cr_prison->pr_root)) { 963 vput(vp); 964 return (EPERM); 965 } 966 967 /* 968 * If the user is not root, ensure that they own the directory 969 * onto which we are attempting to mount. 970 */ 971 error = VOP_GETATTR(vp, &va, td->td_ucred); 972 if (error == 0 && va.va_uid != td->td_ucred->cr_uid) 973 error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN); 974 if (error == 0) 975 error = vinvalbuf(vp, V_SAVE, 0, 0); 976 if (error == 0 && vp->v_type != VDIR) 977 error = ENOTDIR; 978 if (error == 0) { 979 VI_LOCK(vp); 980 if ((vp->v_iflag & VI_MOUNT) == 0 && vp->v_mountedhere == NULL) 981 vp->v_iflag |= VI_MOUNT; 982 else 983 error = EBUSY; 984 VI_UNLOCK(vp); 985 } 986 if (error != 0) { 987 vput(vp); 988 return (error); 989 } 990 vn_seqc_write_begin(vp); 991 VOP_UNLOCK(vp); 992 993 /* Allocate and initialize the filesystem. */ 994 mp = vfs_mount_alloc(vp, vfsp, fspath, td->td_ucred); 995 /* XXXMAC: pass to vfs_mount_alloc? */ 996 mp->mnt_optnew = *optlist; 997 /* Set the mount level flags. */ 998 mp->mnt_flag = (fsflags & (MNT_UPDATEMASK | MNT_ROOTFS | MNT_RDONLY)); 999 1000 /* 1001 * Mount the filesystem. 1002 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they 1003 * get. No freeing of cn_pnbuf. 1004 */ 1005 error1 = 0; 1006 unmounted = true; 1007 if ((error = VFS_MOUNT(mp)) != 0 || 1008 (error1 = VFS_STATFS(mp, &mp->mnt_stat)) != 0 || 1009 (error1 = VFS_ROOT(mp, LK_EXCLUSIVE, &newdp)) != 0) { 1010 rootvp = NULL; 1011 if (error1 != 0) { 1012 MPASS(error == 0); 1013 rootvp = vfs_cache_root_clear(mp); 1014 if (rootvp != NULL) { 1015 vhold(rootvp); 1016 vrele(rootvp); 1017 } 1018 (void)vn_start_write(NULL, &mp, V_WAIT); 1019 MNT_ILOCK(mp); 1020 mp->mnt_kern_flag |= MNTK_UNMOUNT | MNTK_UNMOUNTF; 1021 MNT_IUNLOCK(mp); 1022 VFS_PURGE(mp); 1023 error = VFS_UNMOUNT(mp, 0); 1024 vn_finished_write(mp); 1025 if (error != 0) { 1026 printf( 1027 "failed post-mount (%d): rollback unmount returned %d\n", 1028 error1, error); 1029 unmounted = false; 1030 } 1031 error = error1; 1032 } 1033 vfs_unbusy(mp); 1034 mp->mnt_vnodecovered = NULL; 1035 if (unmounted) { 1036 /* XXXKIB wait for mnt_lockref drain? */ 1037 vfs_mount_destroy(mp); 1038 } 1039 VI_LOCK(vp); 1040 vp->v_iflag &= ~VI_MOUNT; 1041 VI_UNLOCK(vp); 1042 if (rootvp != NULL) { 1043 vn_seqc_write_end(rootvp); 1044 vdrop(rootvp); 1045 } 1046 vn_seqc_write_end(vp); 1047 vrele(vp); 1048 return (error); 1049 } 1050 vn_seqc_write_begin(newdp); 1051 VOP_UNLOCK(newdp); 1052 1053 if (mp->mnt_opt != NULL) 1054 vfs_freeopts(mp->mnt_opt); 1055 mp->mnt_opt = mp->mnt_optnew; 1056 *optlist = NULL; 1057 1058 /* 1059 * Prevent external consumers of mount options from reading mnt_optnew. 1060 */ 1061 mp->mnt_optnew = NULL; 1062 1063 MNT_ILOCK(mp); 1064 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 1065 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 1066 mp->mnt_kern_flag |= MNTK_ASYNC; 1067 else 1068 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1069 MNT_IUNLOCK(mp); 1070 1071 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 1072 cache_purge(vp); 1073 VI_LOCK(vp); 1074 vp->v_iflag &= ~VI_MOUNT; 1075 vn_irflag_set_locked(vp, VIRF_MOUNTPOINT); 1076 vp->v_mountedhere = mp; 1077 VI_UNLOCK(vp); 1078 /* Place the new filesystem at the end of the mount list. */ 1079 mtx_lock(&mountlist_mtx); 1080 TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list); 1081 mtx_unlock(&mountlist_mtx); 1082 vfs_event_signal(NULL, VQ_MOUNT, 0); 1083 vn_lock(newdp, LK_EXCLUSIVE | LK_RETRY); 1084 VOP_UNLOCK(vp); 1085 EVENTHANDLER_DIRECT_INVOKE(vfs_mounted, mp, newdp, td); 1086 VOP_UNLOCK(newdp); 1087 mount_devctl_event("MOUNT", mp, false); 1088 mountcheckdirs(vp, newdp); 1089 vn_seqc_write_end(vp); 1090 vn_seqc_write_end(newdp); 1091 vrele(newdp); 1092 if ((mp->mnt_flag & MNT_RDONLY) == 0) 1093 vfs_allocate_syncvnode(mp); 1094 vfs_op_exit(mp); 1095 vfs_unbusy(mp); 1096 return (0); 1097 } 1098 1099 /* 1100 * vfs_domount_update(): update of mounted file system 1101 */ 1102 static int 1103 vfs_domount_update( 1104 struct thread *td, /* Calling thread. */ 1105 struct vnode *vp, /* Mount point vnode. */ 1106 uint64_t fsflags, /* Flags common to all filesystems. */ 1107 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1108 ) 1109 { 1110 struct export_args export; 1111 struct o2export_args o2export; 1112 struct vnode *rootvp; 1113 void *bufp; 1114 struct mount *mp; 1115 int error, export_error, i, len; 1116 uint64_t flag; 1117 gid_t *grps; 1118 1119 ASSERT_VOP_ELOCKED(vp, __func__); 1120 KASSERT((fsflags & MNT_UPDATE) != 0, ("MNT_UPDATE should be here")); 1121 mp = vp->v_mount; 1122 1123 if ((vp->v_vflag & VV_ROOT) == 0) { 1124 if (vfs_copyopt(*optlist, "export", &export, sizeof(export)) 1125 == 0) 1126 error = EXDEV; 1127 else 1128 error = EINVAL; 1129 vput(vp); 1130 return (error); 1131 } 1132 1133 /* 1134 * We only allow the filesystem to be reloaded if it 1135 * is currently mounted read-only. 1136 */ 1137 flag = mp->mnt_flag; 1138 if ((fsflags & MNT_RELOAD) != 0 && (flag & MNT_RDONLY) == 0) { 1139 vput(vp); 1140 return (EOPNOTSUPP); /* Needs translation */ 1141 } 1142 /* 1143 * Only privileged root, or (if MNT_USER is set) the user that 1144 * did the original mount is permitted to update it. 1145 */ 1146 error = vfs_suser(mp, td); 1147 if (error != 0) { 1148 vput(vp); 1149 return (error); 1150 } 1151 if (vfs_busy(mp, MBF_NOWAIT)) { 1152 vput(vp); 1153 return (EBUSY); 1154 } 1155 VI_LOCK(vp); 1156 if ((vp->v_iflag & VI_MOUNT) != 0 || vp->v_mountedhere != NULL) { 1157 VI_UNLOCK(vp); 1158 vfs_unbusy(mp); 1159 vput(vp); 1160 return (EBUSY); 1161 } 1162 vp->v_iflag |= VI_MOUNT; 1163 VI_UNLOCK(vp); 1164 VOP_UNLOCK(vp); 1165 1166 vfs_op_enter(mp); 1167 vn_seqc_write_begin(vp); 1168 1169 rootvp = NULL; 1170 MNT_ILOCK(mp); 1171 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0) { 1172 MNT_IUNLOCK(mp); 1173 error = EBUSY; 1174 goto end; 1175 } 1176 mp->mnt_flag &= ~MNT_UPDATEMASK; 1177 mp->mnt_flag |= fsflags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE | 1178 MNT_SNAPSHOT | MNT_ROOTFS | MNT_UPDATEMASK | MNT_RDONLY); 1179 if ((mp->mnt_flag & MNT_ASYNC) == 0) 1180 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1181 rootvp = vfs_cache_root_clear(mp); 1182 MNT_IUNLOCK(mp); 1183 mp->mnt_optnew = *optlist; 1184 vfs_mergeopts(mp->mnt_optnew, mp->mnt_opt); 1185 1186 /* 1187 * Mount the filesystem. 1188 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they 1189 * get. No freeing of cn_pnbuf. 1190 */ 1191 error = VFS_MOUNT(mp); 1192 1193 export_error = 0; 1194 /* Process the export option. */ 1195 if (error == 0 && vfs_getopt(mp->mnt_optnew, "export", &bufp, 1196 &len) == 0) { 1197 /* Assume that there is only 1 ABI for each length. */ 1198 switch (len) { 1199 case (sizeof(struct oexport_args)): 1200 bzero(&o2export, sizeof(o2export)); 1201 /* FALLTHROUGH */ 1202 case (sizeof(o2export)): 1203 bcopy(bufp, &o2export, len); 1204 export.ex_flags = (uint64_t)o2export.ex_flags; 1205 export.ex_root = o2export.ex_root; 1206 export.ex_uid = o2export.ex_anon.cr_uid; 1207 export.ex_groups = NULL; 1208 export.ex_ngroups = o2export.ex_anon.cr_ngroups; 1209 if (export.ex_ngroups > 0) { 1210 if (export.ex_ngroups <= XU_NGROUPS) { 1211 export.ex_groups = malloc( 1212 export.ex_ngroups * sizeof(gid_t), 1213 M_TEMP, M_WAITOK); 1214 for (i = 0; i < export.ex_ngroups; i++) 1215 export.ex_groups[i] = 1216 o2export.ex_anon.cr_groups[i]; 1217 } else 1218 export_error = EINVAL; 1219 } else if (export.ex_ngroups < 0) 1220 export_error = EINVAL; 1221 export.ex_addr = o2export.ex_addr; 1222 export.ex_addrlen = o2export.ex_addrlen; 1223 export.ex_mask = o2export.ex_mask; 1224 export.ex_masklen = o2export.ex_masklen; 1225 export.ex_indexfile = o2export.ex_indexfile; 1226 export.ex_numsecflavors = o2export.ex_numsecflavors; 1227 if (export.ex_numsecflavors < MAXSECFLAVORS) { 1228 for (i = 0; i < export.ex_numsecflavors; i++) 1229 export.ex_secflavors[i] = 1230 o2export.ex_secflavors[i]; 1231 } else 1232 export_error = EINVAL; 1233 if (export_error == 0) 1234 export_error = vfs_export(mp, &export); 1235 free(export.ex_groups, M_TEMP); 1236 break; 1237 case (sizeof(export)): 1238 bcopy(bufp, &export, len); 1239 grps = NULL; 1240 if (export.ex_ngroups > 0) { 1241 if (export.ex_ngroups <= NGROUPS_MAX) { 1242 grps = malloc(export.ex_ngroups * 1243 sizeof(gid_t), M_TEMP, M_WAITOK); 1244 export_error = copyin(export.ex_groups, 1245 grps, export.ex_ngroups * 1246 sizeof(gid_t)); 1247 if (export_error == 0) 1248 export.ex_groups = grps; 1249 } else 1250 export_error = EINVAL; 1251 } else if (export.ex_ngroups == 0) 1252 export.ex_groups = NULL; 1253 else 1254 export_error = EINVAL; 1255 if (export_error == 0) 1256 export_error = vfs_export(mp, &export); 1257 free(grps, M_TEMP); 1258 break; 1259 default: 1260 export_error = EINVAL; 1261 break; 1262 } 1263 } 1264 1265 MNT_ILOCK(mp); 1266 if (error == 0) { 1267 mp->mnt_flag &= ~(MNT_UPDATE | MNT_RELOAD | MNT_FORCE | 1268 MNT_SNAPSHOT); 1269 } else { 1270 /* 1271 * If we fail, restore old mount flags. MNT_QUOTA is special, 1272 * because it is not part of MNT_UPDATEMASK, but it could have 1273 * changed in the meantime if quotactl(2) was called. 1274 * All in all we want current value of MNT_QUOTA, not the old 1275 * one. 1276 */ 1277 mp->mnt_flag = (mp->mnt_flag & MNT_QUOTA) | (flag & ~MNT_QUOTA); 1278 } 1279 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 1280 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 1281 mp->mnt_kern_flag |= MNTK_ASYNC; 1282 else 1283 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1284 MNT_IUNLOCK(mp); 1285 1286 if (error != 0) 1287 goto end; 1288 1289 mount_devctl_event("REMOUNT", mp, true); 1290 if (mp->mnt_opt != NULL) 1291 vfs_freeopts(mp->mnt_opt); 1292 mp->mnt_opt = mp->mnt_optnew; 1293 *optlist = NULL; 1294 (void)VFS_STATFS(mp, &mp->mnt_stat); 1295 /* 1296 * Prevent external consumers of mount options from reading 1297 * mnt_optnew. 1298 */ 1299 mp->mnt_optnew = NULL; 1300 1301 if ((mp->mnt_flag & MNT_RDONLY) == 0) 1302 vfs_allocate_syncvnode(mp); 1303 else 1304 vfs_deallocate_syncvnode(mp); 1305 end: 1306 vfs_op_exit(mp); 1307 if (rootvp != NULL) { 1308 vn_seqc_write_end(rootvp); 1309 vrele(rootvp); 1310 } 1311 vn_seqc_write_end(vp); 1312 vfs_unbusy(mp); 1313 VI_LOCK(vp); 1314 vp->v_iflag &= ~VI_MOUNT; 1315 VI_UNLOCK(vp); 1316 vrele(vp); 1317 return (error != 0 ? error : export_error); 1318 } 1319 1320 /* 1321 * vfs_domount(): actually attempt a filesystem mount. 1322 */ 1323 static int 1324 vfs_domount( 1325 struct thread *td, /* Calling thread. */ 1326 const char *fstype, /* Filesystem type. */ 1327 char *fspath, /* Mount path. */ 1328 uint64_t fsflags, /* Flags common to all filesystems. */ 1329 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1330 ) 1331 { 1332 struct vfsconf *vfsp; 1333 struct nameidata nd; 1334 struct vnode *vp; 1335 char *pathbuf; 1336 int error; 1337 1338 /* 1339 * Be ultra-paranoid about making sure the type and fspath 1340 * variables will fit in our mp buffers, including the 1341 * terminating NUL. 1342 */ 1343 if (strlen(fstype) >= MFSNAMELEN || strlen(fspath) >= MNAMELEN) 1344 return (ENAMETOOLONG); 1345 1346 if (jailed(td->td_ucred) || usermount == 0) { 1347 if ((error = priv_check(td, PRIV_VFS_MOUNT)) != 0) 1348 return (error); 1349 } 1350 1351 /* 1352 * Do not allow NFS export or MNT_SUIDDIR by unprivileged users. 1353 */ 1354 if (fsflags & MNT_EXPORTED) { 1355 error = priv_check(td, PRIV_VFS_MOUNT_EXPORTED); 1356 if (error) 1357 return (error); 1358 } 1359 if (fsflags & MNT_SUIDDIR) { 1360 error = priv_check(td, PRIV_VFS_MOUNT_SUIDDIR); 1361 if (error) 1362 return (error); 1363 } 1364 /* 1365 * Silently enforce MNT_NOSUID and MNT_USER for unprivileged users. 1366 */ 1367 if ((fsflags & (MNT_NOSUID | MNT_USER)) != (MNT_NOSUID | MNT_USER)) { 1368 if (priv_check(td, PRIV_VFS_MOUNT_NONUSER) != 0) 1369 fsflags |= MNT_NOSUID | MNT_USER; 1370 } 1371 1372 /* Load KLDs before we lock the covered vnode to avoid reversals. */ 1373 vfsp = NULL; 1374 if ((fsflags & MNT_UPDATE) == 0) { 1375 /* Don't try to load KLDs if we're mounting the root. */ 1376 if (fsflags & MNT_ROOTFS) 1377 vfsp = vfs_byname(fstype); 1378 else 1379 vfsp = vfs_byname_kld(fstype, td, &error); 1380 if (vfsp == NULL) 1381 return (ENODEV); 1382 } 1383 1384 /* 1385 * Get vnode to be covered or mount point's vnode in case of MNT_UPDATE. 1386 */ 1387 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, 1388 UIO_SYSSPACE, fspath, td); 1389 error = namei(&nd); 1390 if (error != 0) 1391 return (error); 1392 NDFREE(&nd, NDF_ONLY_PNBUF); 1393 vp = nd.ni_vp; 1394 if ((fsflags & MNT_UPDATE) == 0) { 1395 if ((vp->v_vflag & VV_ROOT) != 0 && 1396 (fsflags & MNT_NOCOVER) != 0) { 1397 vput(vp); 1398 return (EBUSY); 1399 } 1400 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1401 strcpy(pathbuf, fspath); 1402 error = vn_path_to_global_path(td, vp, pathbuf, MNAMELEN); 1403 if (error == 0) { 1404 error = vfs_domount_first(td, vfsp, pathbuf, vp, 1405 fsflags, optlist); 1406 } 1407 free(pathbuf, M_TEMP); 1408 } else 1409 error = vfs_domount_update(td, vp, fsflags, optlist); 1410 1411 return (error); 1412 } 1413 1414 /* 1415 * Unmount a filesystem. 1416 * 1417 * Note: unmount takes a path to the vnode mounted on as argument, not 1418 * special file (as before). 1419 */ 1420 #ifndef _SYS_SYSPROTO_H_ 1421 struct unmount_args { 1422 char *path; 1423 int flags; 1424 }; 1425 #endif 1426 /* ARGSUSED */ 1427 int 1428 sys_unmount(struct thread *td, struct unmount_args *uap) 1429 { 1430 1431 return (kern_unmount(td, uap->path, uap->flags)); 1432 } 1433 1434 int 1435 kern_unmount(struct thread *td, const char *path, int flags) 1436 { 1437 struct nameidata nd; 1438 struct mount *mp; 1439 char *pathbuf; 1440 int error, id0, id1; 1441 1442 AUDIT_ARG_VALUE(flags); 1443 if (jailed(td->td_ucred) || usermount == 0) { 1444 error = priv_check(td, PRIV_VFS_UNMOUNT); 1445 if (error) 1446 return (error); 1447 } 1448 1449 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1450 error = copyinstr(path, pathbuf, MNAMELEN, NULL); 1451 if (error) { 1452 free(pathbuf, M_TEMP); 1453 return (error); 1454 } 1455 if (flags & MNT_BYFSID) { 1456 AUDIT_ARG_TEXT(pathbuf); 1457 /* Decode the filesystem ID. */ 1458 if (sscanf(pathbuf, "FSID:%d:%d", &id0, &id1) != 2) { 1459 free(pathbuf, M_TEMP); 1460 return (EINVAL); 1461 } 1462 1463 mtx_lock(&mountlist_mtx); 1464 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 1465 if (mp->mnt_stat.f_fsid.val[0] == id0 && 1466 mp->mnt_stat.f_fsid.val[1] == id1) { 1467 vfs_ref(mp); 1468 break; 1469 } 1470 } 1471 mtx_unlock(&mountlist_mtx); 1472 } else { 1473 /* 1474 * Try to find global path for path argument. 1475 */ 1476 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, 1477 UIO_SYSSPACE, pathbuf, td); 1478 if (namei(&nd) == 0) { 1479 NDFREE(&nd, NDF_ONLY_PNBUF); 1480 error = vn_path_to_global_path(td, nd.ni_vp, pathbuf, 1481 MNAMELEN); 1482 if (error == 0) 1483 vput(nd.ni_vp); 1484 } 1485 mtx_lock(&mountlist_mtx); 1486 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 1487 if (strcmp(mp->mnt_stat.f_mntonname, pathbuf) == 0) { 1488 vfs_ref(mp); 1489 break; 1490 } 1491 } 1492 mtx_unlock(&mountlist_mtx); 1493 } 1494 free(pathbuf, M_TEMP); 1495 if (mp == NULL) { 1496 /* 1497 * Previously we returned ENOENT for a nonexistent path and 1498 * EINVAL for a non-mountpoint. We cannot tell these apart 1499 * now, so in the !MNT_BYFSID case return the more likely 1500 * EINVAL for compatibility. 1501 */ 1502 return ((flags & MNT_BYFSID) ? ENOENT : EINVAL); 1503 } 1504 1505 /* 1506 * Don't allow unmounting the root filesystem. 1507 */ 1508 if (mp->mnt_flag & MNT_ROOTFS) { 1509 vfs_rel(mp); 1510 return (EINVAL); 1511 } 1512 error = dounmount(mp, flags, td); 1513 return (error); 1514 } 1515 1516 /* 1517 * Return error if any of the vnodes, ignoring the root vnode 1518 * and the syncer vnode, have non-zero usecount. 1519 * 1520 * This function is purely advisory - it can return false positives 1521 * and negatives. 1522 */ 1523 static int 1524 vfs_check_usecounts(struct mount *mp) 1525 { 1526 struct vnode *vp, *mvp; 1527 1528 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) { 1529 if ((vp->v_vflag & VV_ROOT) == 0 && vp->v_type != VNON && 1530 vp->v_usecount != 0) { 1531 VI_UNLOCK(vp); 1532 MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp); 1533 return (EBUSY); 1534 } 1535 VI_UNLOCK(vp); 1536 } 1537 1538 return (0); 1539 } 1540 1541 static void 1542 dounmount_cleanup(struct mount *mp, struct vnode *coveredvp, int mntkflags) 1543 { 1544 1545 mtx_assert(MNT_MTX(mp), MA_OWNED); 1546 mp->mnt_kern_flag &= ~mntkflags; 1547 if ((mp->mnt_kern_flag & MNTK_MWAIT) != 0) { 1548 mp->mnt_kern_flag &= ~MNTK_MWAIT; 1549 wakeup(mp); 1550 } 1551 vfs_op_exit_locked(mp); 1552 MNT_IUNLOCK(mp); 1553 if (coveredvp != NULL) { 1554 VOP_UNLOCK(coveredvp); 1555 vdrop(coveredvp); 1556 } 1557 vn_finished_write(mp); 1558 } 1559 1560 /* 1561 * There are various reference counters associated with the mount point. 1562 * Normally it is permitted to modify them without taking the mnt ilock, 1563 * but this behavior can be temporarily disabled if stable value is needed 1564 * or callers are expected to block (e.g. to not allow new users during 1565 * forced unmount). 1566 */ 1567 void 1568 vfs_op_enter(struct mount *mp) 1569 { 1570 struct mount_pcpu *mpcpu; 1571 int cpu; 1572 1573 MNT_ILOCK(mp); 1574 mp->mnt_vfs_ops++; 1575 if (mp->mnt_vfs_ops > 1) { 1576 MNT_IUNLOCK(mp); 1577 return; 1578 } 1579 vfs_op_barrier_wait(mp); 1580 CPU_FOREACH(cpu) { 1581 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1582 1583 mp->mnt_ref += mpcpu->mntp_ref; 1584 mpcpu->mntp_ref = 0; 1585 1586 mp->mnt_lockref += mpcpu->mntp_lockref; 1587 mpcpu->mntp_lockref = 0; 1588 1589 mp->mnt_writeopcount += mpcpu->mntp_writeopcount; 1590 mpcpu->mntp_writeopcount = 0; 1591 } 1592 if (mp->mnt_ref <= 0 || mp->mnt_lockref < 0 || mp->mnt_writeopcount < 0) 1593 panic("%s: invalid count(s) on mp %p: ref %d lockref %d writeopcount %d\n", 1594 __func__, mp, mp->mnt_ref, mp->mnt_lockref, mp->mnt_writeopcount); 1595 MNT_IUNLOCK(mp); 1596 vfs_assert_mount_counters(mp); 1597 } 1598 1599 void 1600 vfs_op_exit_locked(struct mount *mp) 1601 { 1602 1603 mtx_assert(MNT_MTX(mp), MA_OWNED); 1604 1605 if (mp->mnt_vfs_ops <= 0) 1606 panic("%s: invalid vfs_ops count %d for mp %p\n", 1607 __func__, mp->mnt_vfs_ops, mp); 1608 mp->mnt_vfs_ops--; 1609 } 1610 1611 void 1612 vfs_op_exit(struct mount *mp) 1613 { 1614 1615 MNT_ILOCK(mp); 1616 vfs_op_exit_locked(mp); 1617 MNT_IUNLOCK(mp); 1618 } 1619 1620 struct vfs_op_barrier_ipi { 1621 struct mount *mp; 1622 struct smp_rendezvous_cpus_retry_arg srcra; 1623 }; 1624 1625 static void 1626 vfs_op_action_func(void *arg) 1627 { 1628 struct vfs_op_barrier_ipi *vfsopipi; 1629 struct mount *mp; 1630 1631 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra); 1632 mp = vfsopipi->mp; 1633 1634 if (!vfs_op_thread_entered(mp)) 1635 smp_rendezvous_cpus_done(arg); 1636 } 1637 1638 static void 1639 vfs_op_wait_func(void *arg, int cpu) 1640 { 1641 struct vfs_op_barrier_ipi *vfsopipi; 1642 struct mount *mp; 1643 struct mount_pcpu *mpcpu; 1644 1645 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra); 1646 mp = vfsopipi->mp; 1647 1648 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1649 while (atomic_load_int(&mpcpu->mntp_thread_in_ops)) 1650 cpu_spinwait(); 1651 } 1652 1653 void 1654 vfs_op_barrier_wait(struct mount *mp) 1655 { 1656 struct vfs_op_barrier_ipi vfsopipi; 1657 1658 vfsopipi.mp = mp; 1659 1660 smp_rendezvous_cpus_retry(all_cpus, 1661 smp_no_rendezvous_barrier, 1662 vfs_op_action_func, 1663 smp_no_rendezvous_barrier, 1664 vfs_op_wait_func, 1665 &vfsopipi.srcra); 1666 } 1667 1668 #ifdef DIAGNOSTIC 1669 void 1670 vfs_assert_mount_counters(struct mount *mp) 1671 { 1672 struct mount_pcpu *mpcpu; 1673 int cpu; 1674 1675 if (mp->mnt_vfs_ops == 0) 1676 return; 1677 1678 CPU_FOREACH(cpu) { 1679 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1680 if (mpcpu->mntp_ref != 0 || 1681 mpcpu->mntp_lockref != 0 || 1682 mpcpu->mntp_writeopcount != 0) 1683 vfs_dump_mount_counters(mp); 1684 } 1685 } 1686 1687 void 1688 vfs_dump_mount_counters(struct mount *mp) 1689 { 1690 struct mount_pcpu *mpcpu; 1691 int ref, lockref, writeopcount; 1692 int cpu; 1693 1694 printf("%s: mp %p vfs_ops %d\n", __func__, mp, mp->mnt_vfs_ops); 1695 1696 printf(" ref : "); 1697 ref = mp->mnt_ref; 1698 CPU_FOREACH(cpu) { 1699 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1700 printf("%d ", mpcpu->mntp_ref); 1701 ref += mpcpu->mntp_ref; 1702 } 1703 printf("\n"); 1704 printf(" lockref : "); 1705 lockref = mp->mnt_lockref; 1706 CPU_FOREACH(cpu) { 1707 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1708 printf("%d ", mpcpu->mntp_lockref); 1709 lockref += mpcpu->mntp_lockref; 1710 } 1711 printf("\n"); 1712 printf("writeopcount: "); 1713 writeopcount = mp->mnt_writeopcount; 1714 CPU_FOREACH(cpu) { 1715 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1716 printf("%d ", mpcpu->mntp_writeopcount); 1717 writeopcount += mpcpu->mntp_writeopcount; 1718 } 1719 printf("\n"); 1720 1721 printf("counter struct total\n"); 1722 printf("ref %-5d %-5d\n", mp->mnt_ref, ref); 1723 printf("lockref %-5d %-5d\n", mp->mnt_lockref, lockref); 1724 printf("writeopcount %-5d %-5d\n", mp->mnt_writeopcount, writeopcount); 1725 1726 panic("invalid counts on struct mount"); 1727 } 1728 #endif 1729 1730 int 1731 vfs_mount_fetch_counter(struct mount *mp, enum mount_counter which) 1732 { 1733 struct mount_pcpu *mpcpu; 1734 int cpu, sum; 1735 1736 switch (which) { 1737 case MNT_COUNT_REF: 1738 sum = mp->mnt_ref; 1739 break; 1740 case MNT_COUNT_LOCKREF: 1741 sum = mp->mnt_lockref; 1742 break; 1743 case MNT_COUNT_WRITEOPCOUNT: 1744 sum = mp->mnt_writeopcount; 1745 break; 1746 } 1747 1748 CPU_FOREACH(cpu) { 1749 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1750 switch (which) { 1751 case MNT_COUNT_REF: 1752 sum += mpcpu->mntp_ref; 1753 break; 1754 case MNT_COUNT_LOCKREF: 1755 sum += mpcpu->mntp_lockref; 1756 break; 1757 case MNT_COUNT_WRITEOPCOUNT: 1758 sum += mpcpu->mntp_writeopcount; 1759 break; 1760 } 1761 } 1762 return (sum); 1763 } 1764 1765 /* 1766 * Do the actual filesystem unmount. 1767 */ 1768 int 1769 dounmount(struct mount *mp, int flags, struct thread *td) 1770 { 1771 struct vnode *coveredvp, *rootvp; 1772 int error; 1773 uint64_t async_flag; 1774 int mnt_gen_r; 1775 1776 if ((coveredvp = mp->mnt_vnodecovered) != NULL) { 1777 mnt_gen_r = mp->mnt_gen; 1778 VI_LOCK(coveredvp); 1779 vholdl(coveredvp); 1780 vn_lock(coveredvp, LK_EXCLUSIVE | LK_INTERLOCK | LK_RETRY); 1781 /* 1782 * Check for mp being unmounted while waiting for the 1783 * covered vnode lock. 1784 */ 1785 if (coveredvp->v_mountedhere != mp || 1786 coveredvp->v_mountedhere->mnt_gen != mnt_gen_r) { 1787 VOP_UNLOCK(coveredvp); 1788 vdrop(coveredvp); 1789 vfs_rel(mp); 1790 return (EBUSY); 1791 } 1792 } 1793 1794 /* 1795 * Only privileged root, or (if MNT_USER is set) the user that did the 1796 * original mount is permitted to unmount this filesystem. 1797 */ 1798 error = vfs_suser(mp, td); 1799 if (error != 0) { 1800 if (coveredvp != NULL) { 1801 VOP_UNLOCK(coveredvp); 1802 vdrop(coveredvp); 1803 } 1804 vfs_rel(mp); 1805 return (error); 1806 } 1807 1808 vfs_op_enter(mp); 1809 1810 vn_start_write(NULL, &mp, V_WAIT | V_MNTREF); 1811 MNT_ILOCK(mp); 1812 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0 || 1813 (mp->mnt_flag & MNT_UPDATE) != 0 || 1814 !TAILQ_EMPTY(&mp->mnt_uppers)) { 1815 dounmount_cleanup(mp, coveredvp, 0); 1816 return (EBUSY); 1817 } 1818 mp->mnt_kern_flag |= MNTK_UNMOUNT; 1819 rootvp = vfs_cache_root_clear(mp); 1820 if (coveredvp != NULL) 1821 vn_seqc_write_begin(coveredvp); 1822 if (flags & MNT_NONBUSY) { 1823 MNT_IUNLOCK(mp); 1824 error = vfs_check_usecounts(mp); 1825 MNT_ILOCK(mp); 1826 if (error != 0) { 1827 vn_seqc_write_end(coveredvp); 1828 dounmount_cleanup(mp, coveredvp, MNTK_UNMOUNT); 1829 if (rootvp != NULL) { 1830 vn_seqc_write_end(rootvp); 1831 vrele(rootvp); 1832 } 1833 return (error); 1834 } 1835 } 1836 /* Allow filesystems to detect that a forced unmount is in progress. */ 1837 if (flags & MNT_FORCE) { 1838 mp->mnt_kern_flag |= MNTK_UNMOUNTF; 1839 MNT_IUNLOCK(mp); 1840 /* 1841 * Must be done after setting MNTK_UNMOUNTF and before 1842 * waiting for mnt_lockref to become 0. 1843 */ 1844 VFS_PURGE(mp); 1845 MNT_ILOCK(mp); 1846 } 1847 error = 0; 1848 if (mp->mnt_lockref) { 1849 mp->mnt_kern_flag |= MNTK_DRAINING; 1850 error = msleep(&mp->mnt_lockref, MNT_MTX(mp), PVFS, 1851 "mount drain", 0); 1852 } 1853 MNT_IUNLOCK(mp); 1854 KASSERT(mp->mnt_lockref == 0, 1855 ("%s: invalid lock refcount in the drain path @ %s:%d", 1856 __func__, __FILE__, __LINE__)); 1857 KASSERT(error == 0, 1858 ("%s: invalid return value for msleep in the drain path @ %s:%d", 1859 __func__, __FILE__, __LINE__)); 1860 1861 /* 1862 * We want to keep the vnode around so that we can vn_seqc_write_end 1863 * after we are done with unmount. Downgrade our reference to a mere 1864 * hold count so that we don't interefere with anything. 1865 */ 1866 if (rootvp != NULL) { 1867 vhold(rootvp); 1868 vrele(rootvp); 1869 } 1870 1871 if (mp->mnt_flag & MNT_EXPUBLIC) 1872 vfs_setpublicfs(NULL, NULL, NULL); 1873 1874 vfs_periodic(mp, MNT_WAIT); 1875 MNT_ILOCK(mp); 1876 async_flag = mp->mnt_flag & MNT_ASYNC; 1877 mp->mnt_flag &= ~MNT_ASYNC; 1878 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1879 MNT_IUNLOCK(mp); 1880 vfs_deallocate_syncvnode(mp); 1881 error = VFS_UNMOUNT(mp, flags); 1882 vn_finished_write(mp); 1883 /* 1884 * If we failed to flush the dirty blocks for this mount point, 1885 * undo all the cdir/rdir and rootvnode changes we made above. 1886 * Unless we failed to do so because the device is reporting that 1887 * it doesn't exist anymore. 1888 */ 1889 if (error && error != ENXIO) { 1890 MNT_ILOCK(mp); 1891 if ((mp->mnt_flag & MNT_RDONLY) == 0) { 1892 MNT_IUNLOCK(mp); 1893 vfs_allocate_syncvnode(mp); 1894 MNT_ILOCK(mp); 1895 } 1896 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF); 1897 mp->mnt_flag |= async_flag; 1898 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 1899 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 1900 mp->mnt_kern_flag |= MNTK_ASYNC; 1901 if (mp->mnt_kern_flag & MNTK_MWAIT) { 1902 mp->mnt_kern_flag &= ~MNTK_MWAIT; 1903 wakeup(mp); 1904 } 1905 vfs_op_exit_locked(mp); 1906 MNT_IUNLOCK(mp); 1907 if (coveredvp) { 1908 vn_seqc_write_end(coveredvp); 1909 VOP_UNLOCK(coveredvp); 1910 vdrop(coveredvp); 1911 } 1912 if (rootvp != NULL) { 1913 vn_seqc_write_end(rootvp); 1914 vdrop(rootvp); 1915 } 1916 return (error); 1917 } 1918 mtx_lock(&mountlist_mtx); 1919 TAILQ_REMOVE(&mountlist, mp, mnt_list); 1920 mtx_unlock(&mountlist_mtx); 1921 EVENTHANDLER_DIRECT_INVOKE(vfs_unmounted, mp, td); 1922 if (coveredvp != NULL) { 1923 VI_LOCK(coveredvp); 1924 vn_irflag_unset_locked(coveredvp, VIRF_MOUNTPOINT); 1925 coveredvp->v_mountedhere = NULL; 1926 vn_seqc_write_end_locked(coveredvp); 1927 VI_UNLOCK(coveredvp); 1928 VOP_UNLOCK(coveredvp); 1929 vdrop(coveredvp); 1930 } 1931 mount_devctl_event("UNMOUNT", mp, false); 1932 if (rootvp != NULL) { 1933 vn_seqc_write_end(rootvp); 1934 vdrop(rootvp); 1935 } 1936 vfs_event_signal(NULL, VQ_UNMOUNT, 0); 1937 if (rootvnode != NULL && mp == rootvnode->v_mount) { 1938 vrele(rootvnode); 1939 rootvnode = NULL; 1940 } 1941 if (mp == rootdevmp) 1942 rootdevmp = NULL; 1943 vfs_mount_destroy(mp); 1944 return (0); 1945 } 1946 1947 /* 1948 * Report errors during filesystem mounting. 1949 */ 1950 void 1951 vfs_mount_error(struct mount *mp, const char *fmt, ...) 1952 { 1953 struct vfsoptlist *moptlist = mp->mnt_optnew; 1954 va_list ap; 1955 int error, len; 1956 char *errmsg; 1957 1958 error = vfs_getopt(moptlist, "errmsg", (void **)&errmsg, &len); 1959 if (error || errmsg == NULL || len <= 0) 1960 return; 1961 1962 va_start(ap, fmt); 1963 vsnprintf(errmsg, (size_t)len, fmt, ap); 1964 va_end(ap); 1965 } 1966 1967 void 1968 vfs_opterror(struct vfsoptlist *opts, const char *fmt, ...) 1969 { 1970 va_list ap; 1971 int error, len; 1972 char *errmsg; 1973 1974 error = vfs_getopt(opts, "errmsg", (void **)&errmsg, &len); 1975 if (error || errmsg == NULL || len <= 0) 1976 return; 1977 1978 va_start(ap, fmt); 1979 vsnprintf(errmsg, (size_t)len, fmt, ap); 1980 va_end(ap); 1981 } 1982 1983 /* 1984 * --------------------------------------------------------------------- 1985 * Functions for querying mount options/arguments from filesystems. 1986 */ 1987 1988 /* 1989 * Check that no unknown options are given 1990 */ 1991 int 1992 vfs_filteropt(struct vfsoptlist *opts, const char **legal) 1993 { 1994 struct vfsopt *opt; 1995 char errmsg[255]; 1996 const char **t, *p, *q; 1997 int ret = 0; 1998 1999 TAILQ_FOREACH(opt, opts, link) { 2000 p = opt->name; 2001 q = NULL; 2002 if (p[0] == 'n' && p[1] == 'o') 2003 q = p + 2; 2004 for(t = global_opts; *t != NULL; t++) { 2005 if (strcmp(*t, p) == 0) 2006 break; 2007 if (q != NULL) { 2008 if (strcmp(*t, q) == 0) 2009 break; 2010 } 2011 } 2012 if (*t != NULL) 2013 continue; 2014 for(t = legal; *t != NULL; t++) { 2015 if (strcmp(*t, p) == 0) 2016 break; 2017 if (q != NULL) { 2018 if (strcmp(*t, q) == 0) 2019 break; 2020 } 2021 } 2022 if (*t != NULL) 2023 continue; 2024 snprintf(errmsg, sizeof(errmsg), 2025 "mount option <%s> is unknown", p); 2026 ret = EINVAL; 2027 } 2028 if (ret != 0) { 2029 TAILQ_FOREACH(opt, opts, link) { 2030 if (strcmp(opt->name, "errmsg") == 0) { 2031 strncpy((char *)opt->value, errmsg, opt->len); 2032 break; 2033 } 2034 } 2035 if (opt == NULL) 2036 printf("%s\n", errmsg); 2037 } 2038 return (ret); 2039 } 2040 2041 /* 2042 * Get a mount option by its name. 2043 * 2044 * Return 0 if the option was found, ENOENT otherwise. 2045 * If len is non-NULL it will be filled with the length 2046 * of the option. If buf is non-NULL, it will be filled 2047 * with the address of the option. 2048 */ 2049 int 2050 vfs_getopt(struct vfsoptlist *opts, const char *name, void **buf, int *len) 2051 { 2052 struct vfsopt *opt; 2053 2054 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL")); 2055 2056 TAILQ_FOREACH(opt, opts, link) { 2057 if (strcmp(name, opt->name) == 0) { 2058 opt->seen = 1; 2059 if (len != NULL) 2060 *len = opt->len; 2061 if (buf != NULL) 2062 *buf = opt->value; 2063 return (0); 2064 } 2065 } 2066 return (ENOENT); 2067 } 2068 2069 int 2070 vfs_getopt_pos(struct vfsoptlist *opts, const char *name) 2071 { 2072 struct vfsopt *opt; 2073 2074 if (opts == NULL) 2075 return (-1); 2076 2077 TAILQ_FOREACH(opt, opts, link) { 2078 if (strcmp(name, opt->name) == 0) { 2079 opt->seen = 1; 2080 return (opt->pos); 2081 } 2082 } 2083 return (-1); 2084 } 2085 2086 int 2087 vfs_getopt_size(struct vfsoptlist *opts, const char *name, off_t *value) 2088 { 2089 char *opt_value, *vtp; 2090 quad_t iv; 2091 int error, opt_len; 2092 2093 error = vfs_getopt(opts, name, (void **)&opt_value, &opt_len); 2094 if (error != 0) 2095 return (error); 2096 if (opt_len == 0 || opt_value == NULL) 2097 return (EINVAL); 2098 if (opt_value[0] == '\0' || opt_value[opt_len - 1] != '\0') 2099 return (EINVAL); 2100 iv = strtoq(opt_value, &vtp, 0); 2101 if (vtp == opt_value || (vtp[0] != '\0' && vtp[1] != '\0')) 2102 return (EINVAL); 2103 if (iv < 0) 2104 return (EINVAL); 2105 switch (vtp[0]) { 2106 case 't': case 'T': 2107 iv *= 1024; 2108 /* FALLTHROUGH */ 2109 case 'g': case 'G': 2110 iv *= 1024; 2111 /* FALLTHROUGH */ 2112 case 'm': case 'M': 2113 iv *= 1024; 2114 /* FALLTHROUGH */ 2115 case 'k': case 'K': 2116 iv *= 1024; 2117 case '\0': 2118 break; 2119 default: 2120 return (EINVAL); 2121 } 2122 *value = iv; 2123 2124 return (0); 2125 } 2126 2127 char * 2128 vfs_getopts(struct vfsoptlist *opts, const char *name, int *error) 2129 { 2130 struct vfsopt *opt; 2131 2132 *error = 0; 2133 TAILQ_FOREACH(opt, opts, link) { 2134 if (strcmp(name, opt->name) != 0) 2135 continue; 2136 opt->seen = 1; 2137 if (opt->len == 0 || 2138 ((char *)opt->value)[opt->len - 1] != '\0') { 2139 *error = EINVAL; 2140 return (NULL); 2141 } 2142 return (opt->value); 2143 } 2144 *error = ENOENT; 2145 return (NULL); 2146 } 2147 2148 int 2149 vfs_flagopt(struct vfsoptlist *opts, const char *name, uint64_t *w, 2150 uint64_t val) 2151 { 2152 struct vfsopt *opt; 2153 2154 TAILQ_FOREACH(opt, opts, link) { 2155 if (strcmp(name, opt->name) == 0) { 2156 opt->seen = 1; 2157 if (w != NULL) 2158 *w |= val; 2159 return (1); 2160 } 2161 } 2162 if (w != NULL) 2163 *w &= ~val; 2164 return (0); 2165 } 2166 2167 int 2168 vfs_scanopt(struct vfsoptlist *opts, const char *name, const char *fmt, ...) 2169 { 2170 va_list ap; 2171 struct vfsopt *opt; 2172 int ret; 2173 2174 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL")); 2175 2176 TAILQ_FOREACH(opt, opts, link) { 2177 if (strcmp(name, opt->name) != 0) 2178 continue; 2179 opt->seen = 1; 2180 if (opt->len == 0 || opt->value == NULL) 2181 return (0); 2182 if (((char *)opt->value)[opt->len - 1] != '\0') 2183 return (0); 2184 va_start(ap, fmt); 2185 ret = vsscanf(opt->value, fmt, ap); 2186 va_end(ap); 2187 return (ret); 2188 } 2189 return (0); 2190 } 2191 2192 int 2193 vfs_setopt(struct vfsoptlist *opts, const char *name, void *value, int len) 2194 { 2195 struct vfsopt *opt; 2196 2197 TAILQ_FOREACH(opt, opts, link) { 2198 if (strcmp(name, opt->name) != 0) 2199 continue; 2200 opt->seen = 1; 2201 if (opt->value == NULL) 2202 opt->len = len; 2203 else { 2204 if (opt->len != len) 2205 return (EINVAL); 2206 bcopy(value, opt->value, len); 2207 } 2208 return (0); 2209 } 2210 return (ENOENT); 2211 } 2212 2213 int 2214 vfs_setopt_part(struct vfsoptlist *opts, const char *name, void *value, int len) 2215 { 2216 struct vfsopt *opt; 2217 2218 TAILQ_FOREACH(opt, opts, link) { 2219 if (strcmp(name, opt->name) != 0) 2220 continue; 2221 opt->seen = 1; 2222 if (opt->value == NULL) 2223 opt->len = len; 2224 else { 2225 if (opt->len < len) 2226 return (EINVAL); 2227 opt->len = len; 2228 bcopy(value, opt->value, len); 2229 } 2230 return (0); 2231 } 2232 return (ENOENT); 2233 } 2234 2235 int 2236 vfs_setopts(struct vfsoptlist *opts, const char *name, const char *value) 2237 { 2238 struct vfsopt *opt; 2239 2240 TAILQ_FOREACH(opt, opts, link) { 2241 if (strcmp(name, opt->name) != 0) 2242 continue; 2243 opt->seen = 1; 2244 if (opt->value == NULL) 2245 opt->len = strlen(value) + 1; 2246 else if (strlcpy(opt->value, value, opt->len) >= opt->len) 2247 return (EINVAL); 2248 return (0); 2249 } 2250 return (ENOENT); 2251 } 2252 2253 /* 2254 * Find and copy a mount option. 2255 * 2256 * The size of the buffer has to be specified 2257 * in len, if it is not the same length as the 2258 * mount option, EINVAL is returned. 2259 * Returns ENOENT if the option is not found. 2260 */ 2261 int 2262 vfs_copyopt(struct vfsoptlist *opts, const char *name, void *dest, int len) 2263 { 2264 struct vfsopt *opt; 2265 2266 KASSERT(opts != NULL, ("vfs_copyopt: caller passed 'opts' as NULL")); 2267 2268 TAILQ_FOREACH(opt, opts, link) { 2269 if (strcmp(name, opt->name) == 0) { 2270 opt->seen = 1; 2271 if (len != opt->len) 2272 return (EINVAL); 2273 bcopy(opt->value, dest, opt->len); 2274 return (0); 2275 } 2276 } 2277 return (ENOENT); 2278 } 2279 2280 int 2281 __vfs_statfs(struct mount *mp, struct statfs *sbp) 2282 { 2283 2284 /* 2285 * Filesystems only fill in part of the structure for updates, we 2286 * have to read the entirety first to get all content. 2287 */ 2288 if (sbp != &mp->mnt_stat) 2289 memcpy(sbp, &mp->mnt_stat, sizeof(*sbp)); 2290 2291 /* 2292 * Set these in case the underlying filesystem fails to do so. 2293 */ 2294 sbp->f_version = STATFS_VERSION; 2295 sbp->f_namemax = NAME_MAX; 2296 sbp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; 2297 2298 return (mp->mnt_op->vfs_statfs(mp, sbp)); 2299 } 2300 2301 void 2302 vfs_mountedfrom(struct mount *mp, const char *from) 2303 { 2304 2305 bzero(mp->mnt_stat.f_mntfromname, sizeof mp->mnt_stat.f_mntfromname); 2306 strlcpy(mp->mnt_stat.f_mntfromname, from, 2307 sizeof mp->mnt_stat.f_mntfromname); 2308 } 2309 2310 /* 2311 * --------------------------------------------------------------------- 2312 * This is the api for building mount args and mounting filesystems from 2313 * inside the kernel. 2314 * 2315 * The API works by accumulation of individual args. First error is 2316 * latched. 2317 * 2318 * XXX: should be documented in new manpage kernel_mount(9) 2319 */ 2320 2321 /* A memory allocation which must be freed when we are done */ 2322 struct mntaarg { 2323 SLIST_ENTRY(mntaarg) next; 2324 }; 2325 2326 /* The header for the mount arguments */ 2327 struct mntarg { 2328 struct iovec *v; 2329 int len; 2330 int error; 2331 SLIST_HEAD(, mntaarg) list; 2332 }; 2333 2334 /* 2335 * Add a boolean argument. 2336 * 2337 * flag is the boolean value. 2338 * name must start with "no". 2339 */ 2340 struct mntarg * 2341 mount_argb(struct mntarg *ma, int flag, const char *name) 2342 { 2343 2344 KASSERT(name[0] == 'n' && name[1] == 'o', 2345 ("mount_argb(...,%s): name must start with 'no'", name)); 2346 2347 return (mount_arg(ma, name + (flag ? 2 : 0), NULL, 0)); 2348 } 2349 2350 /* 2351 * Add an argument printf style 2352 */ 2353 struct mntarg * 2354 mount_argf(struct mntarg *ma, const char *name, const char *fmt, ...) 2355 { 2356 va_list ap; 2357 struct mntaarg *maa; 2358 struct sbuf *sb; 2359 int len; 2360 2361 if (ma == NULL) { 2362 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2363 SLIST_INIT(&ma->list); 2364 } 2365 if (ma->error) 2366 return (ma); 2367 2368 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2), 2369 M_MOUNT, M_WAITOK); 2370 ma->v[ma->len].iov_base = (void *)(uintptr_t)name; 2371 ma->v[ma->len].iov_len = strlen(name) + 1; 2372 ma->len++; 2373 2374 sb = sbuf_new_auto(); 2375 va_start(ap, fmt); 2376 sbuf_vprintf(sb, fmt, ap); 2377 va_end(ap); 2378 sbuf_finish(sb); 2379 len = sbuf_len(sb) + 1; 2380 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO); 2381 SLIST_INSERT_HEAD(&ma->list, maa, next); 2382 bcopy(sbuf_data(sb), maa + 1, len); 2383 sbuf_delete(sb); 2384 2385 ma->v[ma->len].iov_base = maa + 1; 2386 ma->v[ma->len].iov_len = len; 2387 ma->len++; 2388 2389 return (ma); 2390 } 2391 2392 /* 2393 * Add an argument which is a userland string. 2394 */ 2395 struct mntarg * 2396 mount_argsu(struct mntarg *ma, const char *name, const void *val, int len) 2397 { 2398 struct mntaarg *maa; 2399 char *tbuf; 2400 2401 if (val == NULL) 2402 return (ma); 2403 if (ma == NULL) { 2404 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2405 SLIST_INIT(&ma->list); 2406 } 2407 if (ma->error) 2408 return (ma); 2409 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO); 2410 SLIST_INSERT_HEAD(&ma->list, maa, next); 2411 tbuf = (void *)(maa + 1); 2412 ma->error = copyinstr(val, tbuf, len, NULL); 2413 return (mount_arg(ma, name, tbuf, -1)); 2414 } 2415 2416 /* 2417 * Plain argument. 2418 * 2419 * If length is -1, treat value as a C string. 2420 */ 2421 struct mntarg * 2422 mount_arg(struct mntarg *ma, const char *name, const void *val, int len) 2423 { 2424 2425 if (ma == NULL) { 2426 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2427 SLIST_INIT(&ma->list); 2428 } 2429 if (ma->error) 2430 return (ma); 2431 2432 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2), 2433 M_MOUNT, M_WAITOK); 2434 ma->v[ma->len].iov_base = (void *)(uintptr_t)name; 2435 ma->v[ma->len].iov_len = strlen(name) + 1; 2436 ma->len++; 2437 2438 ma->v[ma->len].iov_base = (void *)(uintptr_t)val; 2439 if (len < 0) 2440 ma->v[ma->len].iov_len = strlen(val) + 1; 2441 else 2442 ma->v[ma->len].iov_len = len; 2443 ma->len++; 2444 return (ma); 2445 } 2446 2447 /* 2448 * Free a mntarg structure 2449 */ 2450 static void 2451 free_mntarg(struct mntarg *ma) 2452 { 2453 struct mntaarg *maa; 2454 2455 while (!SLIST_EMPTY(&ma->list)) { 2456 maa = SLIST_FIRST(&ma->list); 2457 SLIST_REMOVE_HEAD(&ma->list, next); 2458 free(maa, M_MOUNT); 2459 } 2460 free(ma->v, M_MOUNT); 2461 free(ma, M_MOUNT); 2462 } 2463 2464 /* 2465 * Mount a filesystem 2466 */ 2467 int 2468 kernel_mount(struct mntarg *ma, uint64_t flags) 2469 { 2470 struct uio auio; 2471 int error; 2472 2473 KASSERT(ma != NULL, ("kernel_mount NULL ma")); 2474 KASSERT(ma->v != NULL, ("kernel_mount NULL ma->v")); 2475 KASSERT(!(ma->len & 1), ("kernel_mount odd ma->len (%d)", ma->len)); 2476 2477 auio.uio_iov = ma->v; 2478 auio.uio_iovcnt = ma->len; 2479 auio.uio_segflg = UIO_SYSSPACE; 2480 2481 error = ma->error; 2482 if (!error) 2483 error = vfs_donmount(curthread, flags, &auio); 2484 free_mntarg(ma); 2485 return (error); 2486 } 2487 2488 /* 2489 * A printflike function to mount a filesystem. 2490 */ 2491 int 2492 kernel_vmount(int flags, ...) 2493 { 2494 struct mntarg *ma = NULL; 2495 va_list ap; 2496 const char *cp; 2497 const void *vp; 2498 int error; 2499 2500 va_start(ap, flags); 2501 for (;;) { 2502 cp = va_arg(ap, const char *); 2503 if (cp == NULL) 2504 break; 2505 vp = va_arg(ap, const void *); 2506 ma = mount_arg(ma, cp, vp, (vp != NULL ? -1 : 0)); 2507 } 2508 va_end(ap); 2509 2510 error = kernel_mount(ma, flags); 2511 return (error); 2512 } 2513 2514 /* Map from mount options to printable formats. */ 2515 static struct mntoptnames optnames[] = { 2516 MNTOPT_NAMES 2517 }; 2518 2519 static void 2520 mount_devctl_event_mntopt(struct sbuf *sb, const char *what, struct vfsoptlist *opts) 2521 { 2522 struct vfsopt *opt; 2523 2524 if (opts == NULL || TAILQ_EMPTY(opts)) 2525 return; 2526 sbuf_printf(sb, " %s=\"", what); 2527 TAILQ_FOREACH(opt, opts, link) { 2528 if (opt->name[0] == '\0' || (opt->len > 0 && *(char *)opt->value == '\0')) 2529 continue; 2530 devctl_safe_quote_sb(sb, opt->name); 2531 if (opt->len > 0) { 2532 sbuf_putc(sb, '='); 2533 devctl_safe_quote_sb(sb, opt->value); 2534 } 2535 sbuf_putc(sb, ';'); 2536 } 2537 sbuf_putc(sb, '"'); 2538 } 2539 2540 #define DEVCTL_LEN 1024 2541 static void 2542 mount_devctl_event(const char *type, struct mount *mp, bool donew) 2543 { 2544 const uint8_t *cp; 2545 struct mntoptnames *fp; 2546 struct sbuf sb; 2547 struct statfs *sfp = &mp->mnt_stat; 2548 char *buf; 2549 2550 buf = malloc(DEVCTL_LEN, M_MOUNT, M_NOWAIT); 2551 if (buf == NULL) 2552 return; 2553 sbuf_new(&sb, buf, DEVCTL_LEN, SBUF_FIXEDLEN); 2554 sbuf_cpy(&sb, "mount-point=\""); 2555 devctl_safe_quote_sb(&sb, sfp->f_mntonname); 2556 sbuf_cat(&sb, "\" mount-dev=\""); 2557 devctl_safe_quote_sb(&sb, sfp->f_mntfromname); 2558 sbuf_cat(&sb, "\" mount-type=\""); 2559 devctl_safe_quote_sb(&sb, sfp->f_fstypename); 2560 sbuf_cat(&sb, "\" fsid=0x"); 2561 cp = (const uint8_t *)&sfp->f_fsid.val[0]; 2562 for (int i = 0; i < sizeof(sfp->f_fsid); i++) 2563 sbuf_printf(&sb, "%02x", cp[i]); 2564 sbuf_printf(&sb, " owner=%u flags=\"", sfp->f_owner); 2565 for (fp = optnames; fp->o_opt != 0; fp++) { 2566 if ((mp->mnt_flag & fp->o_opt) != 0) { 2567 sbuf_cat(&sb, fp->o_name); 2568 sbuf_putc(&sb, ';'); 2569 } 2570 } 2571 sbuf_putc(&sb, '"'); 2572 mount_devctl_event_mntopt(&sb, "opt", mp->mnt_opt); 2573 if (donew) 2574 mount_devctl_event_mntopt(&sb, "optnew", mp->mnt_optnew); 2575 sbuf_finish(&sb); 2576 2577 if (sbuf_error(&sb) == 0) 2578 devctl_notify("VFS", "FS", type, sbuf_data(&sb)); 2579 sbuf_delete(&sb); 2580 free(buf, M_MOUNT); 2581 } 2582 2583 /* 2584 * Suspend write operations on all local writeable filesystems. Does 2585 * full sync of them in the process. 2586 * 2587 * Iterate over the mount points in reverse order, suspending most 2588 * recently mounted filesystems first. It handles a case where a 2589 * filesystem mounted from a md(4) vnode-backed device should be 2590 * suspended before the filesystem that owns the vnode. 2591 */ 2592 void 2593 suspend_all_fs(void) 2594 { 2595 struct mount *mp; 2596 int error; 2597 2598 mtx_lock(&mountlist_mtx); 2599 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 2600 error = vfs_busy(mp, MBF_MNTLSTLOCK | MBF_NOWAIT); 2601 if (error != 0) 2602 continue; 2603 if ((mp->mnt_flag & (MNT_RDONLY | MNT_LOCAL)) != MNT_LOCAL || 2604 (mp->mnt_kern_flag & MNTK_SUSPEND) != 0) { 2605 mtx_lock(&mountlist_mtx); 2606 vfs_unbusy(mp); 2607 continue; 2608 } 2609 error = vfs_write_suspend(mp, 0); 2610 if (error == 0) { 2611 MNT_ILOCK(mp); 2612 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0); 2613 mp->mnt_kern_flag |= MNTK_SUSPEND_ALL; 2614 MNT_IUNLOCK(mp); 2615 mtx_lock(&mountlist_mtx); 2616 } else { 2617 printf("suspend of %s failed, error %d\n", 2618 mp->mnt_stat.f_mntonname, error); 2619 mtx_lock(&mountlist_mtx); 2620 vfs_unbusy(mp); 2621 } 2622 } 2623 mtx_unlock(&mountlist_mtx); 2624 } 2625 2626 void 2627 resume_all_fs(void) 2628 { 2629 struct mount *mp; 2630 2631 mtx_lock(&mountlist_mtx); 2632 TAILQ_FOREACH(mp, &mountlist, mnt_list) { 2633 if ((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0) 2634 continue; 2635 mtx_unlock(&mountlist_mtx); 2636 MNT_ILOCK(mp); 2637 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND) != 0); 2638 mp->mnt_kern_flag &= ~MNTK_SUSPEND_ALL; 2639 MNT_IUNLOCK(mp); 2640 vfs_write_resume(mp, 0); 2641 mtx_lock(&mountlist_mtx); 2642 vfs_unbusy(mp); 2643 } 2644 mtx_unlock(&mountlist_mtx); 2645 } 2646