1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1999-2004 Poul-Henning Kamp 5 * Copyright (c) 1999 Michael Smith 6 * Copyright (c) 1989, 1993 7 * The Regents of the University of California. All rights reserved. 8 * (c) UNIX System Laboratories, Inc. 9 * All or some portions of this file are derived from material licensed 10 * to the University of California by American Telephone and Telegraph 11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 12 * the permission of UNIX System Laboratories, Inc. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 */ 38 39 #include <sys/cdefs.h> 40 __FBSDID("$FreeBSD$"); 41 42 #include <sys/param.h> 43 #include <sys/conf.h> 44 #include <sys/smp.h> 45 #include <sys/devctl.h> 46 #include <sys/eventhandler.h> 47 #include <sys/fcntl.h> 48 #include <sys/jail.h> 49 #include <sys/kernel.h> 50 #include <sys/ktr.h> 51 #include <sys/libkern.h> 52 #include <sys/limits.h> 53 #include <sys/malloc.h> 54 #include <sys/mount.h> 55 #include <sys/mutex.h> 56 #include <sys/namei.h> 57 #include <sys/priv.h> 58 #include <sys/proc.h> 59 #include <sys/filedesc.h> 60 #include <sys/reboot.h> 61 #include <sys/sbuf.h> 62 #include <sys/syscallsubr.h> 63 #include <sys/sysproto.h> 64 #include <sys/sx.h> 65 #include <sys/sysctl.h> 66 #include <sys/systm.h> 67 #include <sys/taskqueue.h> 68 #include <sys/vnode.h> 69 #include <vm/uma.h> 70 71 #include <geom/geom.h> 72 73 #include <machine/stdarg.h> 74 75 #include <security/audit/audit.h> 76 #include <security/mac/mac_framework.h> 77 78 #define VFS_MOUNTARG_SIZE_MAX (1024 * 64) 79 80 static int vfs_domount(struct thread *td, const char *fstype, char *fspath, 81 uint64_t fsflags, struct vfsoptlist **optlist); 82 static void free_mntarg(struct mntarg *ma); 83 84 static int usermount = 0; 85 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0, 86 "Unprivileged users may mount and unmount file systems"); 87 88 static bool default_autoro = false; 89 SYSCTL_BOOL(_vfs, OID_AUTO, default_autoro, CTLFLAG_RW, &default_autoro, 0, 90 "Retry failed r/w mount as r/o if no explicit ro/rw option is specified"); 91 92 static bool recursive_forced_unmount = false; 93 SYSCTL_BOOL(_vfs, OID_AUTO, recursive_forced_unmount, CTLFLAG_RW, 94 &recursive_forced_unmount, 0, "Recursively unmount stacked upper mounts" 95 " when a file system is forcibly unmounted"); 96 97 static SYSCTL_NODE(_vfs, OID_AUTO, deferred_unmount, 98 CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "deferred unmount controls"); 99 100 static unsigned int deferred_unmount_retry_limit = 10; 101 SYSCTL_UINT(_vfs_deferred_unmount, OID_AUTO, retry_limit, CTLFLAG_RW, 102 &deferred_unmount_retry_limit, 0, 103 "Maximum number of retries for deferred unmount failure"); 104 105 static int deferred_unmount_retry_delay_hz; 106 SYSCTL_INT(_vfs_deferred_unmount, OID_AUTO, retry_delay_hz, CTLFLAG_RW, 107 &deferred_unmount_retry_delay_hz, 0, 108 "Delay in units of [1/kern.hz]s when retrying a failed deferred unmount"); 109 110 static int deferred_unmount_total_retries = 0; 111 SYSCTL_INT(_vfs_deferred_unmount, OID_AUTO, total_retries, CTLFLAG_RD, 112 &deferred_unmount_total_retries, 0, 113 "Total number of retried deferred unmounts"); 114 115 MALLOC_DEFINE(M_MOUNT, "mount", "vfs mount structure"); 116 MALLOC_DEFINE(M_STATFS, "statfs", "statfs structure"); 117 static uma_zone_t mount_zone; 118 119 /* List of mounted filesystems. */ 120 struct mntlist mountlist = TAILQ_HEAD_INITIALIZER(mountlist); 121 122 /* For any iteration/modification of mountlist */ 123 struct mtx_padalign __exclusive_cache_line mountlist_mtx; 124 125 EVENTHANDLER_LIST_DEFINE(vfs_mounted); 126 EVENTHANDLER_LIST_DEFINE(vfs_unmounted); 127 128 static void vfs_deferred_unmount(void *arg, int pending); 129 static struct timeout_task deferred_unmount_task; 130 static struct mtx deferred_unmount_lock; 131 MTX_SYSINIT(deferred_unmount, &deferred_unmount_lock, "deferred_unmount", 132 MTX_DEF); 133 static STAILQ_HEAD(, mount) deferred_unmount_list = 134 STAILQ_HEAD_INITIALIZER(deferred_unmount_list); 135 TASKQUEUE_DEFINE_THREAD(deferred_unmount); 136 137 static void mount_devctl_event(const char *type, struct mount *mp, bool donew); 138 139 /* 140 * Global opts, taken by all filesystems 141 */ 142 static const char *global_opts[] = { 143 "errmsg", 144 "fstype", 145 "fspath", 146 "ro", 147 "rw", 148 "nosuid", 149 "noexec", 150 NULL 151 }; 152 153 static int 154 mount_init(void *mem, int size, int flags) 155 { 156 struct mount *mp; 157 158 mp = (struct mount *)mem; 159 mtx_init(&mp->mnt_mtx, "struct mount mtx", NULL, MTX_DEF); 160 mtx_init(&mp->mnt_listmtx, "struct mount vlist mtx", NULL, MTX_DEF); 161 lockinit(&mp->mnt_explock, PVFS, "explock", 0, 0); 162 mp->mnt_pcpu = uma_zalloc_pcpu(pcpu_zone_16, M_WAITOK | M_ZERO); 163 mp->mnt_ref = 0; 164 mp->mnt_vfs_ops = 1; 165 mp->mnt_rootvnode = NULL; 166 return (0); 167 } 168 169 static void 170 mount_fini(void *mem, int size) 171 { 172 struct mount *mp; 173 174 mp = (struct mount *)mem; 175 uma_zfree_pcpu(pcpu_zone_16, mp->mnt_pcpu); 176 lockdestroy(&mp->mnt_explock); 177 mtx_destroy(&mp->mnt_listmtx); 178 mtx_destroy(&mp->mnt_mtx); 179 } 180 181 static void 182 vfs_mount_init(void *dummy __unused) 183 { 184 TIMEOUT_TASK_INIT(taskqueue_deferred_unmount, &deferred_unmount_task, 185 0, vfs_deferred_unmount, NULL); 186 deferred_unmount_retry_delay_hz = hz; 187 mount_zone = uma_zcreate("Mountpoints", sizeof(struct mount), NULL, 188 NULL, mount_init, mount_fini, UMA_ALIGN_CACHE, UMA_ZONE_NOFREE); 189 mtx_init(&mountlist_mtx, "mountlist", NULL, MTX_DEF); 190 } 191 SYSINIT(vfs_mount, SI_SUB_VFS, SI_ORDER_ANY, vfs_mount_init, NULL); 192 193 /* 194 * --------------------------------------------------------------------- 195 * Functions for building and sanitizing the mount options 196 */ 197 198 /* Remove one mount option. */ 199 static void 200 vfs_freeopt(struct vfsoptlist *opts, struct vfsopt *opt) 201 { 202 203 TAILQ_REMOVE(opts, opt, link); 204 free(opt->name, M_MOUNT); 205 if (opt->value != NULL) 206 free(opt->value, M_MOUNT); 207 free(opt, M_MOUNT); 208 } 209 210 /* Release all resources related to the mount options. */ 211 void 212 vfs_freeopts(struct vfsoptlist *opts) 213 { 214 struct vfsopt *opt; 215 216 while (!TAILQ_EMPTY(opts)) { 217 opt = TAILQ_FIRST(opts); 218 vfs_freeopt(opts, opt); 219 } 220 free(opts, M_MOUNT); 221 } 222 223 void 224 vfs_deleteopt(struct vfsoptlist *opts, const char *name) 225 { 226 struct vfsopt *opt, *temp; 227 228 if (opts == NULL) 229 return; 230 TAILQ_FOREACH_SAFE(opt, opts, link, temp) { 231 if (strcmp(opt->name, name) == 0) 232 vfs_freeopt(opts, opt); 233 } 234 } 235 236 static int 237 vfs_isopt_ro(const char *opt) 238 { 239 240 if (strcmp(opt, "ro") == 0 || strcmp(opt, "rdonly") == 0 || 241 strcmp(opt, "norw") == 0) 242 return (1); 243 return (0); 244 } 245 246 static int 247 vfs_isopt_rw(const char *opt) 248 { 249 250 if (strcmp(opt, "rw") == 0 || strcmp(opt, "noro") == 0) 251 return (1); 252 return (0); 253 } 254 255 /* 256 * Check if options are equal (with or without the "no" prefix). 257 */ 258 static int 259 vfs_equalopts(const char *opt1, const char *opt2) 260 { 261 char *p; 262 263 /* "opt" vs. "opt" or "noopt" vs. "noopt" */ 264 if (strcmp(opt1, opt2) == 0) 265 return (1); 266 /* "noopt" vs. "opt" */ 267 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0) 268 return (1); 269 /* "opt" vs. "noopt" */ 270 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0) 271 return (1); 272 while ((p = strchr(opt1, '.')) != NULL && 273 !strncmp(opt1, opt2, ++p - opt1)) { 274 opt2 += p - opt1; 275 opt1 = p; 276 /* "foo.noopt" vs. "foo.opt" */ 277 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0) 278 return (1); 279 /* "foo.opt" vs. "foo.noopt" */ 280 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0) 281 return (1); 282 } 283 /* "ro" / "rdonly" / "norw" / "rw" / "noro" */ 284 if ((vfs_isopt_ro(opt1) || vfs_isopt_rw(opt1)) && 285 (vfs_isopt_ro(opt2) || vfs_isopt_rw(opt2))) 286 return (1); 287 return (0); 288 } 289 290 /* 291 * If a mount option is specified several times, 292 * (with or without the "no" prefix) only keep 293 * the last occurrence of it. 294 */ 295 static void 296 vfs_sanitizeopts(struct vfsoptlist *opts) 297 { 298 struct vfsopt *opt, *opt2, *tmp; 299 300 TAILQ_FOREACH_REVERSE(opt, opts, vfsoptlist, link) { 301 opt2 = TAILQ_PREV(opt, vfsoptlist, link); 302 while (opt2 != NULL) { 303 if (vfs_equalopts(opt->name, opt2->name)) { 304 tmp = TAILQ_PREV(opt2, vfsoptlist, link); 305 vfs_freeopt(opts, opt2); 306 opt2 = tmp; 307 } else { 308 opt2 = TAILQ_PREV(opt2, vfsoptlist, link); 309 } 310 } 311 } 312 } 313 314 /* 315 * Build a linked list of mount options from a struct uio. 316 */ 317 int 318 vfs_buildopts(struct uio *auio, struct vfsoptlist **options) 319 { 320 struct vfsoptlist *opts; 321 struct vfsopt *opt; 322 size_t memused, namelen, optlen; 323 unsigned int i, iovcnt; 324 int error; 325 326 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK); 327 TAILQ_INIT(opts); 328 memused = 0; 329 iovcnt = auio->uio_iovcnt; 330 for (i = 0; i < iovcnt; i += 2) { 331 namelen = auio->uio_iov[i].iov_len; 332 optlen = auio->uio_iov[i + 1].iov_len; 333 memused += sizeof(struct vfsopt) + optlen + namelen; 334 /* 335 * Avoid consuming too much memory, and attempts to overflow 336 * memused. 337 */ 338 if (memused > VFS_MOUNTARG_SIZE_MAX || 339 optlen > VFS_MOUNTARG_SIZE_MAX || 340 namelen > VFS_MOUNTARG_SIZE_MAX) { 341 error = EINVAL; 342 goto bad; 343 } 344 345 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK); 346 opt->name = malloc(namelen, M_MOUNT, M_WAITOK); 347 opt->value = NULL; 348 opt->len = 0; 349 opt->pos = i / 2; 350 opt->seen = 0; 351 352 /* 353 * Do this early, so jumps to "bad" will free the current 354 * option. 355 */ 356 TAILQ_INSERT_TAIL(opts, opt, link); 357 358 if (auio->uio_segflg == UIO_SYSSPACE) { 359 bcopy(auio->uio_iov[i].iov_base, opt->name, namelen); 360 } else { 361 error = copyin(auio->uio_iov[i].iov_base, opt->name, 362 namelen); 363 if (error) 364 goto bad; 365 } 366 /* Ensure names are null-terminated strings. */ 367 if (namelen == 0 || opt->name[namelen - 1] != '\0') { 368 error = EINVAL; 369 goto bad; 370 } 371 if (optlen != 0) { 372 opt->len = optlen; 373 opt->value = malloc(optlen, M_MOUNT, M_WAITOK); 374 if (auio->uio_segflg == UIO_SYSSPACE) { 375 bcopy(auio->uio_iov[i + 1].iov_base, opt->value, 376 optlen); 377 } else { 378 error = copyin(auio->uio_iov[i + 1].iov_base, 379 opt->value, optlen); 380 if (error) 381 goto bad; 382 } 383 } 384 } 385 vfs_sanitizeopts(opts); 386 *options = opts; 387 return (0); 388 bad: 389 vfs_freeopts(opts); 390 return (error); 391 } 392 393 /* 394 * Merge the old mount options with the new ones passed 395 * in the MNT_UPDATE case. 396 * 397 * XXX: This function will keep a "nofoo" option in the new 398 * options. E.g, if the option's canonical name is "foo", 399 * "nofoo" ends up in the mount point's active options. 400 */ 401 static void 402 vfs_mergeopts(struct vfsoptlist *toopts, struct vfsoptlist *oldopts) 403 { 404 struct vfsopt *opt, *new; 405 406 TAILQ_FOREACH(opt, oldopts, link) { 407 new = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK); 408 new->name = strdup(opt->name, M_MOUNT); 409 if (opt->len != 0) { 410 new->value = malloc(opt->len, M_MOUNT, M_WAITOK); 411 bcopy(opt->value, new->value, opt->len); 412 } else 413 new->value = NULL; 414 new->len = opt->len; 415 new->seen = opt->seen; 416 TAILQ_INSERT_HEAD(toopts, new, link); 417 } 418 vfs_sanitizeopts(toopts); 419 } 420 421 /* 422 * Mount a filesystem. 423 */ 424 #ifndef _SYS_SYSPROTO_H_ 425 struct nmount_args { 426 struct iovec *iovp; 427 unsigned int iovcnt; 428 int flags; 429 }; 430 #endif 431 int 432 sys_nmount(struct thread *td, struct nmount_args *uap) 433 { 434 struct uio *auio; 435 int error; 436 u_int iovcnt; 437 uint64_t flags; 438 439 /* 440 * Mount flags are now 64-bits. On 32-bit archtectures only 441 * 32-bits are passed in, but from here on everything handles 442 * 64-bit flags correctly. 443 */ 444 flags = uap->flags; 445 446 AUDIT_ARG_FFLAGS(flags); 447 CTR4(KTR_VFS, "%s: iovp %p with iovcnt %d and flags %d", __func__, 448 uap->iovp, uap->iovcnt, flags); 449 450 /* 451 * Filter out MNT_ROOTFS. We do not want clients of nmount() in 452 * userspace to set this flag, but we must filter it out if we want 453 * MNT_UPDATE on the root file system to work. 454 * MNT_ROOTFS should only be set by the kernel when mounting its 455 * root file system. 456 */ 457 flags &= ~MNT_ROOTFS; 458 459 iovcnt = uap->iovcnt; 460 /* 461 * Check that we have an even number of iovec's 462 * and that we have at least two options. 463 */ 464 if ((iovcnt & 1) || (iovcnt < 4)) { 465 CTR2(KTR_VFS, "%s: failed for invalid iovcnt %d", __func__, 466 uap->iovcnt); 467 return (EINVAL); 468 } 469 470 error = copyinuio(uap->iovp, iovcnt, &auio); 471 if (error) { 472 CTR2(KTR_VFS, "%s: failed for invalid uio op with %d errno", 473 __func__, error); 474 return (error); 475 } 476 error = vfs_donmount(td, flags, auio); 477 478 free(auio, M_IOV); 479 return (error); 480 } 481 482 /* 483 * --------------------------------------------------------------------- 484 * Various utility functions 485 */ 486 487 /* 488 * Get a reference on a mount point from a vnode. 489 * 490 * The vnode is allowed to be passed unlocked and race against dooming. Note in 491 * such case there are no guarantees the referenced mount point will still be 492 * associated with it after the function returns. 493 */ 494 struct mount * 495 vfs_ref_from_vp(struct vnode *vp) 496 { 497 struct mount *mp; 498 struct mount_pcpu *mpcpu; 499 500 mp = atomic_load_ptr(&vp->v_mount); 501 if (__predict_false(mp == NULL)) { 502 return (mp); 503 } 504 if (vfs_op_thread_enter(mp, mpcpu)) { 505 if (__predict_true(mp == vp->v_mount)) { 506 vfs_mp_count_add_pcpu(mpcpu, ref, 1); 507 vfs_op_thread_exit(mp, mpcpu); 508 } else { 509 vfs_op_thread_exit(mp, mpcpu); 510 mp = NULL; 511 } 512 } else { 513 MNT_ILOCK(mp); 514 if (mp == vp->v_mount) { 515 MNT_REF(mp); 516 MNT_IUNLOCK(mp); 517 } else { 518 MNT_IUNLOCK(mp); 519 mp = NULL; 520 } 521 } 522 return (mp); 523 } 524 525 void 526 vfs_ref(struct mount *mp) 527 { 528 struct mount_pcpu *mpcpu; 529 530 CTR2(KTR_VFS, "%s: mp %p", __func__, mp); 531 if (vfs_op_thread_enter(mp, mpcpu)) { 532 vfs_mp_count_add_pcpu(mpcpu, ref, 1); 533 vfs_op_thread_exit(mp, mpcpu); 534 return; 535 } 536 537 MNT_ILOCK(mp); 538 MNT_REF(mp); 539 MNT_IUNLOCK(mp); 540 } 541 542 /* 543 * Register ump as an upper mount of the mount associated with 544 * vnode vp. This registration will be tracked through 545 * mount_upper_node upper, which should be allocated by the 546 * caller and stored in per-mount data associated with mp. 547 * 548 * If successful, this function will return the mount associated 549 * with vp, and will ensure that it cannot be unmounted until 550 * ump has been unregistered as one of its upper mounts. 551 * 552 * Upon failure this function will return NULL. 553 */ 554 struct mount * 555 vfs_register_upper_from_vp(struct vnode *vp, struct mount *ump, 556 struct mount_upper_node *upper) 557 { 558 struct mount *mp; 559 560 mp = atomic_load_ptr(&vp->v_mount); 561 if (mp == NULL) 562 return (NULL); 563 MNT_ILOCK(mp); 564 if (mp != vp->v_mount || 565 ((mp->mnt_kern_flag & (MNTK_UNMOUNT | MNTK_RECURSE)) != 0)) { 566 MNT_IUNLOCK(mp); 567 return (NULL); 568 } 569 KASSERT(ump != mp, ("upper and lower mounts are identical")); 570 upper->mp = ump; 571 MNT_REF(mp); 572 TAILQ_INSERT_TAIL(&mp->mnt_uppers, upper, mnt_upper_link); 573 MNT_IUNLOCK(mp); 574 return (mp); 575 } 576 577 /* 578 * Register upper mount ump to receive vnode unlink/reclaim 579 * notifications from lower mount mp. This registration will 580 * be tracked through mount_upper_node upper, which should be 581 * allocated by the caller and stored in per-mount data 582 * associated with mp. 583 * 584 * ump must already be registered as an upper mount of mp 585 * through a call to vfs_register_upper_from_vp(). 586 */ 587 void 588 vfs_register_for_notification(struct mount *mp, struct mount *ump, 589 struct mount_upper_node *upper) 590 { 591 upper->mp = ump; 592 MNT_ILOCK(mp); 593 TAILQ_INSERT_TAIL(&mp->mnt_notify, upper, mnt_upper_link); 594 MNT_IUNLOCK(mp); 595 } 596 597 static void 598 vfs_drain_upper_locked(struct mount *mp) 599 { 600 mtx_assert(MNT_MTX(mp), MA_OWNED); 601 while (mp->mnt_upper_pending != 0) { 602 mp->mnt_kern_flag |= MNTK_UPPER_WAITER; 603 msleep(&mp->mnt_uppers, MNT_MTX(mp), 0, "mntupw", 0); 604 } 605 } 606 607 /* 608 * Undo a previous call to vfs_register_for_notification(). 609 * The mount represented by upper must be currently registered 610 * as an upper mount for mp. 611 */ 612 void 613 vfs_unregister_for_notification(struct mount *mp, 614 struct mount_upper_node *upper) 615 { 616 MNT_ILOCK(mp); 617 vfs_drain_upper_locked(mp); 618 TAILQ_REMOVE(&mp->mnt_notify, upper, mnt_upper_link); 619 MNT_IUNLOCK(mp); 620 } 621 622 /* 623 * Undo a previous call to vfs_register_upper_from_vp(). 624 * This must be done before mp can be unmounted. 625 */ 626 void 627 vfs_unregister_upper(struct mount *mp, struct mount_upper_node *upper) 628 { 629 MNT_ILOCK(mp); 630 KASSERT((mp->mnt_kern_flag & MNTK_UNMOUNT) == 0, 631 ("registered upper with pending unmount")); 632 vfs_drain_upper_locked(mp); 633 TAILQ_REMOVE(&mp->mnt_uppers, upper, mnt_upper_link); 634 if ((mp->mnt_kern_flag & MNTK_TASKQUEUE_WAITER) != 0 && 635 TAILQ_EMPTY(&mp->mnt_uppers)) { 636 mp->mnt_kern_flag &= ~MNTK_TASKQUEUE_WAITER; 637 wakeup(&mp->mnt_taskqueue_link); 638 } 639 MNT_REL(mp); 640 MNT_IUNLOCK(mp); 641 } 642 643 void 644 vfs_rel(struct mount *mp) 645 { 646 struct mount_pcpu *mpcpu; 647 648 CTR2(KTR_VFS, "%s: mp %p", __func__, mp); 649 if (vfs_op_thread_enter(mp, mpcpu)) { 650 vfs_mp_count_sub_pcpu(mpcpu, ref, 1); 651 vfs_op_thread_exit(mp, mpcpu); 652 return; 653 } 654 655 MNT_ILOCK(mp); 656 MNT_REL(mp); 657 MNT_IUNLOCK(mp); 658 } 659 660 /* 661 * Allocate and initialize the mount point struct. 662 */ 663 struct mount * 664 vfs_mount_alloc(struct vnode *vp, struct vfsconf *vfsp, const char *fspath, 665 struct ucred *cred) 666 { 667 struct mount *mp; 668 669 mp = uma_zalloc(mount_zone, M_WAITOK); 670 bzero(&mp->mnt_startzero, 671 __rangeof(struct mount, mnt_startzero, mnt_endzero)); 672 mp->mnt_kern_flag = 0; 673 mp->mnt_flag = 0; 674 mp->mnt_rootvnode = NULL; 675 mp->mnt_vnodecovered = NULL; 676 mp->mnt_op = NULL; 677 mp->mnt_vfc = NULL; 678 TAILQ_INIT(&mp->mnt_nvnodelist); 679 mp->mnt_nvnodelistsize = 0; 680 TAILQ_INIT(&mp->mnt_lazyvnodelist); 681 mp->mnt_lazyvnodelistsize = 0; 682 if (mp->mnt_ref != 0 || mp->mnt_lockref != 0 || 683 mp->mnt_writeopcount != 0) 684 panic("%s: non-zero counters on new mp %p\n", __func__, mp); 685 if (mp->mnt_vfs_ops != 1) 686 panic("%s: vfs_ops should be 1 but %d found\n", __func__, 687 mp->mnt_vfs_ops); 688 (void) vfs_busy(mp, MBF_NOWAIT); 689 atomic_add_acq_int(&vfsp->vfc_refcount, 1); 690 mp->mnt_op = vfsp->vfc_vfsops; 691 mp->mnt_vfc = vfsp; 692 mp->mnt_stat.f_type = vfsp->vfc_typenum; 693 mp->mnt_gen++; 694 strlcpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN); 695 mp->mnt_vnodecovered = vp; 696 mp->mnt_cred = crdup(cred); 697 mp->mnt_stat.f_owner = cred->cr_uid; 698 strlcpy(mp->mnt_stat.f_mntonname, fspath, MNAMELEN); 699 mp->mnt_iosize_max = DFLTPHYS; 700 #ifdef MAC 701 mac_mount_init(mp); 702 mac_mount_create(cred, mp); 703 #endif 704 arc4rand(&mp->mnt_hashseed, sizeof mp->mnt_hashseed, 0); 705 mp->mnt_upper_pending = 0; 706 TAILQ_INIT(&mp->mnt_uppers); 707 TAILQ_INIT(&mp->mnt_notify); 708 mp->mnt_taskqueue_flags = 0; 709 mp->mnt_unmount_retries = 0; 710 return (mp); 711 } 712 713 /* 714 * Destroy the mount struct previously allocated by vfs_mount_alloc(). 715 */ 716 void 717 vfs_mount_destroy(struct mount *mp) 718 { 719 720 if (mp->mnt_vfs_ops == 0) 721 panic("%s: entered with zero vfs_ops\n", __func__); 722 723 vfs_assert_mount_counters(mp); 724 725 MNT_ILOCK(mp); 726 mp->mnt_kern_flag |= MNTK_REFEXPIRE; 727 if (mp->mnt_kern_flag & MNTK_MWAIT) { 728 mp->mnt_kern_flag &= ~MNTK_MWAIT; 729 wakeup(mp); 730 } 731 while (mp->mnt_ref) 732 msleep(mp, MNT_MTX(mp), PVFS, "mntref", 0); 733 KASSERT(mp->mnt_ref == 0, 734 ("%s: invalid refcount in the drain path @ %s:%d", __func__, 735 __FILE__, __LINE__)); 736 if (mp->mnt_writeopcount != 0) 737 panic("vfs_mount_destroy: nonzero writeopcount"); 738 if (mp->mnt_secondary_writes != 0) 739 panic("vfs_mount_destroy: nonzero secondary_writes"); 740 atomic_subtract_rel_int(&mp->mnt_vfc->vfc_refcount, 1); 741 if (!TAILQ_EMPTY(&mp->mnt_nvnodelist)) { 742 struct vnode *vp; 743 744 TAILQ_FOREACH(vp, &mp->mnt_nvnodelist, v_nmntvnodes) 745 vn_printf(vp, "dangling vnode "); 746 panic("unmount: dangling vnode"); 747 } 748 KASSERT(mp->mnt_upper_pending == 0, ("mnt_upper_pending")); 749 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers")); 750 KASSERT(TAILQ_EMPTY(&mp->mnt_notify), ("mnt_notify")); 751 if (mp->mnt_nvnodelistsize != 0) 752 panic("vfs_mount_destroy: nonzero nvnodelistsize"); 753 if (mp->mnt_lazyvnodelistsize != 0) 754 panic("vfs_mount_destroy: nonzero lazyvnodelistsize"); 755 if (mp->mnt_lockref != 0) 756 panic("vfs_mount_destroy: nonzero lock refcount"); 757 MNT_IUNLOCK(mp); 758 759 if (mp->mnt_vfs_ops != 1) 760 panic("%s: vfs_ops should be 1 but %d found\n", __func__, 761 mp->mnt_vfs_ops); 762 763 if (mp->mnt_rootvnode != NULL) 764 panic("%s: mount point still has a root vnode %p\n", __func__, 765 mp->mnt_rootvnode); 766 767 if (mp->mnt_vnodecovered != NULL) 768 vrele(mp->mnt_vnodecovered); 769 #ifdef MAC 770 mac_mount_destroy(mp); 771 #endif 772 if (mp->mnt_opt != NULL) 773 vfs_freeopts(mp->mnt_opt); 774 crfree(mp->mnt_cred); 775 uma_zfree(mount_zone, mp); 776 } 777 778 static bool 779 vfs_should_downgrade_to_ro_mount(uint64_t fsflags, int error) 780 { 781 /* This is an upgrade of an exisiting mount. */ 782 if ((fsflags & MNT_UPDATE) != 0) 783 return (false); 784 /* This is already an R/O mount. */ 785 if ((fsflags & MNT_RDONLY) != 0) 786 return (false); 787 788 switch (error) { 789 case ENODEV: /* generic, geom, ... */ 790 case EACCES: /* cam/scsi, ... */ 791 case EROFS: /* md, mmcsd, ... */ 792 /* 793 * These errors can be returned by the storage layer to signal 794 * that the media is read-only. No harm in the R/O mount 795 * attempt if the error was returned for some other reason. 796 */ 797 return (true); 798 default: 799 return (false); 800 } 801 } 802 803 int 804 vfs_donmount(struct thread *td, uint64_t fsflags, struct uio *fsoptions) 805 { 806 struct vfsoptlist *optlist; 807 struct vfsopt *opt, *tmp_opt; 808 char *fstype, *fspath, *errmsg; 809 int error, fstypelen, fspathlen, errmsg_len, errmsg_pos; 810 bool autoro; 811 812 errmsg = fspath = NULL; 813 errmsg_len = fspathlen = 0; 814 errmsg_pos = -1; 815 autoro = default_autoro; 816 817 error = vfs_buildopts(fsoptions, &optlist); 818 if (error) 819 return (error); 820 821 if (vfs_getopt(optlist, "errmsg", (void **)&errmsg, &errmsg_len) == 0) 822 errmsg_pos = vfs_getopt_pos(optlist, "errmsg"); 823 824 /* 825 * We need these two options before the others, 826 * and they are mandatory for any filesystem. 827 * Ensure they are NUL terminated as well. 828 */ 829 fstypelen = 0; 830 error = vfs_getopt(optlist, "fstype", (void **)&fstype, &fstypelen); 831 if (error || fstypelen <= 0 || fstype[fstypelen - 1] != '\0') { 832 error = EINVAL; 833 if (errmsg != NULL) 834 strncpy(errmsg, "Invalid fstype", errmsg_len); 835 goto bail; 836 } 837 fspathlen = 0; 838 error = vfs_getopt(optlist, "fspath", (void **)&fspath, &fspathlen); 839 if (error || fspathlen <= 0 || fspath[fspathlen - 1] != '\0') { 840 error = EINVAL; 841 if (errmsg != NULL) 842 strncpy(errmsg, "Invalid fspath", errmsg_len); 843 goto bail; 844 } 845 846 /* 847 * We need to see if we have the "update" option 848 * before we call vfs_domount(), since vfs_domount() has special 849 * logic based on MNT_UPDATE. This is very important 850 * when we want to update the root filesystem. 851 */ 852 TAILQ_FOREACH_SAFE(opt, optlist, link, tmp_opt) { 853 int do_freeopt = 0; 854 855 if (strcmp(opt->name, "update") == 0) { 856 fsflags |= MNT_UPDATE; 857 do_freeopt = 1; 858 } 859 else if (strcmp(opt->name, "async") == 0) 860 fsflags |= MNT_ASYNC; 861 else if (strcmp(opt->name, "force") == 0) { 862 fsflags |= MNT_FORCE; 863 do_freeopt = 1; 864 } 865 else if (strcmp(opt->name, "reload") == 0) { 866 fsflags |= MNT_RELOAD; 867 do_freeopt = 1; 868 } 869 else if (strcmp(opt->name, "multilabel") == 0) 870 fsflags |= MNT_MULTILABEL; 871 else if (strcmp(opt->name, "noasync") == 0) 872 fsflags &= ~MNT_ASYNC; 873 else if (strcmp(opt->name, "noatime") == 0) 874 fsflags |= MNT_NOATIME; 875 else if (strcmp(opt->name, "atime") == 0) { 876 free(opt->name, M_MOUNT); 877 opt->name = strdup("nonoatime", M_MOUNT); 878 } 879 else if (strcmp(opt->name, "noclusterr") == 0) 880 fsflags |= MNT_NOCLUSTERR; 881 else if (strcmp(opt->name, "clusterr") == 0) { 882 free(opt->name, M_MOUNT); 883 opt->name = strdup("nonoclusterr", M_MOUNT); 884 } 885 else if (strcmp(opt->name, "noclusterw") == 0) 886 fsflags |= MNT_NOCLUSTERW; 887 else if (strcmp(opt->name, "clusterw") == 0) { 888 free(opt->name, M_MOUNT); 889 opt->name = strdup("nonoclusterw", M_MOUNT); 890 } 891 else if (strcmp(opt->name, "noexec") == 0) 892 fsflags |= MNT_NOEXEC; 893 else if (strcmp(opt->name, "exec") == 0) { 894 free(opt->name, M_MOUNT); 895 opt->name = strdup("nonoexec", M_MOUNT); 896 } 897 else if (strcmp(opt->name, "nosuid") == 0) 898 fsflags |= MNT_NOSUID; 899 else if (strcmp(opt->name, "suid") == 0) { 900 free(opt->name, M_MOUNT); 901 opt->name = strdup("nonosuid", M_MOUNT); 902 } 903 else if (strcmp(opt->name, "nosymfollow") == 0) 904 fsflags |= MNT_NOSYMFOLLOW; 905 else if (strcmp(opt->name, "symfollow") == 0) { 906 free(opt->name, M_MOUNT); 907 opt->name = strdup("nonosymfollow", M_MOUNT); 908 } 909 else if (strcmp(opt->name, "noro") == 0) { 910 fsflags &= ~MNT_RDONLY; 911 autoro = false; 912 } 913 else if (strcmp(opt->name, "rw") == 0) { 914 fsflags &= ~MNT_RDONLY; 915 autoro = false; 916 } 917 else if (strcmp(opt->name, "ro") == 0) { 918 fsflags |= MNT_RDONLY; 919 autoro = false; 920 } 921 else if (strcmp(opt->name, "rdonly") == 0) { 922 free(opt->name, M_MOUNT); 923 opt->name = strdup("ro", M_MOUNT); 924 fsflags |= MNT_RDONLY; 925 autoro = false; 926 } 927 else if (strcmp(opt->name, "autoro") == 0) { 928 do_freeopt = 1; 929 autoro = true; 930 } 931 else if (strcmp(opt->name, "suiddir") == 0) 932 fsflags |= MNT_SUIDDIR; 933 else if (strcmp(opt->name, "sync") == 0) 934 fsflags |= MNT_SYNCHRONOUS; 935 else if (strcmp(opt->name, "union") == 0) 936 fsflags |= MNT_UNION; 937 else if (strcmp(opt->name, "automounted") == 0) { 938 fsflags |= MNT_AUTOMOUNTED; 939 do_freeopt = 1; 940 } else if (strcmp(opt->name, "nocover") == 0) { 941 fsflags |= MNT_NOCOVER; 942 do_freeopt = 1; 943 } else if (strcmp(opt->name, "cover") == 0) { 944 fsflags &= ~MNT_NOCOVER; 945 do_freeopt = 1; 946 } else if (strcmp(opt->name, "emptydir") == 0) { 947 fsflags |= MNT_EMPTYDIR; 948 do_freeopt = 1; 949 } else if (strcmp(opt->name, "noemptydir") == 0) { 950 fsflags &= ~MNT_EMPTYDIR; 951 do_freeopt = 1; 952 } 953 if (do_freeopt) 954 vfs_freeopt(optlist, opt); 955 } 956 957 /* 958 * Be ultra-paranoid about making sure the type and fspath 959 * variables will fit in our mp buffers, including the 960 * terminating NUL. 961 */ 962 if (fstypelen > MFSNAMELEN || fspathlen > MNAMELEN) { 963 error = ENAMETOOLONG; 964 goto bail; 965 } 966 967 error = vfs_domount(td, fstype, fspath, fsflags, &optlist); 968 if (error == ENOENT) { 969 error = EINVAL; 970 if (errmsg != NULL) 971 strncpy(errmsg, "Invalid fstype", errmsg_len); 972 goto bail; 973 } 974 975 /* 976 * See if we can mount in the read-only mode if the error code suggests 977 * that it could be possible and the mount options allow for that. 978 * Never try it if "[no]{ro|rw}" has been explicitly requested and not 979 * overridden by "autoro". 980 */ 981 if (autoro && vfs_should_downgrade_to_ro_mount(fsflags, error)) { 982 printf("%s: R/W mount failed, possibly R/O media," 983 " trying R/O mount\n", __func__); 984 fsflags |= MNT_RDONLY; 985 error = vfs_domount(td, fstype, fspath, fsflags, &optlist); 986 } 987 bail: 988 /* copyout the errmsg */ 989 if (errmsg_pos != -1 && ((2 * errmsg_pos + 1) < fsoptions->uio_iovcnt) 990 && errmsg_len > 0 && errmsg != NULL) { 991 if (fsoptions->uio_segflg == UIO_SYSSPACE) { 992 bcopy(errmsg, 993 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, 994 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); 995 } else { 996 copyout(errmsg, 997 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base, 998 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len); 999 } 1000 } 1001 1002 if (optlist != NULL) 1003 vfs_freeopts(optlist); 1004 return (error); 1005 } 1006 1007 /* 1008 * Old mount API. 1009 */ 1010 #ifndef _SYS_SYSPROTO_H_ 1011 struct mount_args { 1012 char *type; 1013 char *path; 1014 int flags; 1015 caddr_t data; 1016 }; 1017 #endif 1018 /* ARGSUSED */ 1019 int 1020 sys_mount(struct thread *td, struct mount_args *uap) 1021 { 1022 char *fstype; 1023 struct vfsconf *vfsp = NULL; 1024 struct mntarg *ma = NULL; 1025 uint64_t flags; 1026 int error; 1027 1028 /* 1029 * Mount flags are now 64-bits. On 32-bit architectures only 1030 * 32-bits are passed in, but from here on everything handles 1031 * 64-bit flags correctly. 1032 */ 1033 flags = uap->flags; 1034 1035 AUDIT_ARG_FFLAGS(flags); 1036 1037 /* 1038 * Filter out MNT_ROOTFS. We do not want clients of mount() in 1039 * userspace to set this flag, but we must filter it out if we want 1040 * MNT_UPDATE on the root file system to work. 1041 * MNT_ROOTFS should only be set by the kernel when mounting its 1042 * root file system. 1043 */ 1044 flags &= ~MNT_ROOTFS; 1045 1046 fstype = malloc(MFSNAMELEN, M_TEMP, M_WAITOK); 1047 error = copyinstr(uap->type, fstype, MFSNAMELEN, NULL); 1048 if (error) { 1049 free(fstype, M_TEMP); 1050 return (error); 1051 } 1052 1053 AUDIT_ARG_TEXT(fstype); 1054 vfsp = vfs_byname_kld(fstype, td, &error); 1055 free(fstype, M_TEMP); 1056 if (vfsp == NULL) 1057 return (ENOENT); 1058 if (((vfsp->vfc_flags & VFCF_SBDRY) != 0 && 1059 vfsp->vfc_vfsops_sd->vfs_cmount == NULL) || 1060 ((vfsp->vfc_flags & VFCF_SBDRY) == 0 && 1061 vfsp->vfc_vfsops->vfs_cmount == NULL)) 1062 return (EOPNOTSUPP); 1063 1064 ma = mount_argsu(ma, "fstype", uap->type, MFSNAMELEN); 1065 ma = mount_argsu(ma, "fspath", uap->path, MNAMELEN); 1066 ma = mount_argb(ma, flags & MNT_RDONLY, "noro"); 1067 ma = mount_argb(ma, !(flags & MNT_NOSUID), "nosuid"); 1068 ma = mount_argb(ma, !(flags & MNT_NOEXEC), "noexec"); 1069 1070 if ((vfsp->vfc_flags & VFCF_SBDRY) != 0) 1071 return (vfsp->vfc_vfsops_sd->vfs_cmount(ma, uap->data, flags)); 1072 return (vfsp->vfc_vfsops->vfs_cmount(ma, uap->data, flags)); 1073 } 1074 1075 /* 1076 * vfs_domount_first(): first file system mount (not update) 1077 */ 1078 static int 1079 vfs_domount_first( 1080 struct thread *td, /* Calling thread. */ 1081 struct vfsconf *vfsp, /* File system type. */ 1082 char *fspath, /* Mount path. */ 1083 struct vnode *vp, /* Vnode to be covered. */ 1084 uint64_t fsflags, /* Flags common to all filesystems. */ 1085 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1086 ) 1087 { 1088 struct vattr va; 1089 struct mount *mp; 1090 struct vnode *newdp, *rootvp; 1091 int error, error1; 1092 bool unmounted; 1093 1094 ASSERT_VOP_ELOCKED(vp, __func__); 1095 KASSERT((fsflags & MNT_UPDATE) == 0, ("MNT_UPDATE shouldn't be here")); 1096 1097 /* 1098 * If the jail of the calling thread lacks permission for this type of 1099 * file system, or is trying to cover its own root, deny immediately. 1100 */ 1101 if (jailed(td->td_ucred) && (!prison_allow(td->td_ucred, 1102 vfsp->vfc_prison_flag) || vp == td->td_ucred->cr_prison->pr_root)) { 1103 vput(vp); 1104 return (EPERM); 1105 } 1106 1107 /* 1108 * If the user is not root, ensure that they own the directory 1109 * onto which we are attempting to mount. 1110 */ 1111 error = VOP_GETATTR(vp, &va, td->td_ucred); 1112 if (error == 0 && va.va_uid != td->td_ucred->cr_uid) 1113 error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN); 1114 if (error == 0) 1115 error = vinvalbuf(vp, V_SAVE, 0, 0); 1116 if (error == 0 && vp->v_type != VDIR) 1117 error = ENOTDIR; 1118 if (error == 0 && (fsflags & MNT_EMPTYDIR) != 0) 1119 error = vfs_emptydir(vp); 1120 if (error == 0) { 1121 VI_LOCK(vp); 1122 if ((vp->v_iflag & VI_MOUNT) == 0 && vp->v_mountedhere == NULL) 1123 vp->v_iflag |= VI_MOUNT; 1124 else 1125 error = EBUSY; 1126 VI_UNLOCK(vp); 1127 } 1128 if (error != 0) { 1129 vput(vp); 1130 return (error); 1131 } 1132 vn_seqc_write_begin(vp); 1133 VOP_UNLOCK(vp); 1134 1135 /* Allocate and initialize the filesystem. */ 1136 mp = vfs_mount_alloc(vp, vfsp, fspath, td->td_ucred); 1137 /* XXXMAC: pass to vfs_mount_alloc? */ 1138 mp->mnt_optnew = *optlist; 1139 /* Set the mount level flags. */ 1140 mp->mnt_flag = (fsflags & 1141 (MNT_UPDATEMASK | MNT_ROOTFS | MNT_RDONLY | MNT_FORCE)); 1142 1143 /* 1144 * Mount the filesystem. 1145 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they 1146 * get. No freeing of cn_pnbuf. 1147 */ 1148 error1 = 0; 1149 unmounted = true; 1150 if ((error = VFS_MOUNT(mp)) != 0 || 1151 (error1 = VFS_STATFS(mp, &mp->mnt_stat)) != 0 || 1152 (error1 = VFS_ROOT(mp, LK_EXCLUSIVE, &newdp)) != 0) { 1153 rootvp = NULL; 1154 if (error1 != 0) { 1155 MPASS(error == 0); 1156 rootvp = vfs_cache_root_clear(mp); 1157 if (rootvp != NULL) { 1158 vhold(rootvp); 1159 vrele(rootvp); 1160 } 1161 (void)vn_start_write(NULL, &mp, V_WAIT); 1162 MNT_ILOCK(mp); 1163 mp->mnt_kern_flag |= MNTK_UNMOUNT | MNTK_UNMOUNTF; 1164 MNT_IUNLOCK(mp); 1165 VFS_PURGE(mp); 1166 error = VFS_UNMOUNT(mp, 0); 1167 vn_finished_write(mp); 1168 if (error != 0) { 1169 printf( 1170 "failed post-mount (%d): rollback unmount returned %d\n", 1171 error1, error); 1172 unmounted = false; 1173 } 1174 error = error1; 1175 } 1176 vfs_unbusy(mp); 1177 mp->mnt_vnodecovered = NULL; 1178 if (unmounted) { 1179 /* XXXKIB wait for mnt_lockref drain? */ 1180 vfs_mount_destroy(mp); 1181 } 1182 VI_LOCK(vp); 1183 vp->v_iflag &= ~VI_MOUNT; 1184 VI_UNLOCK(vp); 1185 if (rootvp != NULL) { 1186 vn_seqc_write_end(rootvp); 1187 vdrop(rootvp); 1188 } 1189 vn_seqc_write_end(vp); 1190 vrele(vp); 1191 return (error); 1192 } 1193 vn_seqc_write_begin(newdp); 1194 VOP_UNLOCK(newdp); 1195 1196 if (mp->mnt_opt != NULL) 1197 vfs_freeopts(mp->mnt_opt); 1198 mp->mnt_opt = mp->mnt_optnew; 1199 *optlist = NULL; 1200 1201 /* 1202 * Prevent external consumers of mount options from reading mnt_optnew. 1203 */ 1204 mp->mnt_optnew = NULL; 1205 1206 MNT_ILOCK(mp); 1207 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 1208 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 1209 mp->mnt_kern_flag |= MNTK_ASYNC; 1210 else 1211 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1212 MNT_IUNLOCK(mp); 1213 1214 VI_LOCK(vp); 1215 vn_irflag_set_locked(vp, VIRF_MOUNTPOINT); 1216 vp->v_mountedhere = mp; 1217 VI_UNLOCK(vp); 1218 cache_purge(vp); 1219 1220 /* 1221 * We need to lock both vnodes. 1222 * 1223 * Use vn_lock_pair to avoid establishing an ordering between vnodes 1224 * from different filesystems. 1225 */ 1226 vn_lock_pair(vp, false, newdp, false); 1227 1228 VI_LOCK(vp); 1229 vp->v_iflag &= ~VI_MOUNT; 1230 VI_UNLOCK(vp); 1231 /* Place the new filesystem at the end of the mount list. */ 1232 mtx_lock(&mountlist_mtx); 1233 TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list); 1234 mtx_unlock(&mountlist_mtx); 1235 vfs_event_signal(NULL, VQ_MOUNT, 0); 1236 VOP_UNLOCK(vp); 1237 EVENTHANDLER_DIRECT_INVOKE(vfs_mounted, mp, newdp, td); 1238 VOP_UNLOCK(newdp); 1239 mount_devctl_event("MOUNT", mp, false); 1240 mountcheckdirs(vp, newdp); 1241 vn_seqc_write_end(vp); 1242 vn_seqc_write_end(newdp); 1243 vrele(newdp); 1244 if ((mp->mnt_flag & MNT_RDONLY) == 0) 1245 vfs_allocate_syncvnode(mp); 1246 vfs_op_exit(mp); 1247 vfs_unbusy(mp); 1248 return (0); 1249 } 1250 1251 /* 1252 * vfs_domount_update(): update of mounted file system 1253 */ 1254 static int 1255 vfs_domount_update( 1256 struct thread *td, /* Calling thread. */ 1257 struct vnode *vp, /* Mount point vnode. */ 1258 uint64_t fsflags, /* Flags common to all filesystems. */ 1259 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1260 ) 1261 { 1262 struct export_args export; 1263 struct o2export_args o2export; 1264 struct vnode *rootvp; 1265 void *bufp; 1266 struct mount *mp; 1267 int error, export_error, i, len; 1268 uint64_t flag; 1269 gid_t *grps; 1270 1271 ASSERT_VOP_ELOCKED(vp, __func__); 1272 KASSERT((fsflags & MNT_UPDATE) != 0, ("MNT_UPDATE should be here")); 1273 mp = vp->v_mount; 1274 1275 if ((vp->v_vflag & VV_ROOT) == 0) { 1276 if (vfs_copyopt(*optlist, "export", &export, sizeof(export)) 1277 == 0) 1278 error = EXDEV; 1279 else 1280 error = EINVAL; 1281 vput(vp); 1282 return (error); 1283 } 1284 1285 /* 1286 * We only allow the filesystem to be reloaded if it 1287 * is currently mounted read-only. 1288 */ 1289 flag = mp->mnt_flag; 1290 if ((fsflags & MNT_RELOAD) != 0 && (flag & MNT_RDONLY) == 0) { 1291 vput(vp); 1292 return (EOPNOTSUPP); /* Needs translation */ 1293 } 1294 /* 1295 * Only privileged root, or (if MNT_USER is set) the user that 1296 * did the original mount is permitted to update it. 1297 */ 1298 error = vfs_suser(mp, td); 1299 if (error != 0) { 1300 vput(vp); 1301 return (error); 1302 } 1303 if (vfs_busy(mp, MBF_NOWAIT)) { 1304 vput(vp); 1305 return (EBUSY); 1306 } 1307 VI_LOCK(vp); 1308 if ((vp->v_iflag & VI_MOUNT) != 0 || vp->v_mountedhere != NULL) { 1309 VI_UNLOCK(vp); 1310 vfs_unbusy(mp); 1311 vput(vp); 1312 return (EBUSY); 1313 } 1314 vp->v_iflag |= VI_MOUNT; 1315 VI_UNLOCK(vp); 1316 VOP_UNLOCK(vp); 1317 1318 vfs_op_enter(mp); 1319 vn_seqc_write_begin(vp); 1320 1321 rootvp = NULL; 1322 MNT_ILOCK(mp); 1323 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0) { 1324 MNT_IUNLOCK(mp); 1325 error = EBUSY; 1326 goto end; 1327 } 1328 mp->mnt_flag &= ~MNT_UPDATEMASK; 1329 mp->mnt_flag |= fsflags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE | 1330 MNT_SNAPSHOT | MNT_ROOTFS | MNT_UPDATEMASK | MNT_RDONLY); 1331 if ((mp->mnt_flag & MNT_ASYNC) == 0) 1332 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1333 rootvp = vfs_cache_root_clear(mp); 1334 MNT_IUNLOCK(mp); 1335 mp->mnt_optnew = *optlist; 1336 vfs_mergeopts(mp->mnt_optnew, mp->mnt_opt); 1337 1338 /* 1339 * Mount the filesystem. 1340 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they 1341 * get. No freeing of cn_pnbuf. 1342 */ 1343 error = VFS_MOUNT(mp); 1344 1345 export_error = 0; 1346 /* Process the export option. */ 1347 if (error == 0 && vfs_getopt(mp->mnt_optnew, "export", &bufp, 1348 &len) == 0) { 1349 /* Assume that there is only 1 ABI for each length. */ 1350 switch (len) { 1351 case (sizeof(struct oexport_args)): 1352 bzero(&o2export, sizeof(o2export)); 1353 /* FALLTHROUGH */ 1354 case (sizeof(o2export)): 1355 bcopy(bufp, &o2export, len); 1356 export.ex_flags = (uint64_t)o2export.ex_flags; 1357 export.ex_root = o2export.ex_root; 1358 export.ex_uid = o2export.ex_anon.cr_uid; 1359 export.ex_groups = NULL; 1360 export.ex_ngroups = o2export.ex_anon.cr_ngroups; 1361 if (export.ex_ngroups > 0) { 1362 if (export.ex_ngroups <= XU_NGROUPS) { 1363 export.ex_groups = malloc( 1364 export.ex_ngroups * sizeof(gid_t), 1365 M_TEMP, M_WAITOK); 1366 for (i = 0; i < export.ex_ngroups; i++) 1367 export.ex_groups[i] = 1368 o2export.ex_anon.cr_groups[i]; 1369 } else 1370 export_error = EINVAL; 1371 } else if (export.ex_ngroups < 0) 1372 export_error = EINVAL; 1373 export.ex_addr = o2export.ex_addr; 1374 export.ex_addrlen = o2export.ex_addrlen; 1375 export.ex_mask = o2export.ex_mask; 1376 export.ex_masklen = o2export.ex_masklen; 1377 export.ex_indexfile = o2export.ex_indexfile; 1378 export.ex_numsecflavors = o2export.ex_numsecflavors; 1379 if (export.ex_numsecflavors < MAXSECFLAVORS) { 1380 for (i = 0; i < export.ex_numsecflavors; i++) 1381 export.ex_secflavors[i] = 1382 o2export.ex_secflavors[i]; 1383 } else 1384 export_error = EINVAL; 1385 if (export_error == 0) 1386 export_error = vfs_export(mp, &export); 1387 free(export.ex_groups, M_TEMP); 1388 break; 1389 case (sizeof(export)): 1390 bcopy(bufp, &export, len); 1391 grps = NULL; 1392 if (export.ex_ngroups > 0) { 1393 if (export.ex_ngroups <= NGROUPS_MAX) { 1394 grps = malloc(export.ex_ngroups * 1395 sizeof(gid_t), M_TEMP, M_WAITOK); 1396 export_error = copyin(export.ex_groups, 1397 grps, export.ex_ngroups * 1398 sizeof(gid_t)); 1399 if (export_error == 0) 1400 export.ex_groups = grps; 1401 } else 1402 export_error = EINVAL; 1403 } else if (export.ex_ngroups == 0) 1404 export.ex_groups = NULL; 1405 else 1406 export_error = EINVAL; 1407 if (export_error == 0) 1408 export_error = vfs_export(mp, &export); 1409 free(grps, M_TEMP); 1410 break; 1411 default: 1412 export_error = EINVAL; 1413 break; 1414 } 1415 } 1416 1417 MNT_ILOCK(mp); 1418 if (error == 0) { 1419 mp->mnt_flag &= ~(MNT_UPDATE | MNT_RELOAD | MNT_FORCE | 1420 MNT_SNAPSHOT); 1421 } else { 1422 /* 1423 * If we fail, restore old mount flags. MNT_QUOTA is special, 1424 * because it is not part of MNT_UPDATEMASK, but it could have 1425 * changed in the meantime if quotactl(2) was called. 1426 * All in all we want current value of MNT_QUOTA, not the old 1427 * one. 1428 */ 1429 mp->mnt_flag = (mp->mnt_flag & MNT_QUOTA) | (flag & ~MNT_QUOTA); 1430 } 1431 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 1432 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 1433 mp->mnt_kern_flag |= MNTK_ASYNC; 1434 else 1435 mp->mnt_kern_flag &= ~MNTK_ASYNC; 1436 MNT_IUNLOCK(mp); 1437 1438 if (error != 0) 1439 goto end; 1440 1441 mount_devctl_event("REMOUNT", mp, true); 1442 if (mp->mnt_opt != NULL) 1443 vfs_freeopts(mp->mnt_opt); 1444 mp->mnt_opt = mp->mnt_optnew; 1445 *optlist = NULL; 1446 (void)VFS_STATFS(mp, &mp->mnt_stat); 1447 /* 1448 * Prevent external consumers of mount options from reading 1449 * mnt_optnew. 1450 */ 1451 mp->mnt_optnew = NULL; 1452 1453 if ((mp->mnt_flag & MNT_RDONLY) == 0) 1454 vfs_allocate_syncvnode(mp); 1455 else 1456 vfs_deallocate_syncvnode(mp); 1457 end: 1458 vfs_op_exit(mp); 1459 if (rootvp != NULL) { 1460 vn_seqc_write_end(rootvp); 1461 vrele(rootvp); 1462 } 1463 vn_seqc_write_end(vp); 1464 vfs_unbusy(mp); 1465 VI_LOCK(vp); 1466 vp->v_iflag &= ~VI_MOUNT; 1467 VI_UNLOCK(vp); 1468 vrele(vp); 1469 return (error != 0 ? error : export_error); 1470 } 1471 1472 /* 1473 * vfs_domount(): actually attempt a filesystem mount. 1474 */ 1475 static int 1476 vfs_domount( 1477 struct thread *td, /* Calling thread. */ 1478 const char *fstype, /* Filesystem type. */ 1479 char *fspath, /* Mount path. */ 1480 uint64_t fsflags, /* Flags common to all filesystems. */ 1481 struct vfsoptlist **optlist /* Options local to the filesystem. */ 1482 ) 1483 { 1484 struct vfsconf *vfsp; 1485 struct nameidata nd; 1486 struct vnode *vp; 1487 char *pathbuf; 1488 int error; 1489 1490 /* 1491 * Be ultra-paranoid about making sure the type and fspath 1492 * variables will fit in our mp buffers, including the 1493 * terminating NUL. 1494 */ 1495 if (strlen(fstype) >= MFSNAMELEN || strlen(fspath) >= MNAMELEN) 1496 return (ENAMETOOLONG); 1497 1498 if (jailed(td->td_ucred) || usermount == 0) { 1499 if ((error = priv_check(td, PRIV_VFS_MOUNT)) != 0) 1500 return (error); 1501 } 1502 1503 /* 1504 * Do not allow NFS export or MNT_SUIDDIR by unprivileged users. 1505 */ 1506 if (fsflags & MNT_EXPORTED) { 1507 error = priv_check(td, PRIV_VFS_MOUNT_EXPORTED); 1508 if (error) 1509 return (error); 1510 } 1511 if (fsflags & MNT_SUIDDIR) { 1512 error = priv_check(td, PRIV_VFS_MOUNT_SUIDDIR); 1513 if (error) 1514 return (error); 1515 } 1516 /* 1517 * Silently enforce MNT_NOSUID and MNT_USER for unprivileged users. 1518 */ 1519 if ((fsflags & (MNT_NOSUID | MNT_USER)) != (MNT_NOSUID | MNT_USER)) { 1520 if (priv_check(td, PRIV_VFS_MOUNT_NONUSER) != 0) 1521 fsflags |= MNT_NOSUID | MNT_USER; 1522 } 1523 1524 /* Load KLDs before we lock the covered vnode to avoid reversals. */ 1525 vfsp = NULL; 1526 if ((fsflags & MNT_UPDATE) == 0) { 1527 /* Don't try to load KLDs if we're mounting the root. */ 1528 if (fsflags & MNT_ROOTFS) { 1529 if ((vfsp = vfs_byname(fstype)) == NULL) 1530 return (ENODEV); 1531 } else { 1532 if ((vfsp = vfs_byname_kld(fstype, td, &error)) == NULL) 1533 return (error); 1534 } 1535 } 1536 1537 /* 1538 * Get vnode to be covered or mount point's vnode in case of MNT_UPDATE. 1539 */ 1540 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_SYSSPACE, 1541 fspath); 1542 error = namei(&nd); 1543 if (error != 0) 1544 return (error); 1545 NDFREE_PNBUF(&nd); 1546 vp = nd.ni_vp; 1547 if ((fsflags & MNT_UPDATE) == 0) { 1548 if ((vp->v_vflag & VV_ROOT) != 0 && 1549 (fsflags & MNT_NOCOVER) != 0) { 1550 vput(vp); 1551 return (EBUSY); 1552 } 1553 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1554 strcpy(pathbuf, fspath); 1555 error = vn_path_to_global_path(td, vp, pathbuf, MNAMELEN); 1556 if (error == 0) { 1557 error = vfs_domount_first(td, vfsp, pathbuf, vp, 1558 fsflags, optlist); 1559 } 1560 free(pathbuf, M_TEMP); 1561 } else 1562 error = vfs_domount_update(td, vp, fsflags, optlist); 1563 1564 return (error); 1565 } 1566 1567 /* 1568 * Unmount a filesystem. 1569 * 1570 * Note: unmount takes a path to the vnode mounted on as argument, not 1571 * special file (as before). 1572 */ 1573 #ifndef _SYS_SYSPROTO_H_ 1574 struct unmount_args { 1575 char *path; 1576 int flags; 1577 }; 1578 #endif 1579 /* ARGSUSED */ 1580 int 1581 sys_unmount(struct thread *td, struct unmount_args *uap) 1582 { 1583 1584 return (kern_unmount(td, uap->path, uap->flags)); 1585 } 1586 1587 int 1588 kern_unmount(struct thread *td, const char *path, int flags) 1589 { 1590 struct nameidata nd; 1591 struct mount *mp; 1592 char *fsidbuf, *pathbuf; 1593 fsid_t fsid; 1594 int error; 1595 1596 AUDIT_ARG_VALUE(flags); 1597 if (jailed(td->td_ucred) || usermount == 0) { 1598 error = priv_check(td, PRIV_VFS_UNMOUNT); 1599 if (error) 1600 return (error); 1601 } 1602 1603 if (flags & MNT_BYFSID) { 1604 fsidbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1605 error = copyinstr(path, fsidbuf, MNAMELEN, NULL); 1606 if (error) { 1607 free(fsidbuf, M_TEMP); 1608 return (error); 1609 } 1610 1611 AUDIT_ARG_TEXT(fsidbuf); 1612 /* Decode the filesystem ID. */ 1613 if (sscanf(fsidbuf, "FSID:%d:%d", &fsid.val[0], &fsid.val[1]) != 2) { 1614 free(fsidbuf, M_TEMP); 1615 return (EINVAL); 1616 } 1617 1618 mp = vfs_getvfs(&fsid); 1619 free(fsidbuf, M_TEMP); 1620 if (mp == NULL) { 1621 return (ENOENT); 1622 } 1623 } else { 1624 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); 1625 error = copyinstr(path, pathbuf, MNAMELEN, NULL); 1626 if (error) { 1627 free(pathbuf, M_TEMP); 1628 return (error); 1629 } 1630 1631 /* 1632 * Try to find global path for path argument. 1633 */ 1634 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, 1635 UIO_SYSSPACE, pathbuf); 1636 if (namei(&nd) == 0) { 1637 NDFREE_PNBUF(&nd); 1638 error = vn_path_to_global_path(td, nd.ni_vp, pathbuf, 1639 MNAMELEN); 1640 if (error == 0) 1641 vput(nd.ni_vp); 1642 } 1643 mtx_lock(&mountlist_mtx); 1644 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 1645 if (strcmp(mp->mnt_stat.f_mntonname, pathbuf) == 0) { 1646 vfs_ref(mp); 1647 break; 1648 } 1649 } 1650 mtx_unlock(&mountlist_mtx); 1651 free(pathbuf, M_TEMP); 1652 if (mp == NULL) { 1653 /* 1654 * Previously we returned ENOENT for a nonexistent path and 1655 * EINVAL for a non-mountpoint. We cannot tell these apart 1656 * now, so in the !MNT_BYFSID case return the more likely 1657 * EINVAL for compatibility. 1658 */ 1659 return (EINVAL); 1660 } 1661 } 1662 1663 /* 1664 * Don't allow unmounting the root filesystem. 1665 */ 1666 if (mp->mnt_flag & MNT_ROOTFS) { 1667 vfs_rel(mp); 1668 return (EINVAL); 1669 } 1670 error = dounmount(mp, flags, td); 1671 return (error); 1672 } 1673 1674 /* 1675 * Return error if any of the vnodes, ignoring the root vnode 1676 * and the syncer vnode, have non-zero usecount. 1677 * 1678 * This function is purely advisory - it can return false positives 1679 * and negatives. 1680 */ 1681 static int 1682 vfs_check_usecounts(struct mount *mp) 1683 { 1684 struct vnode *vp, *mvp; 1685 1686 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) { 1687 if ((vp->v_vflag & VV_ROOT) == 0 && vp->v_type != VNON && 1688 vp->v_usecount != 0) { 1689 VI_UNLOCK(vp); 1690 MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp); 1691 return (EBUSY); 1692 } 1693 VI_UNLOCK(vp); 1694 } 1695 1696 return (0); 1697 } 1698 1699 static void 1700 dounmount_cleanup(struct mount *mp, struct vnode *coveredvp, int mntkflags) 1701 { 1702 1703 mtx_assert(MNT_MTX(mp), MA_OWNED); 1704 mp->mnt_kern_flag &= ~mntkflags; 1705 if ((mp->mnt_kern_flag & MNTK_MWAIT) != 0) { 1706 mp->mnt_kern_flag &= ~MNTK_MWAIT; 1707 wakeup(mp); 1708 } 1709 vfs_op_exit_locked(mp); 1710 MNT_IUNLOCK(mp); 1711 if (coveredvp != NULL) { 1712 VOP_UNLOCK(coveredvp); 1713 vdrop(coveredvp); 1714 } 1715 vn_finished_write(mp); 1716 } 1717 1718 /* 1719 * There are various reference counters associated with the mount point. 1720 * Normally it is permitted to modify them without taking the mnt ilock, 1721 * but this behavior can be temporarily disabled if stable value is needed 1722 * or callers are expected to block (e.g. to not allow new users during 1723 * forced unmount). 1724 */ 1725 void 1726 vfs_op_enter(struct mount *mp) 1727 { 1728 struct mount_pcpu *mpcpu; 1729 int cpu; 1730 1731 MNT_ILOCK(mp); 1732 mp->mnt_vfs_ops++; 1733 if (mp->mnt_vfs_ops > 1) { 1734 MNT_IUNLOCK(mp); 1735 return; 1736 } 1737 vfs_op_barrier_wait(mp); 1738 CPU_FOREACH(cpu) { 1739 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1740 1741 mp->mnt_ref += mpcpu->mntp_ref; 1742 mpcpu->mntp_ref = 0; 1743 1744 mp->mnt_lockref += mpcpu->mntp_lockref; 1745 mpcpu->mntp_lockref = 0; 1746 1747 mp->mnt_writeopcount += mpcpu->mntp_writeopcount; 1748 mpcpu->mntp_writeopcount = 0; 1749 } 1750 if (mp->mnt_ref <= 0 || mp->mnt_lockref < 0 || mp->mnt_writeopcount < 0) 1751 panic("%s: invalid count(s) on mp %p: ref %d lockref %d writeopcount %d\n", 1752 __func__, mp, mp->mnt_ref, mp->mnt_lockref, mp->mnt_writeopcount); 1753 MNT_IUNLOCK(mp); 1754 vfs_assert_mount_counters(mp); 1755 } 1756 1757 void 1758 vfs_op_exit_locked(struct mount *mp) 1759 { 1760 1761 mtx_assert(MNT_MTX(mp), MA_OWNED); 1762 1763 if (mp->mnt_vfs_ops <= 0) 1764 panic("%s: invalid vfs_ops count %d for mp %p\n", 1765 __func__, mp->mnt_vfs_ops, mp); 1766 mp->mnt_vfs_ops--; 1767 } 1768 1769 void 1770 vfs_op_exit(struct mount *mp) 1771 { 1772 1773 MNT_ILOCK(mp); 1774 vfs_op_exit_locked(mp); 1775 MNT_IUNLOCK(mp); 1776 } 1777 1778 struct vfs_op_barrier_ipi { 1779 struct mount *mp; 1780 struct smp_rendezvous_cpus_retry_arg srcra; 1781 }; 1782 1783 static void 1784 vfs_op_action_func(void *arg) 1785 { 1786 struct vfs_op_barrier_ipi *vfsopipi; 1787 struct mount *mp; 1788 1789 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra); 1790 mp = vfsopipi->mp; 1791 1792 if (!vfs_op_thread_entered(mp)) 1793 smp_rendezvous_cpus_done(arg); 1794 } 1795 1796 static void 1797 vfs_op_wait_func(void *arg, int cpu) 1798 { 1799 struct vfs_op_barrier_ipi *vfsopipi; 1800 struct mount *mp; 1801 struct mount_pcpu *mpcpu; 1802 1803 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra); 1804 mp = vfsopipi->mp; 1805 1806 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1807 while (atomic_load_int(&mpcpu->mntp_thread_in_ops)) 1808 cpu_spinwait(); 1809 } 1810 1811 void 1812 vfs_op_barrier_wait(struct mount *mp) 1813 { 1814 struct vfs_op_barrier_ipi vfsopipi; 1815 1816 vfsopipi.mp = mp; 1817 1818 smp_rendezvous_cpus_retry(all_cpus, 1819 smp_no_rendezvous_barrier, 1820 vfs_op_action_func, 1821 smp_no_rendezvous_barrier, 1822 vfs_op_wait_func, 1823 &vfsopipi.srcra); 1824 } 1825 1826 #ifdef DIAGNOSTIC 1827 void 1828 vfs_assert_mount_counters(struct mount *mp) 1829 { 1830 struct mount_pcpu *mpcpu; 1831 int cpu; 1832 1833 if (mp->mnt_vfs_ops == 0) 1834 return; 1835 1836 CPU_FOREACH(cpu) { 1837 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1838 if (mpcpu->mntp_ref != 0 || 1839 mpcpu->mntp_lockref != 0 || 1840 mpcpu->mntp_writeopcount != 0) 1841 vfs_dump_mount_counters(mp); 1842 } 1843 } 1844 1845 void 1846 vfs_dump_mount_counters(struct mount *mp) 1847 { 1848 struct mount_pcpu *mpcpu; 1849 int ref, lockref, writeopcount; 1850 int cpu; 1851 1852 printf("%s: mp %p vfs_ops %d\n", __func__, mp, mp->mnt_vfs_ops); 1853 1854 printf(" ref : "); 1855 ref = mp->mnt_ref; 1856 CPU_FOREACH(cpu) { 1857 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1858 printf("%d ", mpcpu->mntp_ref); 1859 ref += mpcpu->mntp_ref; 1860 } 1861 printf("\n"); 1862 printf(" lockref : "); 1863 lockref = mp->mnt_lockref; 1864 CPU_FOREACH(cpu) { 1865 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1866 printf("%d ", mpcpu->mntp_lockref); 1867 lockref += mpcpu->mntp_lockref; 1868 } 1869 printf("\n"); 1870 printf("writeopcount: "); 1871 writeopcount = mp->mnt_writeopcount; 1872 CPU_FOREACH(cpu) { 1873 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1874 printf("%d ", mpcpu->mntp_writeopcount); 1875 writeopcount += mpcpu->mntp_writeopcount; 1876 } 1877 printf("\n"); 1878 1879 printf("counter struct total\n"); 1880 printf("ref %-5d %-5d\n", mp->mnt_ref, ref); 1881 printf("lockref %-5d %-5d\n", mp->mnt_lockref, lockref); 1882 printf("writeopcount %-5d %-5d\n", mp->mnt_writeopcount, writeopcount); 1883 1884 panic("invalid counts on struct mount"); 1885 } 1886 #endif 1887 1888 int 1889 vfs_mount_fetch_counter(struct mount *mp, enum mount_counter which) 1890 { 1891 struct mount_pcpu *mpcpu; 1892 int cpu, sum; 1893 1894 switch (which) { 1895 case MNT_COUNT_REF: 1896 sum = mp->mnt_ref; 1897 break; 1898 case MNT_COUNT_LOCKREF: 1899 sum = mp->mnt_lockref; 1900 break; 1901 case MNT_COUNT_WRITEOPCOUNT: 1902 sum = mp->mnt_writeopcount; 1903 break; 1904 } 1905 1906 CPU_FOREACH(cpu) { 1907 mpcpu = vfs_mount_pcpu_remote(mp, cpu); 1908 switch (which) { 1909 case MNT_COUNT_REF: 1910 sum += mpcpu->mntp_ref; 1911 break; 1912 case MNT_COUNT_LOCKREF: 1913 sum += mpcpu->mntp_lockref; 1914 break; 1915 case MNT_COUNT_WRITEOPCOUNT: 1916 sum += mpcpu->mntp_writeopcount; 1917 break; 1918 } 1919 } 1920 return (sum); 1921 } 1922 1923 static bool 1924 deferred_unmount_enqueue(struct mount *mp, uint64_t flags, bool requeue, 1925 int timeout_ticks) 1926 { 1927 bool enqueued; 1928 1929 enqueued = false; 1930 mtx_lock(&deferred_unmount_lock); 1931 if ((mp->mnt_taskqueue_flags & MNT_DEFERRED) == 0 || requeue) { 1932 mp->mnt_taskqueue_flags = flags | MNT_DEFERRED; 1933 STAILQ_INSERT_TAIL(&deferred_unmount_list, mp, 1934 mnt_taskqueue_link); 1935 enqueued = true; 1936 } 1937 mtx_unlock(&deferred_unmount_lock); 1938 1939 if (enqueued) { 1940 taskqueue_enqueue_timeout(taskqueue_deferred_unmount, 1941 &deferred_unmount_task, timeout_ticks); 1942 } 1943 1944 return (enqueued); 1945 } 1946 1947 /* 1948 * Taskqueue handler for processing async/recursive unmounts 1949 */ 1950 static void 1951 vfs_deferred_unmount(void *argi __unused, int pending __unused) 1952 { 1953 STAILQ_HEAD(, mount) local_unmounts; 1954 uint64_t flags; 1955 struct mount *mp, *tmp; 1956 int error; 1957 unsigned int retries; 1958 bool unmounted; 1959 1960 STAILQ_INIT(&local_unmounts); 1961 mtx_lock(&deferred_unmount_lock); 1962 STAILQ_CONCAT(&local_unmounts, &deferred_unmount_list); 1963 mtx_unlock(&deferred_unmount_lock); 1964 1965 STAILQ_FOREACH_SAFE(mp, &local_unmounts, mnt_taskqueue_link, tmp) { 1966 flags = mp->mnt_taskqueue_flags; 1967 KASSERT((flags & MNT_DEFERRED) != 0, 1968 ("taskqueue unmount without MNT_DEFERRED")); 1969 error = dounmount(mp, flags, curthread); 1970 if (error != 0) { 1971 MNT_ILOCK(mp); 1972 unmounted = ((mp->mnt_kern_flag & MNTK_REFEXPIRE) != 0); 1973 MNT_IUNLOCK(mp); 1974 1975 /* 1976 * The deferred unmount thread is the only thread that 1977 * modifies the retry counts, so locking/atomics aren't 1978 * needed here. 1979 */ 1980 retries = (mp->mnt_unmount_retries)++; 1981 deferred_unmount_total_retries++; 1982 if (!unmounted && retries < deferred_unmount_retry_limit) { 1983 deferred_unmount_enqueue(mp, flags, true, 1984 -deferred_unmount_retry_delay_hz); 1985 } else { 1986 if (retries >= deferred_unmount_retry_limit) { 1987 printf("giving up on deferred unmount " 1988 "of %s after %d retries, error %d\n", 1989 mp->mnt_stat.f_mntonname, retries, error); 1990 } 1991 vfs_rel(mp); 1992 } 1993 } 1994 } 1995 } 1996 1997 /* 1998 * Do the actual filesystem unmount. 1999 */ 2000 int 2001 dounmount(struct mount *mp, uint64_t flags, struct thread *td) 2002 { 2003 struct mount_upper_node *upper; 2004 struct vnode *coveredvp, *rootvp; 2005 int error; 2006 uint64_t async_flag; 2007 int mnt_gen_r; 2008 unsigned int retries; 2009 2010 KASSERT((flags & MNT_DEFERRED) == 0 || 2011 (flags & (MNT_RECURSE | MNT_FORCE)) == (MNT_RECURSE | MNT_FORCE), 2012 ("MNT_DEFERRED requires MNT_RECURSE | MNT_FORCE")); 2013 2014 /* 2015 * If the caller has explicitly requested the unmount to be handled by 2016 * the taskqueue and we're not already in taskqueue context, queue 2017 * up the unmount request and exit. This is done prior to any 2018 * credential checks; MNT_DEFERRED should be used only for kernel- 2019 * initiated unmounts and will therefore be processed with the 2020 * (kernel) credentials of the taskqueue thread. Still, callers 2021 * should be sure this is the behavior they want. 2022 */ 2023 if ((flags & MNT_DEFERRED) != 0 && 2024 taskqueue_member(taskqueue_deferred_unmount, curthread) == 0) { 2025 if (!deferred_unmount_enqueue(mp, flags, false, 0)) 2026 vfs_rel(mp); 2027 return (EINPROGRESS); 2028 } 2029 2030 /* 2031 * Only privileged root, or (if MNT_USER is set) the user that did the 2032 * original mount is permitted to unmount this filesystem. 2033 * This check should be made prior to queueing up any recursive 2034 * unmounts of upper filesystems. Those unmounts will be executed 2035 * with kernel thread credentials and are expected to succeed, so 2036 * we must at least ensure the originating context has sufficient 2037 * privilege to unmount the base filesystem before proceeding with 2038 * the uppers. 2039 */ 2040 error = vfs_suser(mp, td); 2041 if (error != 0) { 2042 KASSERT((flags & MNT_DEFERRED) == 0, 2043 ("taskqueue unmount with insufficient privilege")); 2044 vfs_rel(mp); 2045 return (error); 2046 } 2047 2048 if (recursive_forced_unmount && ((flags & MNT_FORCE) != 0)) 2049 flags |= MNT_RECURSE; 2050 2051 if ((flags & MNT_RECURSE) != 0) { 2052 KASSERT((flags & MNT_FORCE) != 0, 2053 ("MNT_RECURSE requires MNT_FORCE")); 2054 2055 MNT_ILOCK(mp); 2056 /* 2057 * Set MNTK_RECURSE to prevent new upper mounts from being 2058 * added, and note that an operation on the uppers list is in 2059 * progress. This will ensure that unregistration from the 2060 * uppers list, and therefore any pending unmount of the upper 2061 * FS, can't complete until after we finish walking the list. 2062 */ 2063 mp->mnt_kern_flag |= MNTK_RECURSE; 2064 mp->mnt_upper_pending++; 2065 TAILQ_FOREACH(upper, &mp->mnt_uppers, mnt_upper_link) { 2066 retries = upper->mp->mnt_unmount_retries; 2067 if (retries > deferred_unmount_retry_limit) { 2068 error = EBUSY; 2069 continue; 2070 } 2071 MNT_IUNLOCK(mp); 2072 2073 vfs_ref(upper->mp); 2074 if (!deferred_unmount_enqueue(upper->mp, flags, 2075 false, 0)) 2076 vfs_rel(upper->mp); 2077 MNT_ILOCK(mp); 2078 } 2079 mp->mnt_upper_pending--; 2080 if ((mp->mnt_kern_flag & MNTK_UPPER_WAITER) != 0 && 2081 mp->mnt_upper_pending == 0) { 2082 mp->mnt_kern_flag &= ~MNTK_UPPER_WAITER; 2083 wakeup(&mp->mnt_uppers); 2084 } 2085 2086 /* 2087 * If we're not on the taskqueue, wait until the uppers list 2088 * is drained before proceeding with unmount. Otherwise, if 2089 * we are on the taskqueue and there are still pending uppers, 2090 * just re-enqueue on the end of the taskqueue. 2091 */ 2092 if ((flags & MNT_DEFERRED) == 0) { 2093 while (error == 0 && !TAILQ_EMPTY(&mp->mnt_uppers)) { 2094 mp->mnt_kern_flag |= MNTK_TASKQUEUE_WAITER; 2095 error = msleep(&mp->mnt_taskqueue_link, 2096 MNT_MTX(mp), PCATCH, "umntqw", 0); 2097 } 2098 if (error != 0) { 2099 MNT_REL(mp); 2100 MNT_IUNLOCK(mp); 2101 return (error); 2102 } 2103 } else if (!TAILQ_EMPTY(&mp->mnt_uppers)) { 2104 MNT_IUNLOCK(mp); 2105 if (error == 0) 2106 deferred_unmount_enqueue(mp, flags, true, 0); 2107 return (error); 2108 } 2109 MNT_IUNLOCK(mp); 2110 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers not empty")); 2111 } 2112 2113 /* Allow the taskqueue to safely re-enqueue on failure */ 2114 if ((flags & MNT_DEFERRED) != 0) 2115 vfs_ref(mp); 2116 2117 if ((coveredvp = mp->mnt_vnodecovered) != NULL) { 2118 mnt_gen_r = mp->mnt_gen; 2119 VI_LOCK(coveredvp); 2120 vholdl(coveredvp); 2121 vn_lock(coveredvp, LK_EXCLUSIVE | LK_INTERLOCK | LK_RETRY); 2122 /* 2123 * Check for mp being unmounted while waiting for the 2124 * covered vnode lock. 2125 */ 2126 if (coveredvp->v_mountedhere != mp || 2127 coveredvp->v_mountedhere->mnt_gen != mnt_gen_r) { 2128 VOP_UNLOCK(coveredvp); 2129 vdrop(coveredvp); 2130 vfs_rel(mp); 2131 return (EBUSY); 2132 } 2133 } 2134 2135 vfs_op_enter(mp); 2136 2137 vn_start_write(NULL, &mp, V_WAIT | V_MNTREF); 2138 MNT_ILOCK(mp); 2139 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0 || 2140 (mp->mnt_flag & MNT_UPDATE) != 0 || 2141 !TAILQ_EMPTY(&mp->mnt_uppers)) { 2142 dounmount_cleanup(mp, coveredvp, 0); 2143 return (EBUSY); 2144 } 2145 mp->mnt_kern_flag |= MNTK_UNMOUNT; 2146 rootvp = vfs_cache_root_clear(mp); 2147 if (coveredvp != NULL) 2148 vn_seqc_write_begin(coveredvp); 2149 if (flags & MNT_NONBUSY) { 2150 MNT_IUNLOCK(mp); 2151 error = vfs_check_usecounts(mp); 2152 MNT_ILOCK(mp); 2153 if (error != 0) { 2154 vn_seqc_write_end(coveredvp); 2155 dounmount_cleanup(mp, coveredvp, MNTK_UNMOUNT); 2156 if (rootvp != NULL) { 2157 vn_seqc_write_end(rootvp); 2158 vrele(rootvp); 2159 } 2160 return (error); 2161 } 2162 } 2163 /* Allow filesystems to detect that a forced unmount is in progress. */ 2164 if (flags & MNT_FORCE) { 2165 mp->mnt_kern_flag |= MNTK_UNMOUNTF; 2166 MNT_IUNLOCK(mp); 2167 /* 2168 * Must be done after setting MNTK_UNMOUNTF and before 2169 * waiting for mnt_lockref to become 0. 2170 */ 2171 VFS_PURGE(mp); 2172 MNT_ILOCK(mp); 2173 } 2174 error = 0; 2175 if (mp->mnt_lockref) { 2176 mp->mnt_kern_flag |= MNTK_DRAINING; 2177 error = msleep(&mp->mnt_lockref, MNT_MTX(mp), PVFS, 2178 "mount drain", 0); 2179 } 2180 MNT_IUNLOCK(mp); 2181 KASSERT(mp->mnt_lockref == 0, 2182 ("%s: invalid lock refcount in the drain path @ %s:%d", 2183 __func__, __FILE__, __LINE__)); 2184 KASSERT(error == 0, 2185 ("%s: invalid return value for msleep in the drain path @ %s:%d", 2186 __func__, __FILE__, __LINE__)); 2187 2188 /* 2189 * We want to keep the vnode around so that we can vn_seqc_write_end 2190 * after we are done with unmount. Downgrade our reference to a mere 2191 * hold count so that we don't interefere with anything. 2192 */ 2193 if (rootvp != NULL) { 2194 vhold(rootvp); 2195 vrele(rootvp); 2196 } 2197 2198 if (mp->mnt_flag & MNT_EXPUBLIC) 2199 vfs_setpublicfs(NULL, NULL, NULL); 2200 2201 vfs_periodic(mp, MNT_WAIT); 2202 MNT_ILOCK(mp); 2203 async_flag = mp->mnt_flag & MNT_ASYNC; 2204 mp->mnt_flag &= ~MNT_ASYNC; 2205 mp->mnt_kern_flag &= ~MNTK_ASYNC; 2206 MNT_IUNLOCK(mp); 2207 vfs_deallocate_syncvnode(mp); 2208 error = VFS_UNMOUNT(mp, flags); 2209 vn_finished_write(mp); 2210 /* 2211 * If we failed to flush the dirty blocks for this mount point, 2212 * undo all the cdir/rdir and rootvnode changes we made above. 2213 * Unless we failed to do so because the device is reporting that 2214 * it doesn't exist anymore. 2215 */ 2216 if (error && error != ENXIO) { 2217 MNT_ILOCK(mp); 2218 if ((mp->mnt_flag & MNT_RDONLY) == 0) { 2219 MNT_IUNLOCK(mp); 2220 vfs_allocate_syncvnode(mp); 2221 MNT_ILOCK(mp); 2222 } 2223 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF); 2224 mp->mnt_flag |= async_flag; 2225 if ((mp->mnt_flag & MNT_ASYNC) != 0 && 2226 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0) 2227 mp->mnt_kern_flag |= MNTK_ASYNC; 2228 if (mp->mnt_kern_flag & MNTK_MWAIT) { 2229 mp->mnt_kern_flag &= ~MNTK_MWAIT; 2230 wakeup(mp); 2231 } 2232 vfs_op_exit_locked(mp); 2233 MNT_IUNLOCK(mp); 2234 if (coveredvp) { 2235 vn_seqc_write_end(coveredvp); 2236 VOP_UNLOCK(coveredvp); 2237 vdrop(coveredvp); 2238 } 2239 if (rootvp != NULL) { 2240 vn_seqc_write_end(rootvp); 2241 vdrop(rootvp); 2242 } 2243 return (error); 2244 } 2245 2246 mtx_lock(&mountlist_mtx); 2247 TAILQ_REMOVE(&mountlist, mp, mnt_list); 2248 mtx_unlock(&mountlist_mtx); 2249 EVENTHANDLER_DIRECT_INVOKE(vfs_unmounted, mp, td); 2250 if (coveredvp != NULL) { 2251 VI_LOCK(coveredvp); 2252 vn_irflag_unset_locked(coveredvp, VIRF_MOUNTPOINT); 2253 coveredvp->v_mountedhere = NULL; 2254 vn_seqc_write_end_locked(coveredvp); 2255 VI_UNLOCK(coveredvp); 2256 VOP_UNLOCK(coveredvp); 2257 vdrop(coveredvp); 2258 } 2259 mount_devctl_event("UNMOUNT", mp, false); 2260 if (rootvp != NULL) { 2261 vn_seqc_write_end(rootvp); 2262 vdrop(rootvp); 2263 } 2264 vfs_event_signal(NULL, VQ_UNMOUNT, 0); 2265 if (rootvnode != NULL && mp == rootvnode->v_mount) { 2266 vrele(rootvnode); 2267 rootvnode = NULL; 2268 } 2269 if (mp == rootdevmp) 2270 rootdevmp = NULL; 2271 if ((flags & MNT_DEFERRED) != 0) 2272 vfs_rel(mp); 2273 vfs_mount_destroy(mp); 2274 return (0); 2275 } 2276 2277 /* 2278 * Report errors during filesystem mounting. 2279 */ 2280 void 2281 vfs_mount_error(struct mount *mp, const char *fmt, ...) 2282 { 2283 struct vfsoptlist *moptlist = mp->mnt_optnew; 2284 va_list ap; 2285 int error, len; 2286 char *errmsg; 2287 2288 error = vfs_getopt(moptlist, "errmsg", (void **)&errmsg, &len); 2289 if (error || errmsg == NULL || len <= 0) 2290 return; 2291 2292 va_start(ap, fmt); 2293 vsnprintf(errmsg, (size_t)len, fmt, ap); 2294 va_end(ap); 2295 } 2296 2297 void 2298 vfs_opterror(struct vfsoptlist *opts, const char *fmt, ...) 2299 { 2300 va_list ap; 2301 int error, len; 2302 char *errmsg; 2303 2304 error = vfs_getopt(opts, "errmsg", (void **)&errmsg, &len); 2305 if (error || errmsg == NULL || len <= 0) 2306 return; 2307 2308 va_start(ap, fmt); 2309 vsnprintf(errmsg, (size_t)len, fmt, ap); 2310 va_end(ap); 2311 } 2312 2313 /* 2314 * --------------------------------------------------------------------- 2315 * Functions for querying mount options/arguments from filesystems. 2316 */ 2317 2318 /* 2319 * Check that no unknown options are given 2320 */ 2321 int 2322 vfs_filteropt(struct vfsoptlist *opts, const char **legal) 2323 { 2324 struct vfsopt *opt; 2325 char errmsg[255]; 2326 const char **t, *p, *q; 2327 int ret = 0; 2328 2329 TAILQ_FOREACH(opt, opts, link) { 2330 p = opt->name; 2331 q = NULL; 2332 if (p[0] == 'n' && p[1] == 'o') 2333 q = p + 2; 2334 for(t = global_opts; *t != NULL; t++) { 2335 if (strcmp(*t, p) == 0) 2336 break; 2337 if (q != NULL) { 2338 if (strcmp(*t, q) == 0) 2339 break; 2340 } 2341 } 2342 if (*t != NULL) 2343 continue; 2344 for(t = legal; *t != NULL; t++) { 2345 if (strcmp(*t, p) == 0) 2346 break; 2347 if (q != NULL) { 2348 if (strcmp(*t, q) == 0) 2349 break; 2350 } 2351 } 2352 if (*t != NULL) 2353 continue; 2354 snprintf(errmsg, sizeof(errmsg), 2355 "mount option <%s> is unknown", p); 2356 ret = EINVAL; 2357 } 2358 if (ret != 0) { 2359 TAILQ_FOREACH(opt, opts, link) { 2360 if (strcmp(opt->name, "errmsg") == 0) { 2361 strncpy((char *)opt->value, errmsg, opt->len); 2362 break; 2363 } 2364 } 2365 if (opt == NULL) 2366 printf("%s\n", errmsg); 2367 } 2368 return (ret); 2369 } 2370 2371 /* 2372 * Get a mount option by its name. 2373 * 2374 * Return 0 if the option was found, ENOENT otherwise. 2375 * If len is non-NULL it will be filled with the length 2376 * of the option. If buf is non-NULL, it will be filled 2377 * with the address of the option. 2378 */ 2379 int 2380 vfs_getopt(struct vfsoptlist *opts, const char *name, void **buf, int *len) 2381 { 2382 struct vfsopt *opt; 2383 2384 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL")); 2385 2386 TAILQ_FOREACH(opt, opts, link) { 2387 if (strcmp(name, opt->name) == 0) { 2388 opt->seen = 1; 2389 if (len != NULL) 2390 *len = opt->len; 2391 if (buf != NULL) 2392 *buf = opt->value; 2393 return (0); 2394 } 2395 } 2396 return (ENOENT); 2397 } 2398 2399 int 2400 vfs_getopt_pos(struct vfsoptlist *opts, const char *name) 2401 { 2402 struct vfsopt *opt; 2403 2404 if (opts == NULL) 2405 return (-1); 2406 2407 TAILQ_FOREACH(opt, opts, link) { 2408 if (strcmp(name, opt->name) == 0) { 2409 opt->seen = 1; 2410 return (opt->pos); 2411 } 2412 } 2413 return (-1); 2414 } 2415 2416 int 2417 vfs_getopt_size(struct vfsoptlist *opts, const char *name, off_t *value) 2418 { 2419 char *opt_value, *vtp; 2420 quad_t iv; 2421 int error, opt_len; 2422 2423 error = vfs_getopt(opts, name, (void **)&opt_value, &opt_len); 2424 if (error != 0) 2425 return (error); 2426 if (opt_len == 0 || opt_value == NULL) 2427 return (EINVAL); 2428 if (opt_value[0] == '\0' || opt_value[opt_len - 1] != '\0') 2429 return (EINVAL); 2430 iv = strtoq(opt_value, &vtp, 0); 2431 if (vtp == opt_value || (vtp[0] != '\0' && vtp[1] != '\0')) 2432 return (EINVAL); 2433 if (iv < 0) 2434 return (EINVAL); 2435 switch (vtp[0]) { 2436 case 't': case 'T': 2437 iv *= 1024; 2438 /* FALLTHROUGH */ 2439 case 'g': case 'G': 2440 iv *= 1024; 2441 /* FALLTHROUGH */ 2442 case 'm': case 'M': 2443 iv *= 1024; 2444 /* FALLTHROUGH */ 2445 case 'k': case 'K': 2446 iv *= 1024; 2447 case '\0': 2448 break; 2449 default: 2450 return (EINVAL); 2451 } 2452 *value = iv; 2453 2454 return (0); 2455 } 2456 2457 char * 2458 vfs_getopts(struct vfsoptlist *opts, const char *name, int *error) 2459 { 2460 struct vfsopt *opt; 2461 2462 *error = 0; 2463 TAILQ_FOREACH(opt, opts, link) { 2464 if (strcmp(name, opt->name) != 0) 2465 continue; 2466 opt->seen = 1; 2467 if (opt->len == 0 || 2468 ((char *)opt->value)[opt->len - 1] != '\0') { 2469 *error = EINVAL; 2470 return (NULL); 2471 } 2472 return (opt->value); 2473 } 2474 *error = ENOENT; 2475 return (NULL); 2476 } 2477 2478 int 2479 vfs_flagopt(struct vfsoptlist *opts, const char *name, uint64_t *w, 2480 uint64_t val) 2481 { 2482 struct vfsopt *opt; 2483 2484 TAILQ_FOREACH(opt, opts, link) { 2485 if (strcmp(name, opt->name) == 0) { 2486 opt->seen = 1; 2487 if (w != NULL) 2488 *w |= val; 2489 return (1); 2490 } 2491 } 2492 if (w != NULL) 2493 *w &= ~val; 2494 return (0); 2495 } 2496 2497 int 2498 vfs_scanopt(struct vfsoptlist *opts, const char *name, const char *fmt, ...) 2499 { 2500 va_list ap; 2501 struct vfsopt *opt; 2502 int ret; 2503 2504 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL")); 2505 2506 TAILQ_FOREACH(opt, opts, link) { 2507 if (strcmp(name, opt->name) != 0) 2508 continue; 2509 opt->seen = 1; 2510 if (opt->len == 0 || opt->value == NULL) 2511 return (0); 2512 if (((char *)opt->value)[opt->len - 1] != '\0') 2513 return (0); 2514 va_start(ap, fmt); 2515 ret = vsscanf(opt->value, fmt, ap); 2516 va_end(ap); 2517 return (ret); 2518 } 2519 return (0); 2520 } 2521 2522 int 2523 vfs_setopt(struct vfsoptlist *opts, const char *name, void *value, int len) 2524 { 2525 struct vfsopt *opt; 2526 2527 TAILQ_FOREACH(opt, opts, link) { 2528 if (strcmp(name, opt->name) != 0) 2529 continue; 2530 opt->seen = 1; 2531 if (opt->value == NULL) 2532 opt->len = len; 2533 else { 2534 if (opt->len != len) 2535 return (EINVAL); 2536 bcopy(value, opt->value, len); 2537 } 2538 return (0); 2539 } 2540 return (ENOENT); 2541 } 2542 2543 int 2544 vfs_setopt_part(struct vfsoptlist *opts, const char *name, void *value, int len) 2545 { 2546 struct vfsopt *opt; 2547 2548 TAILQ_FOREACH(opt, opts, link) { 2549 if (strcmp(name, opt->name) != 0) 2550 continue; 2551 opt->seen = 1; 2552 if (opt->value == NULL) 2553 opt->len = len; 2554 else { 2555 if (opt->len < len) 2556 return (EINVAL); 2557 opt->len = len; 2558 bcopy(value, opt->value, len); 2559 } 2560 return (0); 2561 } 2562 return (ENOENT); 2563 } 2564 2565 int 2566 vfs_setopts(struct vfsoptlist *opts, const char *name, const char *value) 2567 { 2568 struct vfsopt *opt; 2569 2570 TAILQ_FOREACH(opt, opts, link) { 2571 if (strcmp(name, opt->name) != 0) 2572 continue; 2573 opt->seen = 1; 2574 if (opt->value == NULL) 2575 opt->len = strlen(value) + 1; 2576 else if (strlcpy(opt->value, value, opt->len) >= opt->len) 2577 return (EINVAL); 2578 return (0); 2579 } 2580 return (ENOENT); 2581 } 2582 2583 /* 2584 * Find and copy a mount option. 2585 * 2586 * The size of the buffer has to be specified 2587 * in len, if it is not the same length as the 2588 * mount option, EINVAL is returned. 2589 * Returns ENOENT if the option is not found. 2590 */ 2591 int 2592 vfs_copyopt(struct vfsoptlist *opts, const char *name, void *dest, int len) 2593 { 2594 struct vfsopt *opt; 2595 2596 KASSERT(opts != NULL, ("vfs_copyopt: caller passed 'opts' as NULL")); 2597 2598 TAILQ_FOREACH(opt, opts, link) { 2599 if (strcmp(name, opt->name) == 0) { 2600 opt->seen = 1; 2601 if (len != opt->len) 2602 return (EINVAL); 2603 bcopy(opt->value, dest, opt->len); 2604 return (0); 2605 } 2606 } 2607 return (ENOENT); 2608 } 2609 2610 int 2611 __vfs_statfs(struct mount *mp, struct statfs *sbp) 2612 { 2613 2614 /* 2615 * Filesystems only fill in part of the structure for updates, we 2616 * have to read the entirety first to get all content. 2617 */ 2618 if (sbp != &mp->mnt_stat) 2619 memcpy(sbp, &mp->mnt_stat, sizeof(*sbp)); 2620 2621 /* 2622 * Set these in case the underlying filesystem fails to do so. 2623 */ 2624 sbp->f_version = STATFS_VERSION; 2625 sbp->f_namemax = NAME_MAX; 2626 sbp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; 2627 2628 return (mp->mnt_op->vfs_statfs(mp, sbp)); 2629 } 2630 2631 void 2632 vfs_mountedfrom(struct mount *mp, const char *from) 2633 { 2634 2635 bzero(mp->mnt_stat.f_mntfromname, sizeof mp->mnt_stat.f_mntfromname); 2636 strlcpy(mp->mnt_stat.f_mntfromname, from, 2637 sizeof mp->mnt_stat.f_mntfromname); 2638 } 2639 2640 /* 2641 * --------------------------------------------------------------------- 2642 * This is the api for building mount args and mounting filesystems from 2643 * inside the kernel. 2644 * 2645 * The API works by accumulation of individual args. First error is 2646 * latched. 2647 * 2648 * XXX: should be documented in new manpage kernel_mount(9) 2649 */ 2650 2651 /* A memory allocation which must be freed when we are done */ 2652 struct mntaarg { 2653 SLIST_ENTRY(mntaarg) next; 2654 }; 2655 2656 /* The header for the mount arguments */ 2657 struct mntarg { 2658 struct iovec *v; 2659 int len; 2660 int error; 2661 SLIST_HEAD(, mntaarg) list; 2662 }; 2663 2664 /* 2665 * Add a boolean argument. 2666 * 2667 * flag is the boolean value. 2668 * name must start with "no". 2669 */ 2670 struct mntarg * 2671 mount_argb(struct mntarg *ma, int flag, const char *name) 2672 { 2673 2674 KASSERT(name[0] == 'n' && name[1] == 'o', 2675 ("mount_argb(...,%s): name must start with 'no'", name)); 2676 2677 return (mount_arg(ma, name + (flag ? 2 : 0), NULL, 0)); 2678 } 2679 2680 /* 2681 * Add an argument printf style 2682 */ 2683 struct mntarg * 2684 mount_argf(struct mntarg *ma, const char *name, const char *fmt, ...) 2685 { 2686 va_list ap; 2687 struct mntaarg *maa; 2688 struct sbuf *sb; 2689 int len; 2690 2691 if (ma == NULL) { 2692 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2693 SLIST_INIT(&ma->list); 2694 } 2695 if (ma->error) 2696 return (ma); 2697 2698 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2), 2699 M_MOUNT, M_WAITOK); 2700 ma->v[ma->len].iov_base = (void *)(uintptr_t)name; 2701 ma->v[ma->len].iov_len = strlen(name) + 1; 2702 ma->len++; 2703 2704 sb = sbuf_new_auto(); 2705 va_start(ap, fmt); 2706 sbuf_vprintf(sb, fmt, ap); 2707 va_end(ap); 2708 sbuf_finish(sb); 2709 len = sbuf_len(sb) + 1; 2710 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO); 2711 SLIST_INSERT_HEAD(&ma->list, maa, next); 2712 bcopy(sbuf_data(sb), maa + 1, len); 2713 sbuf_delete(sb); 2714 2715 ma->v[ma->len].iov_base = maa + 1; 2716 ma->v[ma->len].iov_len = len; 2717 ma->len++; 2718 2719 return (ma); 2720 } 2721 2722 /* 2723 * Add an argument which is a userland string. 2724 */ 2725 struct mntarg * 2726 mount_argsu(struct mntarg *ma, const char *name, const void *val, int len) 2727 { 2728 struct mntaarg *maa; 2729 char *tbuf; 2730 2731 if (val == NULL) 2732 return (ma); 2733 if (ma == NULL) { 2734 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2735 SLIST_INIT(&ma->list); 2736 } 2737 if (ma->error) 2738 return (ma); 2739 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO); 2740 SLIST_INSERT_HEAD(&ma->list, maa, next); 2741 tbuf = (void *)(maa + 1); 2742 ma->error = copyinstr(val, tbuf, len, NULL); 2743 return (mount_arg(ma, name, tbuf, -1)); 2744 } 2745 2746 /* 2747 * Plain argument. 2748 * 2749 * If length is -1, treat value as a C string. 2750 */ 2751 struct mntarg * 2752 mount_arg(struct mntarg *ma, const char *name, const void *val, int len) 2753 { 2754 2755 if (ma == NULL) { 2756 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO); 2757 SLIST_INIT(&ma->list); 2758 } 2759 if (ma->error) 2760 return (ma); 2761 2762 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2), 2763 M_MOUNT, M_WAITOK); 2764 ma->v[ma->len].iov_base = (void *)(uintptr_t)name; 2765 ma->v[ma->len].iov_len = strlen(name) + 1; 2766 ma->len++; 2767 2768 ma->v[ma->len].iov_base = (void *)(uintptr_t)val; 2769 if (len < 0) 2770 ma->v[ma->len].iov_len = strlen(val) + 1; 2771 else 2772 ma->v[ma->len].iov_len = len; 2773 ma->len++; 2774 return (ma); 2775 } 2776 2777 /* 2778 * Free a mntarg structure 2779 */ 2780 static void 2781 free_mntarg(struct mntarg *ma) 2782 { 2783 struct mntaarg *maa; 2784 2785 while (!SLIST_EMPTY(&ma->list)) { 2786 maa = SLIST_FIRST(&ma->list); 2787 SLIST_REMOVE_HEAD(&ma->list, next); 2788 free(maa, M_MOUNT); 2789 } 2790 free(ma->v, M_MOUNT); 2791 free(ma, M_MOUNT); 2792 } 2793 2794 /* 2795 * Mount a filesystem 2796 */ 2797 int 2798 kernel_mount(struct mntarg *ma, uint64_t flags) 2799 { 2800 struct uio auio; 2801 int error; 2802 2803 KASSERT(ma != NULL, ("kernel_mount NULL ma")); 2804 KASSERT(ma->v != NULL, ("kernel_mount NULL ma->v")); 2805 KASSERT(!(ma->len & 1), ("kernel_mount odd ma->len (%d)", ma->len)); 2806 2807 auio.uio_iov = ma->v; 2808 auio.uio_iovcnt = ma->len; 2809 auio.uio_segflg = UIO_SYSSPACE; 2810 2811 error = ma->error; 2812 if (!error) 2813 error = vfs_donmount(curthread, flags, &auio); 2814 free_mntarg(ma); 2815 return (error); 2816 } 2817 2818 /* Map from mount options to printable formats. */ 2819 static struct mntoptnames optnames[] = { 2820 MNTOPT_NAMES 2821 }; 2822 2823 #define DEVCTL_LEN 1024 2824 static void 2825 mount_devctl_event(const char *type, struct mount *mp, bool donew) 2826 { 2827 const uint8_t *cp; 2828 struct mntoptnames *fp; 2829 struct sbuf sb; 2830 struct statfs *sfp = &mp->mnt_stat; 2831 char *buf; 2832 2833 buf = malloc(DEVCTL_LEN, M_MOUNT, M_NOWAIT); 2834 if (buf == NULL) 2835 return; 2836 sbuf_new(&sb, buf, DEVCTL_LEN, SBUF_FIXEDLEN); 2837 sbuf_cpy(&sb, "mount-point=\""); 2838 devctl_safe_quote_sb(&sb, sfp->f_mntonname); 2839 sbuf_cat(&sb, "\" mount-dev=\""); 2840 devctl_safe_quote_sb(&sb, sfp->f_mntfromname); 2841 sbuf_cat(&sb, "\" mount-type=\""); 2842 devctl_safe_quote_sb(&sb, sfp->f_fstypename); 2843 sbuf_cat(&sb, "\" fsid=0x"); 2844 cp = (const uint8_t *)&sfp->f_fsid.val[0]; 2845 for (int i = 0; i < sizeof(sfp->f_fsid); i++) 2846 sbuf_printf(&sb, "%02x", cp[i]); 2847 sbuf_printf(&sb, " owner=%u flags=\"", sfp->f_owner); 2848 for (fp = optnames; fp->o_opt != 0; fp++) { 2849 if ((mp->mnt_flag & fp->o_opt) != 0) { 2850 sbuf_cat(&sb, fp->o_name); 2851 sbuf_putc(&sb, ';'); 2852 } 2853 } 2854 sbuf_putc(&sb, '"'); 2855 sbuf_finish(&sb); 2856 2857 /* 2858 * Options are not published because the form of the options depends on 2859 * the file system and may include binary data. In addition, they don't 2860 * necessarily provide enough useful information to be actionable when 2861 * devd processes them. 2862 */ 2863 2864 if (sbuf_error(&sb) == 0) 2865 devctl_notify("VFS", "FS", type, sbuf_data(&sb)); 2866 sbuf_delete(&sb); 2867 free(buf, M_MOUNT); 2868 } 2869 2870 /* 2871 * Force remount specified mount point to read-only. The argument 2872 * must be busied to avoid parallel unmount attempts. 2873 * 2874 * Intended use is to prevent further writes if some metadata 2875 * inconsistency is detected. Note that the function still flushes 2876 * all cached metadata and data for the mount point, which might be 2877 * not always suitable. 2878 */ 2879 int 2880 vfs_remount_ro(struct mount *mp) 2881 { 2882 struct vfsoptlist *opts; 2883 struct vfsopt *opt; 2884 struct vnode *vp_covered, *rootvp; 2885 int error; 2886 2887 KASSERT(mp->mnt_lockref > 0, 2888 ("vfs_remount_ro: mp %p is not busied", mp)); 2889 KASSERT((mp->mnt_kern_flag & MNTK_UNMOUNT) == 0, 2890 ("vfs_remount_ro: mp %p is being unmounted (and busy?)", mp)); 2891 2892 rootvp = NULL; 2893 vp_covered = mp->mnt_vnodecovered; 2894 error = vget(vp_covered, LK_EXCLUSIVE | LK_NOWAIT); 2895 if (error != 0) 2896 return (error); 2897 VI_LOCK(vp_covered); 2898 if ((vp_covered->v_iflag & VI_MOUNT) != 0) { 2899 VI_UNLOCK(vp_covered); 2900 vput(vp_covered); 2901 return (EBUSY); 2902 } 2903 vp_covered->v_iflag |= VI_MOUNT; 2904 VI_UNLOCK(vp_covered); 2905 vfs_op_enter(mp); 2906 vn_seqc_write_begin(vp_covered); 2907 2908 MNT_ILOCK(mp); 2909 if ((mp->mnt_flag & MNT_RDONLY) != 0) { 2910 MNT_IUNLOCK(mp); 2911 error = EBUSY; 2912 goto out; 2913 } 2914 mp->mnt_flag |= MNT_UPDATE | MNT_FORCE | MNT_RDONLY; 2915 rootvp = vfs_cache_root_clear(mp); 2916 MNT_IUNLOCK(mp); 2917 2918 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK | M_ZERO); 2919 TAILQ_INIT(opts); 2920 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK | M_ZERO); 2921 opt->name = strdup("ro", M_MOUNT); 2922 opt->value = NULL; 2923 TAILQ_INSERT_TAIL(opts, opt, link); 2924 vfs_mergeopts(opts, mp->mnt_opt); 2925 mp->mnt_optnew = opts; 2926 2927 error = VFS_MOUNT(mp); 2928 2929 if (error == 0) { 2930 MNT_ILOCK(mp); 2931 mp->mnt_flag &= ~(MNT_UPDATE | MNT_FORCE); 2932 MNT_IUNLOCK(mp); 2933 vfs_deallocate_syncvnode(mp); 2934 if (mp->mnt_opt != NULL) 2935 vfs_freeopts(mp->mnt_opt); 2936 mp->mnt_opt = mp->mnt_optnew; 2937 } else { 2938 MNT_ILOCK(mp); 2939 mp->mnt_flag &= ~(MNT_UPDATE | MNT_FORCE | MNT_RDONLY); 2940 MNT_IUNLOCK(mp); 2941 vfs_freeopts(mp->mnt_optnew); 2942 } 2943 mp->mnt_optnew = NULL; 2944 2945 out: 2946 vfs_op_exit(mp); 2947 VI_LOCK(vp_covered); 2948 vp_covered->v_iflag &= ~VI_MOUNT; 2949 VI_UNLOCK(vp_covered); 2950 vput(vp_covered); 2951 vn_seqc_write_end(vp_covered); 2952 if (rootvp != NULL) { 2953 vn_seqc_write_end(rootvp); 2954 vrele(rootvp); 2955 } 2956 return (error); 2957 } 2958 2959 /* 2960 * Suspend write operations on all local writeable filesystems. Does 2961 * full sync of them in the process. 2962 * 2963 * Iterate over the mount points in reverse order, suspending most 2964 * recently mounted filesystems first. It handles a case where a 2965 * filesystem mounted from a md(4) vnode-backed device should be 2966 * suspended before the filesystem that owns the vnode. 2967 */ 2968 void 2969 suspend_all_fs(void) 2970 { 2971 struct mount *mp; 2972 int error; 2973 2974 mtx_lock(&mountlist_mtx); 2975 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) { 2976 error = vfs_busy(mp, MBF_MNTLSTLOCK | MBF_NOWAIT); 2977 if (error != 0) 2978 continue; 2979 if ((mp->mnt_flag & (MNT_RDONLY | MNT_LOCAL)) != MNT_LOCAL || 2980 (mp->mnt_kern_flag & MNTK_SUSPEND) != 0) { 2981 mtx_lock(&mountlist_mtx); 2982 vfs_unbusy(mp); 2983 continue; 2984 } 2985 error = vfs_write_suspend(mp, 0); 2986 if (error == 0) { 2987 MNT_ILOCK(mp); 2988 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0); 2989 mp->mnt_kern_flag |= MNTK_SUSPEND_ALL; 2990 MNT_IUNLOCK(mp); 2991 mtx_lock(&mountlist_mtx); 2992 } else { 2993 printf("suspend of %s failed, error %d\n", 2994 mp->mnt_stat.f_mntonname, error); 2995 mtx_lock(&mountlist_mtx); 2996 vfs_unbusy(mp); 2997 } 2998 } 2999 mtx_unlock(&mountlist_mtx); 3000 } 3001 3002 void 3003 resume_all_fs(void) 3004 { 3005 struct mount *mp; 3006 3007 mtx_lock(&mountlist_mtx); 3008 TAILQ_FOREACH(mp, &mountlist, mnt_list) { 3009 if ((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0) 3010 continue; 3011 mtx_unlock(&mountlist_mtx); 3012 MNT_ILOCK(mp); 3013 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND) != 0); 3014 mp->mnt_kern_flag &= ~MNTK_SUSPEND_ALL; 3015 MNT_IUNLOCK(mp); 3016 vfs_write_resume(mp, 0); 3017 mtx_lock(&mountlist_mtx); 3018 vfs_unbusy(mp); 3019 } 3020 mtx_unlock(&mountlist_mtx); 3021 } 3022