2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1999-2004 Poul-Henning Kamp
5 * Copyright (c) 1999 Michael Smith
6 * Copyright (c) 1989, 1993
7 * The Regents of the University of California. All rights reserved.
8 * (c) UNIX System Laboratories, Inc.
9 * All or some portions of this file are derived from material licensed
10 * to the University of California by American Telephone and Telegraph
11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
12 * the permission of UNIX System Laboratories, Inc.
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in the
21 * documentation and/or other materials provided with the distribution.
22 * 3. Neither the name of the University nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 #include <sys/cdefs.h>
40 __FBSDID("$FreeBSD$");
42 #include <sys/param.h>
45 #include <sys/devctl.h>
46 #include <sys/eventhandler.h>
47 #include <sys/fcntl.h>
49 #include <sys/kernel.h>
51 #include <sys/libkern.h>
52 #include <sys/malloc.h>
53 #include <sys/mount.h>
54 #include <sys/mutex.h>
55 #include <sys/namei.h>
58 #include <sys/filedesc.h>
59 #include <sys/reboot.h>
61 #include <sys/syscallsubr.h>
62 #include <sys/sysproto.h>
64 #include <sys/sysctl.h>
65 #include <sys/sysent.h>
66 #include <sys/systm.h>
67 #include <sys/vnode.h>
70 #include <geom/geom.h>
72 #include <machine/stdarg.h>
74 #include <security/audit/audit.h>
75 #include <security/mac/mac_framework.h>
77 #define VFS_MOUNTARG_SIZE_MAX (1024 * 64)
79 static int vfs_domount(struct thread *td, const char *fstype, char *fspath,
80 uint64_t fsflags, struct vfsoptlist **optlist);
81 static void free_mntarg(struct mntarg *ma);
83 static int usermount = 0;
84 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0,
85 "Unprivileged users may mount and unmount file systems");
87 static bool default_autoro = false;
88 SYSCTL_BOOL(_vfs, OID_AUTO, default_autoro, CTLFLAG_RW, &default_autoro, 0,
89 "Retry failed r/w mount as r/o if no explicit ro/rw option is specified");
91 MALLOC_DEFINE(M_MOUNT, "mount", "vfs mount structure");
92 MALLOC_DEFINE(M_STATFS, "statfs", "statfs structure");
93 static uma_zone_t mount_zone;
95 /* List of mounted filesystems. */
96 struct mntlist mountlist = TAILQ_HEAD_INITIALIZER(mountlist);
98 /* For any iteration/modification of mountlist */
99 struct mtx_padalign __exclusive_cache_line mountlist_mtx;
100 MTX_SYSINIT(mountlist, &mountlist_mtx, "mountlist", MTX_DEF);
102 EVENTHANDLER_LIST_DEFINE(vfs_mounted);
103 EVENTHANDLER_LIST_DEFINE(vfs_unmounted);
105 static void mount_devctl_event(const char *type, struct mount *mp, bool donew);
108 * Global opts, taken by all filesystems
110 static const char *global_opts[] = {
122 mount_init(void *mem, int size, int flags)
126 mp = (struct mount *)mem;
127 mtx_init(&mp->mnt_mtx, "struct mount mtx", NULL, MTX_DEF);
128 mtx_init(&mp->mnt_listmtx, "struct mount vlist mtx", NULL, MTX_DEF);
129 lockinit(&mp->mnt_explock, PVFS, "explock", 0, 0);
130 mp->mnt_pcpu = uma_zalloc_pcpu(pcpu_zone_16, M_WAITOK | M_ZERO);
133 mp->mnt_rootvnode = NULL;
138 mount_fini(void *mem, int size)
142 mp = (struct mount *)mem;
143 uma_zfree_pcpu(pcpu_zone_16, mp->mnt_pcpu);
144 lockdestroy(&mp->mnt_explock);
145 mtx_destroy(&mp->mnt_listmtx);
146 mtx_destroy(&mp->mnt_mtx);
150 vfs_mount_init(void *dummy __unused)
153 mount_zone = uma_zcreate("Mountpoints", sizeof(struct mount), NULL,
154 NULL, mount_init, mount_fini, UMA_ALIGN_CACHE, UMA_ZONE_NOFREE);
156 SYSINIT(vfs_mount, SI_SUB_VFS, SI_ORDER_ANY, vfs_mount_init, NULL);
159 * ---------------------------------------------------------------------
160 * Functions for building and sanitizing the mount options
163 /* Remove one mount option. */
165 vfs_freeopt(struct vfsoptlist *opts, struct vfsopt *opt)
168 TAILQ_REMOVE(opts, opt, link);
169 free(opt->name, M_MOUNT);
170 if (opt->value != NULL)
171 free(opt->value, M_MOUNT);
175 /* Release all resources related to the mount options. */
177 vfs_freeopts(struct vfsoptlist *opts)
181 while (!TAILQ_EMPTY(opts)) {
182 opt = TAILQ_FIRST(opts);
183 vfs_freeopt(opts, opt);
189 vfs_deleteopt(struct vfsoptlist *opts, const char *name)
191 struct vfsopt *opt, *temp;
195 TAILQ_FOREACH_SAFE(opt, opts, link, temp) {
196 if (strcmp(opt->name, name) == 0)
197 vfs_freeopt(opts, opt);
202 vfs_isopt_ro(const char *opt)
205 if (strcmp(opt, "ro") == 0 || strcmp(opt, "rdonly") == 0 ||
206 strcmp(opt, "norw") == 0)
212 vfs_isopt_rw(const char *opt)
215 if (strcmp(opt, "rw") == 0 || strcmp(opt, "noro") == 0)
221 * Check if options are equal (with or without the "no" prefix).
224 vfs_equalopts(const char *opt1, const char *opt2)
228 /* "opt" vs. "opt" or "noopt" vs. "noopt" */
229 if (strcmp(opt1, opt2) == 0)
231 /* "noopt" vs. "opt" */
232 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0)
234 /* "opt" vs. "noopt" */
235 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0)
237 while ((p = strchr(opt1, '.')) != NULL &&
238 !strncmp(opt1, opt2, ++p - opt1)) {
241 /* "foo.noopt" vs. "foo.opt" */
242 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0)
244 /* "foo.opt" vs. "foo.noopt" */
245 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0)
248 /* "ro" / "rdonly" / "norw" / "rw" / "noro" */
249 if ((vfs_isopt_ro(opt1) || vfs_isopt_rw(opt1)) &&
250 (vfs_isopt_ro(opt2) || vfs_isopt_rw(opt2)))
256 * If a mount option is specified several times,
257 * (with or without the "no" prefix) only keep
258 * the last occurrence of it.
261 vfs_sanitizeopts(struct vfsoptlist *opts)
263 struct vfsopt *opt, *opt2, *tmp;
265 TAILQ_FOREACH_REVERSE(opt, opts, vfsoptlist, link) {
266 opt2 = TAILQ_PREV(opt, vfsoptlist, link);
267 while (opt2 != NULL) {
268 if (vfs_equalopts(opt->name, opt2->name)) {
269 tmp = TAILQ_PREV(opt2, vfsoptlist, link);
270 vfs_freeopt(opts, opt2);
273 opt2 = TAILQ_PREV(opt2, vfsoptlist, link);
280 * Build a linked list of mount options from a struct uio.
283 vfs_buildopts(struct uio *auio, struct vfsoptlist **options)
285 struct vfsoptlist *opts;
287 size_t memused, namelen, optlen;
288 unsigned int i, iovcnt;
291 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK);
294 iovcnt = auio->uio_iovcnt;
295 for (i = 0; i < iovcnt; i += 2) {
296 namelen = auio->uio_iov[i].iov_len;
297 optlen = auio->uio_iov[i + 1].iov_len;
298 memused += sizeof(struct vfsopt) + optlen + namelen;
300 * Avoid consuming too much memory, and attempts to overflow
303 if (memused > VFS_MOUNTARG_SIZE_MAX ||
304 optlen > VFS_MOUNTARG_SIZE_MAX ||
305 namelen > VFS_MOUNTARG_SIZE_MAX) {
310 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK);
311 opt->name = malloc(namelen, M_MOUNT, M_WAITOK);
318 * Do this early, so jumps to "bad" will free the current
321 TAILQ_INSERT_TAIL(opts, opt, link);
323 if (auio->uio_segflg == UIO_SYSSPACE) {
324 bcopy(auio->uio_iov[i].iov_base, opt->name, namelen);
326 error = copyin(auio->uio_iov[i].iov_base, opt->name,
331 /* Ensure names are null-terminated strings. */
332 if (namelen == 0 || opt->name[namelen - 1] != '\0') {
338 opt->value = malloc(optlen, M_MOUNT, M_WAITOK);
339 if (auio->uio_segflg == UIO_SYSSPACE) {
340 bcopy(auio->uio_iov[i + 1].iov_base, opt->value,
343 error = copyin(auio->uio_iov[i + 1].iov_base,
350 vfs_sanitizeopts(opts);
359 * Merge the old mount options with the new ones passed
360 * in the MNT_UPDATE case.
362 * XXX: This function will keep a "nofoo" option in the new
363 * options. E.g, if the option's canonical name is "foo",
364 * "nofoo" ends up in the mount point's active options.
367 vfs_mergeopts(struct vfsoptlist *toopts, struct vfsoptlist *oldopts)
369 struct vfsopt *opt, *new;
371 TAILQ_FOREACH(opt, oldopts, link) {
372 new = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK);
373 new->name = strdup(opt->name, M_MOUNT);
375 new->value = malloc(opt->len, M_MOUNT, M_WAITOK);
376 bcopy(opt->value, new->value, opt->len);
380 new->seen = opt->seen;
381 TAILQ_INSERT_HEAD(toopts, new, link);
383 vfs_sanitizeopts(toopts);
387 * Mount a filesystem.
389 #ifndef _SYS_SYSPROTO_H_
397 sys_nmount(struct thread *td, struct nmount_args *uap)
405 * Mount flags are now 64-bits. On 32-bit archtectures only
406 * 32-bits are passed in, but from here on everything handles
407 * 64-bit flags correctly.
411 AUDIT_ARG_FFLAGS(flags);
412 CTR4(KTR_VFS, "%s: iovp %p with iovcnt %d and flags %d", __func__,
413 uap->iovp, uap->iovcnt, flags);
416 * Filter out MNT_ROOTFS. We do not want clients of nmount() in
417 * userspace to set this flag, but we must filter it out if we want
418 * MNT_UPDATE on the root file system to work.
419 * MNT_ROOTFS should only be set by the kernel when mounting its
422 flags &= ~MNT_ROOTFS;
424 iovcnt = uap->iovcnt;
426 * Check that we have an even number of iovec's
427 * and that we have at least two options.
429 if ((iovcnt & 1) || (iovcnt < 4)) {
430 CTR2(KTR_VFS, "%s: failed for invalid iovcnt %d", __func__,
435 error = copyinuio(uap->iovp, iovcnt, &auio);
437 CTR2(KTR_VFS, "%s: failed for invalid uio op with %d errno",
441 error = vfs_donmount(td, flags, auio);
448 * ---------------------------------------------------------------------
449 * Various utility functions
453 vfs_ref(struct mount *mp)
455 struct mount_pcpu *mpcpu;
457 CTR2(KTR_VFS, "%s: mp %p", __func__, mp);
458 if (vfs_op_thread_enter(mp, mpcpu)) {
459 vfs_mp_count_add_pcpu(mpcpu, ref, 1);
460 vfs_op_thread_exit(mp, mpcpu);
470 vfs_rel(struct mount *mp)
472 struct mount_pcpu *mpcpu;
474 CTR2(KTR_VFS, "%s: mp %p", __func__, mp);
475 if (vfs_op_thread_enter(mp, mpcpu)) {
476 vfs_mp_count_sub_pcpu(mpcpu, ref, 1);
477 vfs_op_thread_exit(mp, mpcpu);
487 * Allocate and initialize the mount point struct.
490 vfs_mount_alloc(struct vnode *vp, struct vfsconf *vfsp, const char *fspath,
495 mp = uma_zalloc(mount_zone, M_WAITOK);
496 bzero(&mp->mnt_startzero,
497 __rangeof(struct mount, mnt_startzero, mnt_endzero));
498 mp->mnt_kern_flag = 0;
500 mp->mnt_rootvnode = NULL;
501 mp->mnt_vnodecovered = NULL;
504 TAILQ_INIT(&mp->mnt_nvnodelist);
505 mp->mnt_nvnodelistsize = 0;
506 TAILQ_INIT(&mp->mnt_lazyvnodelist);
507 mp->mnt_lazyvnodelistsize = 0;
508 if (mp->mnt_ref != 0 || mp->mnt_lockref != 0 ||
509 mp->mnt_writeopcount != 0)
510 panic("%s: non-zero counters on new mp %p\n", __func__, mp);
511 if (mp->mnt_vfs_ops != 1)
512 panic("%s: vfs_ops should be 1 but %d found\n", __func__,
514 (void) vfs_busy(mp, MBF_NOWAIT);
515 atomic_add_acq_int(&vfsp->vfc_refcount, 1);
516 mp->mnt_op = vfsp->vfc_vfsops;
518 mp->mnt_stat.f_type = vfsp->vfc_typenum;
520 strlcpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN);
521 mp->mnt_vnodecovered = vp;
522 mp->mnt_cred = crdup(cred);
523 mp->mnt_stat.f_owner = cred->cr_uid;
524 strlcpy(mp->mnt_stat.f_mntonname, fspath, MNAMELEN);
525 mp->mnt_iosize_max = DFLTPHYS;
528 mac_mount_create(cred, mp);
530 arc4rand(&mp->mnt_hashseed, sizeof mp->mnt_hashseed, 0);
531 TAILQ_INIT(&mp->mnt_uppers);
536 * Destroy the mount struct previously allocated by vfs_mount_alloc().
539 vfs_mount_destroy(struct mount *mp)
542 if (mp->mnt_vfs_ops == 0)
543 panic("%s: entered with zero vfs_ops\n", __func__);
545 vfs_assert_mount_counters(mp);
548 mp->mnt_kern_flag |= MNTK_REFEXPIRE;
549 if (mp->mnt_kern_flag & MNTK_MWAIT) {
550 mp->mnt_kern_flag &= ~MNTK_MWAIT;
554 msleep(mp, MNT_MTX(mp), PVFS, "mntref", 0);
555 KASSERT(mp->mnt_ref == 0,
556 ("%s: invalid refcount in the drain path @ %s:%d", __func__,
557 __FILE__, __LINE__));
558 if (mp->mnt_writeopcount != 0)
559 panic("vfs_mount_destroy: nonzero writeopcount");
560 if (mp->mnt_secondary_writes != 0)
561 panic("vfs_mount_destroy: nonzero secondary_writes");
562 atomic_subtract_rel_int(&mp->mnt_vfc->vfc_refcount, 1);
563 if (!TAILQ_EMPTY(&mp->mnt_nvnodelist)) {
566 TAILQ_FOREACH(vp, &mp->mnt_nvnodelist, v_nmntvnodes)
567 vn_printf(vp, "dangling vnode ");
568 panic("unmount: dangling vnode");
570 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers"));
571 if (mp->mnt_nvnodelistsize != 0)
572 panic("vfs_mount_destroy: nonzero nvnodelistsize");
573 if (mp->mnt_lazyvnodelistsize != 0)
574 panic("vfs_mount_destroy: nonzero lazyvnodelistsize");
575 if (mp->mnt_lockref != 0)
576 panic("vfs_mount_destroy: nonzero lock refcount");
579 if (mp->mnt_vfs_ops != 1)
580 panic("%s: vfs_ops should be 1 but %d found\n", __func__,
583 if (mp->mnt_rootvnode != NULL)
584 panic("%s: mount point still has a root vnode %p\n", __func__,
587 if (mp->mnt_vnodecovered != NULL)
588 vrele(mp->mnt_vnodecovered);
590 mac_mount_destroy(mp);
592 if (mp->mnt_opt != NULL)
593 vfs_freeopts(mp->mnt_opt);
594 crfree(mp->mnt_cred);
595 uma_zfree(mount_zone, mp);
599 vfs_should_downgrade_to_ro_mount(uint64_t fsflags, int error)
601 /* This is an upgrade of an exisiting mount. */
602 if ((fsflags & MNT_UPDATE) != 0)
604 /* This is already an R/O mount. */
605 if ((fsflags & MNT_RDONLY) != 0)
609 case ENODEV: /* generic, geom, ... */
610 case EACCES: /* cam/scsi, ... */
611 case EROFS: /* md, mmcsd, ... */
613 * These errors can be returned by the storage layer to signal
614 * that the media is read-only. No harm in the R/O mount
615 * attempt if the error was returned for some other reason.
624 vfs_donmount(struct thread *td, uint64_t fsflags, struct uio *fsoptions)
626 struct vfsoptlist *optlist;
627 struct vfsopt *opt, *tmp_opt;
628 char *fstype, *fspath, *errmsg;
629 int error, fstypelen, fspathlen, errmsg_len, errmsg_pos;
632 errmsg = fspath = NULL;
633 errmsg_len = fspathlen = 0;
635 autoro = default_autoro;
637 error = vfs_buildopts(fsoptions, &optlist);
641 if (vfs_getopt(optlist, "errmsg", (void **)&errmsg, &errmsg_len) == 0)
642 errmsg_pos = vfs_getopt_pos(optlist, "errmsg");
645 * We need these two options before the others,
646 * and they are mandatory for any filesystem.
647 * Ensure they are NUL terminated as well.
650 error = vfs_getopt(optlist, "fstype", (void **)&fstype, &fstypelen);
651 if (error || fstypelen <= 0 || fstype[fstypelen - 1] != '\0') {
654 strncpy(errmsg, "Invalid fstype", errmsg_len);
658 error = vfs_getopt(optlist, "fspath", (void **)&fspath, &fspathlen);
659 if (error || fspathlen <= 0 || fspath[fspathlen - 1] != '\0') {
662 strncpy(errmsg, "Invalid fspath", errmsg_len);
667 * We need to see if we have the "update" option
668 * before we call vfs_domount(), since vfs_domount() has special
669 * logic based on MNT_UPDATE. This is very important
670 * when we want to update the root filesystem.
672 TAILQ_FOREACH_SAFE(opt, optlist, link, tmp_opt) {
675 if (strcmp(opt->name, "update") == 0) {
676 fsflags |= MNT_UPDATE;
679 else if (strcmp(opt->name, "async") == 0)
680 fsflags |= MNT_ASYNC;
681 else if (strcmp(opt->name, "force") == 0) {
682 fsflags |= MNT_FORCE;
685 else if (strcmp(opt->name, "reload") == 0) {
686 fsflags |= MNT_RELOAD;
689 else if (strcmp(opt->name, "multilabel") == 0)
690 fsflags |= MNT_MULTILABEL;
691 else if (strcmp(opt->name, "noasync") == 0)
692 fsflags &= ~MNT_ASYNC;
693 else if (strcmp(opt->name, "noatime") == 0)
694 fsflags |= MNT_NOATIME;
695 else if (strcmp(opt->name, "atime") == 0) {
696 free(opt->name, M_MOUNT);
697 opt->name = strdup("nonoatime", M_MOUNT);
699 else if (strcmp(opt->name, "noclusterr") == 0)
700 fsflags |= MNT_NOCLUSTERR;
701 else if (strcmp(opt->name, "clusterr") == 0) {
702 free(opt->name, M_MOUNT);
703 opt->name = strdup("nonoclusterr", M_MOUNT);
705 else if (strcmp(opt->name, "noclusterw") == 0)
706 fsflags |= MNT_NOCLUSTERW;
707 else if (strcmp(opt->name, "clusterw") == 0) {
708 free(opt->name, M_MOUNT);
709 opt->name = strdup("nonoclusterw", M_MOUNT);
711 else if (strcmp(opt->name, "noexec") == 0)
712 fsflags |= MNT_NOEXEC;
713 else if (strcmp(opt->name, "exec") == 0) {
714 free(opt->name, M_MOUNT);
715 opt->name = strdup("nonoexec", M_MOUNT);
717 else if (strcmp(opt->name, "nosuid") == 0)
718 fsflags |= MNT_NOSUID;
719 else if (strcmp(opt->name, "suid") == 0) {
720 free(opt->name, M_MOUNT);
721 opt->name = strdup("nonosuid", M_MOUNT);
723 else if (strcmp(opt->name, "nosymfollow") == 0)
724 fsflags |= MNT_NOSYMFOLLOW;
725 else if (strcmp(opt->name, "symfollow") == 0) {
726 free(opt->name, M_MOUNT);
727 opt->name = strdup("nonosymfollow", M_MOUNT);
729 else if (strcmp(opt->name, "noro") == 0) {
730 fsflags &= ~MNT_RDONLY;
733 else if (strcmp(opt->name, "rw") == 0) {
734 fsflags &= ~MNT_RDONLY;
737 else if (strcmp(opt->name, "ro") == 0) {
738 fsflags |= MNT_RDONLY;
741 else if (strcmp(opt->name, "rdonly") == 0) {
742 free(opt->name, M_MOUNT);
743 opt->name = strdup("ro", M_MOUNT);
744 fsflags |= MNT_RDONLY;
747 else if (strcmp(opt->name, "autoro") == 0) {
751 else if (strcmp(opt->name, "suiddir") == 0)
752 fsflags |= MNT_SUIDDIR;
753 else if (strcmp(opt->name, "sync") == 0)
754 fsflags |= MNT_SYNCHRONOUS;
755 else if (strcmp(opt->name, "union") == 0)
756 fsflags |= MNT_UNION;
757 else if (strcmp(opt->name, "automounted") == 0) {
758 fsflags |= MNT_AUTOMOUNTED;
760 } else if (strcmp(opt->name, "nocover") == 0) {
761 fsflags |= MNT_NOCOVER;
763 } else if (strcmp(opt->name, "cover") == 0) {
764 fsflags &= ~MNT_NOCOVER;
766 } else if (strcmp(opt->name, "emptydir") == 0) {
767 fsflags |= MNT_EMPTYDIR;
769 } else if (strcmp(opt->name, "noemptydir") == 0) {
770 fsflags &= ~MNT_EMPTYDIR;
774 vfs_freeopt(optlist, opt);
778 * Be ultra-paranoid about making sure the type and fspath
779 * variables will fit in our mp buffers, including the
782 if (fstypelen > MFSNAMELEN || fspathlen > MNAMELEN) {
783 error = ENAMETOOLONG;
787 error = vfs_domount(td, fstype, fspath, fsflags, &optlist);
790 * See if we can mount in the read-only mode if the error code suggests
791 * that it could be possible and the mount options allow for that.
792 * Never try it if "[no]{ro|rw}" has been explicitly requested and not
793 * overridden by "autoro".
795 if (autoro && vfs_should_downgrade_to_ro_mount(fsflags, error)) {
796 printf("%s: R/W mount failed, possibly R/O media,"
797 " trying R/O mount\n", __func__);
798 fsflags |= MNT_RDONLY;
799 error = vfs_domount(td, fstype, fspath, fsflags, &optlist);
802 /* copyout the errmsg */
803 if (errmsg_pos != -1 && ((2 * errmsg_pos + 1) < fsoptions->uio_iovcnt)
804 && errmsg_len > 0 && errmsg != NULL) {
805 if (fsoptions->uio_segflg == UIO_SYSSPACE) {
807 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base,
808 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len);
811 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base,
812 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len);
817 vfs_freeopts(optlist);
824 #ifndef _SYS_SYSPROTO_H_
834 sys_mount(struct thread *td, struct mount_args *uap)
837 struct vfsconf *vfsp = NULL;
838 struct mntarg *ma = NULL;
843 * Mount flags are now 64-bits. On 32-bit architectures only
844 * 32-bits are passed in, but from here on everything handles
845 * 64-bit flags correctly.
849 AUDIT_ARG_FFLAGS(flags);
852 * Filter out MNT_ROOTFS. We do not want clients of mount() in
853 * userspace to set this flag, but we must filter it out if we want
854 * MNT_UPDATE on the root file system to work.
855 * MNT_ROOTFS should only be set by the kernel when mounting its
858 flags &= ~MNT_ROOTFS;
860 fstype = malloc(MFSNAMELEN, M_TEMP, M_WAITOK);
861 error = copyinstr(uap->type, fstype, MFSNAMELEN, NULL);
863 free(fstype, M_TEMP);
867 AUDIT_ARG_TEXT(fstype);
868 vfsp = vfs_byname_kld(fstype, td, &error);
869 free(fstype, M_TEMP);
872 if (((vfsp->vfc_flags & VFCF_SBDRY) != 0 &&
873 vfsp->vfc_vfsops_sd->vfs_cmount == NULL) ||
874 ((vfsp->vfc_flags & VFCF_SBDRY) == 0 &&
875 vfsp->vfc_vfsops->vfs_cmount == NULL))
878 ma = mount_argsu(ma, "fstype", uap->type, MFSNAMELEN);
879 ma = mount_argsu(ma, "fspath", uap->path, MNAMELEN);
880 ma = mount_argb(ma, flags & MNT_RDONLY, "noro");
881 ma = mount_argb(ma, !(flags & MNT_NOSUID), "nosuid");
882 ma = mount_argb(ma, !(flags & MNT_NOEXEC), "noexec");
884 if ((vfsp->vfc_flags & VFCF_SBDRY) != 0)
885 return (vfsp->vfc_vfsops_sd->vfs_cmount(ma, uap->data, flags));
886 return (vfsp->vfc_vfsops->vfs_cmount(ma, uap->data, flags));
890 * vfs_domount_first(): first file system mount (not update)
894 struct thread *td, /* Calling thread. */
895 struct vfsconf *vfsp, /* File system type. */
896 char *fspath, /* Mount path. */
897 struct vnode *vp, /* Vnode to be covered. */
898 uint64_t fsflags, /* Flags common to all filesystems. */
899 struct vfsoptlist **optlist /* Options local to the filesystem. */
904 struct vnode *newdp, *rootvp;
908 ASSERT_VOP_ELOCKED(vp, __func__);
909 KASSERT((fsflags & MNT_UPDATE) == 0, ("MNT_UPDATE shouldn't be here"));
911 if ((fsflags & MNT_EMPTYDIR) != 0) {
912 error = vfs_emptydir(vp);
920 * If the jail of the calling thread lacks permission for this type of
921 * file system, deny immediately.
923 if (jailed(td->td_ucred) && !prison_allow(td->td_ucred,
924 vfsp->vfc_prison_flag)) {
930 * If the user is not root, ensure that they own the directory
931 * onto which we are attempting to mount.
933 error = VOP_GETATTR(vp, &va, td->td_ucred);
934 if (error == 0 && va.va_uid != td->td_ucred->cr_uid)
935 error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN);
937 error = vinvalbuf(vp, V_SAVE, 0, 0);
938 if (error == 0 && vp->v_type != VDIR)
942 if ((vp->v_iflag & VI_MOUNT) == 0 && vp->v_mountedhere == NULL)
943 vp->v_iflag |= VI_MOUNT;
952 vn_seqc_write_begin(vp);
955 /* Allocate and initialize the filesystem. */
956 mp = vfs_mount_alloc(vp, vfsp, fspath, td->td_ucred);
957 /* XXXMAC: pass to vfs_mount_alloc? */
958 mp->mnt_optnew = *optlist;
959 /* Set the mount level flags. */
960 mp->mnt_flag = (fsflags & (MNT_UPDATEMASK | MNT_ROOTFS | MNT_RDONLY));
963 * Mount the filesystem.
964 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they
965 * get. No freeing of cn_pnbuf.
969 if ((error = VFS_MOUNT(mp)) != 0 ||
970 (error1 = VFS_STATFS(mp, &mp->mnt_stat)) != 0 ||
971 (error1 = VFS_ROOT(mp, LK_EXCLUSIVE, &newdp)) != 0) {
975 rootvp = vfs_cache_root_clear(mp);
976 if (rootvp != NULL) {
980 (void)vn_start_write(NULL, &mp, V_WAIT);
982 mp->mnt_kern_flag |= MNTK_UNMOUNT | MNTK_UNMOUNTF;
985 error = VFS_UNMOUNT(mp, 0);
986 vn_finished_write(mp);
989 "failed post-mount (%d): rollback unmount returned %d\n",
996 mp->mnt_vnodecovered = NULL;
998 /* XXXKIB wait for mnt_lockref drain? */
999 vfs_mount_destroy(mp);
1002 vp->v_iflag &= ~VI_MOUNT;
1004 if (rootvp != NULL) {
1005 vn_seqc_write_end(rootvp);
1008 vn_seqc_write_end(vp);
1012 vn_seqc_write_begin(newdp);
1015 if (mp->mnt_opt != NULL)
1016 vfs_freeopts(mp->mnt_opt);
1017 mp->mnt_opt = mp->mnt_optnew;
1021 * Prevent external consumers of mount options from reading mnt_optnew.
1023 mp->mnt_optnew = NULL;
1026 if ((mp->mnt_flag & MNT_ASYNC) != 0 &&
1027 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0)
1028 mp->mnt_kern_flag |= MNTK_ASYNC;
1030 mp->mnt_kern_flag &= ~MNTK_ASYNC;
1033 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1036 vp->v_iflag &= ~VI_MOUNT;
1038 vp->v_mountedhere = mp;
1039 /* Place the new filesystem at the end of the mount list. */
1040 mtx_lock(&mountlist_mtx);
1041 TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list);
1042 mtx_unlock(&mountlist_mtx);
1043 vfs_event_signal(NULL, VQ_MOUNT, 0);
1044 vn_lock(newdp, LK_EXCLUSIVE | LK_RETRY);
1046 EVENTHANDLER_DIRECT_INVOKE(vfs_mounted, mp, newdp, td);
1048 mount_devctl_event("MOUNT", mp, false);
1049 mountcheckdirs(vp, newdp);
1050 vn_seqc_write_end(vp);
1051 vn_seqc_write_end(newdp);
1053 if ((mp->mnt_flag & MNT_RDONLY) == 0)
1054 vfs_allocate_syncvnode(mp);
1061 * vfs_domount_update(): update of mounted file system
1065 struct thread *td, /* Calling thread. */
1066 struct vnode *vp, /* Mount point vnode. */
1067 uint64_t fsflags, /* Flags common to all filesystems. */
1068 struct vfsoptlist **optlist /* Options local to the filesystem. */
1071 struct export_args export;
1072 struct o2export_args o2export;
1073 struct vnode *rootvp;
1076 int error, export_error, i, len;
1080 ASSERT_VOP_ELOCKED(vp, __func__);
1081 KASSERT((fsflags & MNT_UPDATE) != 0, ("MNT_UPDATE should be here"));
1084 if ((vp->v_vflag & VV_ROOT) == 0) {
1085 if (vfs_copyopt(*optlist, "export", &export, sizeof(export))
1095 * We only allow the filesystem to be reloaded if it
1096 * is currently mounted read-only.
1098 flag = mp->mnt_flag;
1099 if ((fsflags & MNT_RELOAD) != 0 && (flag & MNT_RDONLY) == 0) {
1101 return (EOPNOTSUPP); /* Needs translation */
1104 * Only privileged root, or (if MNT_USER is set) the user that
1105 * did the original mount is permitted to update it.
1107 error = vfs_suser(mp, td);
1112 if (vfs_busy(mp, MBF_NOWAIT)) {
1117 if ((vp->v_iflag & VI_MOUNT) != 0 || vp->v_mountedhere != NULL) {
1123 vp->v_iflag |= VI_MOUNT;
1128 vn_seqc_write_begin(vp);
1132 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0) {
1137 mp->mnt_flag &= ~MNT_UPDATEMASK;
1138 mp->mnt_flag |= fsflags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE |
1139 MNT_SNAPSHOT | MNT_ROOTFS | MNT_UPDATEMASK | MNT_RDONLY);
1140 if ((mp->mnt_flag & MNT_ASYNC) == 0)
1141 mp->mnt_kern_flag &= ~MNTK_ASYNC;
1142 rootvp = vfs_cache_root_clear(mp);
1144 mp->mnt_optnew = *optlist;
1145 vfs_mergeopts(mp->mnt_optnew, mp->mnt_opt);
1148 * Mount the filesystem.
1149 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they
1150 * get. No freeing of cn_pnbuf.
1152 error = VFS_MOUNT(mp);
1155 /* Process the export option. */
1156 if (error == 0 && vfs_getopt(mp->mnt_optnew, "export", &bufp,
1158 /* Assume that there is only 1 ABI for each length. */
1160 case (sizeof(struct oexport_args)):
1161 bzero(&o2export, sizeof(o2export));
1163 case (sizeof(o2export)):
1164 bcopy(bufp, &o2export, len);
1165 export.ex_flags = (uint64_t)o2export.ex_flags;
1166 export.ex_root = o2export.ex_root;
1167 export.ex_uid = o2export.ex_anon.cr_uid;
1168 export.ex_groups = NULL;
1169 export.ex_ngroups = o2export.ex_anon.cr_ngroups;
1170 if (export.ex_ngroups > 0) {
1171 if (export.ex_ngroups <= XU_NGROUPS) {
1172 export.ex_groups = malloc(
1173 export.ex_ngroups * sizeof(gid_t),
1175 for (i = 0; i < export.ex_ngroups; i++)
1176 export.ex_groups[i] =
1177 o2export.ex_anon.cr_groups[i];
1179 export_error = EINVAL;
1180 } else if (export.ex_ngroups < 0)
1181 export_error = EINVAL;
1182 export.ex_addr = o2export.ex_addr;
1183 export.ex_addrlen = o2export.ex_addrlen;
1184 export.ex_mask = o2export.ex_mask;
1185 export.ex_masklen = o2export.ex_masklen;
1186 export.ex_indexfile = o2export.ex_indexfile;
1187 export.ex_numsecflavors = o2export.ex_numsecflavors;
1188 if (export.ex_numsecflavors < MAXSECFLAVORS) {
1189 for (i = 0; i < export.ex_numsecflavors; i++)
1190 export.ex_secflavors[i] =
1191 o2export.ex_secflavors[i];
1193 export_error = EINVAL;
1194 if (export_error == 0)
1195 export_error = vfs_export(mp, &export);
1196 free(export.ex_groups, M_TEMP);
1198 case (sizeof(export)):
1199 bcopy(bufp, &export, len);
1201 if (export.ex_ngroups > 0) {
1202 if (export.ex_ngroups <= NGROUPS_MAX) {
1203 grps = malloc(export.ex_ngroups *
1204 sizeof(gid_t), M_TEMP, M_WAITOK);
1205 export_error = copyin(export.ex_groups,
1206 grps, export.ex_ngroups *
1208 if (export_error == 0)
1209 export.ex_groups = grps;
1211 export_error = EINVAL;
1212 } else if (export.ex_ngroups == 0)
1213 export.ex_groups = NULL;
1215 export_error = EINVAL;
1216 if (export_error == 0)
1217 export_error = vfs_export(mp, &export);
1221 export_error = EINVAL;
1228 mp->mnt_flag &= ~(MNT_UPDATE | MNT_RELOAD | MNT_FORCE |
1232 * If we fail, restore old mount flags. MNT_QUOTA is special,
1233 * because it is not part of MNT_UPDATEMASK, but it could have
1234 * changed in the meantime if quotactl(2) was called.
1235 * All in all we want current value of MNT_QUOTA, not the old
1238 mp->mnt_flag = (mp->mnt_flag & MNT_QUOTA) | (flag & ~MNT_QUOTA);
1240 if ((mp->mnt_flag & MNT_ASYNC) != 0 &&
1241 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0)
1242 mp->mnt_kern_flag |= MNTK_ASYNC;
1244 mp->mnt_kern_flag &= ~MNTK_ASYNC;
1250 mount_devctl_event("REMOUNT", mp, true);
1251 if (mp->mnt_opt != NULL)
1252 vfs_freeopts(mp->mnt_opt);
1253 mp->mnt_opt = mp->mnt_optnew;
1255 (void)VFS_STATFS(mp, &mp->mnt_stat);
1257 * Prevent external consumers of mount options from reading
1260 mp->mnt_optnew = NULL;
1262 if ((mp->mnt_flag & MNT_RDONLY) == 0)
1263 vfs_allocate_syncvnode(mp);
1265 vfs_deallocate_syncvnode(mp);
1268 if (rootvp != NULL) {
1269 vn_seqc_write_end(rootvp);
1272 vn_seqc_write_end(vp);
1275 vp->v_iflag &= ~VI_MOUNT;
1278 return (error != 0 ? error : export_error);
1282 * vfs_domount(): actually attempt a filesystem mount.
1286 struct thread *td, /* Calling thread. */
1287 const char *fstype, /* Filesystem type. */
1288 char *fspath, /* Mount path. */
1289 uint64_t fsflags, /* Flags common to all filesystems. */
1290 struct vfsoptlist **optlist /* Options local to the filesystem. */
1293 struct vfsconf *vfsp;
1294 struct nameidata nd;
1300 * Be ultra-paranoid about making sure the type and fspath
1301 * variables will fit in our mp buffers, including the
1304 if (strlen(fstype) >= MFSNAMELEN || strlen(fspath) >= MNAMELEN)
1305 return (ENAMETOOLONG);
1307 if (jailed(td->td_ucred) || usermount == 0) {
1308 if ((error = priv_check(td, PRIV_VFS_MOUNT)) != 0)
1313 * Do not allow NFS export or MNT_SUIDDIR by unprivileged users.
1315 if (fsflags & MNT_EXPORTED) {
1316 error = priv_check(td, PRIV_VFS_MOUNT_EXPORTED);
1320 if (fsflags & MNT_SUIDDIR) {
1321 error = priv_check(td, PRIV_VFS_MOUNT_SUIDDIR);
1326 * Silently enforce MNT_NOSUID and MNT_USER for unprivileged users.
1328 if ((fsflags & (MNT_NOSUID | MNT_USER)) != (MNT_NOSUID | MNT_USER)) {
1329 if (priv_check(td, PRIV_VFS_MOUNT_NONUSER) != 0)
1330 fsflags |= MNT_NOSUID | MNT_USER;
1333 /* Load KLDs before we lock the covered vnode to avoid reversals. */
1335 if ((fsflags & MNT_UPDATE) == 0) {
1336 /* Don't try to load KLDs if we're mounting the root. */
1337 if (fsflags & MNT_ROOTFS)
1338 vfsp = vfs_byname(fstype);
1340 vfsp = vfs_byname_kld(fstype, td, &error);
1346 * Get vnode to be covered or mount point's vnode in case of MNT_UPDATE.
1348 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1,
1349 UIO_SYSSPACE, fspath, td);
1353 NDFREE(&nd, NDF_ONLY_PNBUF);
1355 if ((fsflags & MNT_UPDATE) == 0) {
1356 if ((vp->v_vflag & VV_ROOT) != 0 &&
1357 (fsflags & MNT_NOCOVER) != 0) {
1361 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK);
1362 strcpy(pathbuf, fspath);
1363 error = vn_path_to_global_path(td, vp, pathbuf, MNAMELEN);
1365 error = vfs_domount_first(td, vfsp, pathbuf, vp,
1368 free(pathbuf, M_TEMP);
1370 error = vfs_domount_update(td, vp, fsflags, optlist);
1376 * Unmount a filesystem.
1378 * Note: unmount takes a path to the vnode mounted on as argument, not
1379 * special file (as before).
1381 #ifndef _SYS_SYSPROTO_H_
1382 struct unmount_args {
1389 sys_unmount(struct thread *td, struct unmount_args *uap)
1392 return (kern_unmount(td, uap->path, uap->flags));
1396 kern_unmount(struct thread *td, const char *path, int flags)
1398 struct nameidata nd;
1401 int error, id0, id1;
1403 AUDIT_ARG_VALUE(flags);
1404 if (jailed(td->td_ucred) || usermount == 0) {
1405 error = priv_check(td, PRIV_VFS_UNMOUNT);
1410 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK);
1411 error = copyinstr(path, pathbuf, MNAMELEN, NULL);
1413 free(pathbuf, M_TEMP);
1416 if (flags & MNT_BYFSID) {
1417 AUDIT_ARG_TEXT(pathbuf);
1418 /* Decode the filesystem ID. */
1419 if (sscanf(pathbuf, "FSID:%d:%d", &id0, &id1) != 2) {
1420 free(pathbuf, M_TEMP);
1424 mtx_lock(&mountlist_mtx);
1425 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) {
1426 if (mp->mnt_stat.f_fsid.val[0] == id0 &&
1427 mp->mnt_stat.f_fsid.val[1] == id1) {
1432 mtx_unlock(&mountlist_mtx);
1435 * Try to find global path for path argument.
1437 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1,
1438 UIO_SYSSPACE, pathbuf, td);
1439 if (namei(&nd) == 0) {
1440 NDFREE(&nd, NDF_ONLY_PNBUF);
1441 error = vn_path_to_global_path(td, nd.ni_vp, pathbuf,
1446 mtx_lock(&mountlist_mtx);
1447 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) {
1448 if (strcmp(mp->mnt_stat.f_mntonname, pathbuf) == 0) {
1453 mtx_unlock(&mountlist_mtx);
1455 free(pathbuf, M_TEMP);
1458 * Previously we returned ENOENT for a nonexistent path and
1459 * EINVAL for a non-mountpoint. We cannot tell these apart
1460 * now, so in the !MNT_BYFSID case return the more likely
1461 * EINVAL for compatibility.
1463 return ((flags & MNT_BYFSID) ? ENOENT : EINVAL);
1467 * Don't allow unmounting the root filesystem.
1469 if (mp->mnt_flag & MNT_ROOTFS) {
1473 error = dounmount(mp, flags, td);
1478 * Return error if any of the vnodes, ignoring the root vnode
1479 * and the syncer vnode, have non-zero usecount.
1481 * This function is purely advisory - it can return false positives
1485 vfs_check_usecounts(struct mount *mp)
1487 struct vnode *vp, *mvp;
1489 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) {
1490 if ((vp->v_vflag & VV_ROOT) == 0 && vp->v_type != VNON &&
1491 vp->v_usecount != 0) {
1493 MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp);
1503 dounmount_cleanup(struct mount *mp, struct vnode *coveredvp, int mntkflags)
1506 mtx_assert(MNT_MTX(mp), MA_OWNED);
1507 mp->mnt_kern_flag &= ~mntkflags;
1508 if ((mp->mnt_kern_flag & MNTK_MWAIT) != 0) {
1509 mp->mnt_kern_flag &= ~MNTK_MWAIT;
1512 vfs_op_exit_locked(mp);
1514 if (coveredvp != NULL) {
1515 VOP_UNLOCK(coveredvp);
1518 vn_finished_write(mp);
1522 * There are various reference counters associated with the mount point.
1523 * Normally it is permitted to modify them without taking the mnt ilock,
1524 * but this behavior can be temporarily disabled if stable value is needed
1525 * or callers are expected to block (e.g. to not allow new users during
1529 vfs_op_enter(struct mount *mp)
1531 struct mount_pcpu *mpcpu;
1536 if (mp->mnt_vfs_ops > 1) {
1540 vfs_op_barrier_wait(mp);
1542 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
1544 mp->mnt_ref += mpcpu->mntp_ref;
1545 mpcpu->mntp_ref = 0;
1547 mp->mnt_lockref += mpcpu->mntp_lockref;
1548 mpcpu->mntp_lockref = 0;
1550 mp->mnt_writeopcount += mpcpu->mntp_writeopcount;
1551 mpcpu->mntp_writeopcount = 0;
1553 if (mp->mnt_ref <= 0 || mp->mnt_lockref < 0 || mp->mnt_writeopcount < 0)
1554 panic("%s: invalid count(s) on mp %p: ref %d lockref %d writeopcount %d\n",
1555 __func__, mp, mp->mnt_ref, mp->mnt_lockref, mp->mnt_writeopcount);
1557 vfs_assert_mount_counters(mp);
1561 vfs_op_exit_locked(struct mount *mp)
1564 mtx_assert(MNT_MTX(mp), MA_OWNED);
1566 if (mp->mnt_vfs_ops <= 0)
1567 panic("%s: invalid vfs_ops count %d for mp %p\n",
1568 __func__, mp->mnt_vfs_ops, mp);
1573 vfs_op_exit(struct mount *mp)
1577 vfs_op_exit_locked(mp);
1581 struct vfs_op_barrier_ipi {
1583 struct smp_rendezvous_cpus_retry_arg srcra;
1587 vfs_op_action_func(void *arg)
1589 struct vfs_op_barrier_ipi *vfsopipi;
1592 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra);
1595 if (!vfs_op_thread_entered(mp))
1596 smp_rendezvous_cpus_done(arg);
1600 vfs_op_wait_func(void *arg, int cpu)
1602 struct vfs_op_barrier_ipi *vfsopipi;
1604 struct mount_pcpu *mpcpu;
1606 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra);
1609 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
1610 while (atomic_load_int(&mpcpu->mntp_thread_in_ops))
1615 vfs_op_barrier_wait(struct mount *mp)
1617 struct vfs_op_barrier_ipi vfsopipi;
1621 smp_rendezvous_cpus_retry(all_cpus,
1622 smp_no_rendezvous_barrier,
1624 smp_no_rendezvous_barrier,
1631 vfs_assert_mount_counters(struct mount *mp)
1633 struct mount_pcpu *mpcpu;
1636 if (mp->mnt_vfs_ops == 0)
1640 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
1641 if (mpcpu->mntp_ref != 0 ||
1642 mpcpu->mntp_lockref != 0 ||
1643 mpcpu->mntp_writeopcount != 0)
1644 vfs_dump_mount_counters(mp);
1649 vfs_dump_mount_counters(struct mount *mp)
1651 struct mount_pcpu *mpcpu;
1652 int ref, lockref, writeopcount;
1655 printf("%s: mp %p vfs_ops %d\n", __func__, mp, mp->mnt_vfs_ops);
1660 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
1661 printf("%d ", mpcpu->mntp_ref);
1662 ref += mpcpu->mntp_ref;
1665 printf(" lockref : ");
1666 lockref = mp->mnt_lockref;
1668 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
1669 printf("%d ", mpcpu->mntp_lockref);
1670 lockref += mpcpu->mntp_lockref;
1673 printf("writeopcount: ");
1674 writeopcount = mp->mnt_writeopcount;
1676 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
1677 printf("%d ", mpcpu->mntp_writeopcount);
1678 writeopcount += mpcpu->mntp_writeopcount;
1682 printf("counter struct total\n");
1683 printf("ref %-5d %-5d\n", mp->mnt_ref, ref);
1684 printf("lockref %-5d %-5d\n", mp->mnt_lockref, lockref);
1685 printf("writeopcount %-5d %-5d\n", mp->mnt_writeopcount, writeopcount);
1687 panic("invalid counts on struct mount");
1692 vfs_mount_fetch_counter(struct mount *mp, enum mount_counter which)
1694 struct mount_pcpu *mpcpu;
1701 case MNT_COUNT_LOCKREF:
1702 sum = mp->mnt_lockref;
1704 case MNT_COUNT_WRITEOPCOUNT:
1705 sum = mp->mnt_writeopcount;
1710 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
1713 sum += mpcpu->mntp_ref;
1715 case MNT_COUNT_LOCKREF:
1716 sum += mpcpu->mntp_lockref;
1718 case MNT_COUNT_WRITEOPCOUNT:
1719 sum += mpcpu->mntp_writeopcount;
1727 * Do the actual filesystem unmount.
1730 dounmount(struct mount *mp, int flags, struct thread *td)
1732 struct vnode *coveredvp, *rootvp;
1734 uint64_t async_flag;
1737 if ((coveredvp = mp->mnt_vnodecovered) != NULL) {
1738 mnt_gen_r = mp->mnt_gen;
1741 vn_lock(coveredvp, LK_EXCLUSIVE | LK_INTERLOCK | LK_RETRY);
1743 * Check for mp being unmounted while waiting for the
1744 * covered vnode lock.
1746 if (coveredvp->v_mountedhere != mp ||
1747 coveredvp->v_mountedhere->mnt_gen != mnt_gen_r) {
1748 VOP_UNLOCK(coveredvp);
1756 * Only privileged root, or (if MNT_USER is set) the user that did the
1757 * original mount is permitted to unmount this filesystem.
1759 error = vfs_suser(mp, td);
1761 if (coveredvp != NULL) {
1762 VOP_UNLOCK(coveredvp);
1771 vn_start_write(NULL, &mp, V_WAIT | V_MNTREF);
1773 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0 ||
1774 (mp->mnt_flag & MNT_UPDATE) != 0 ||
1775 !TAILQ_EMPTY(&mp->mnt_uppers)) {
1776 dounmount_cleanup(mp, coveredvp, 0);
1779 mp->mnt_kern_flag |= MNTK_UNMOUNT;
1780 rootvp = vfs_cache_root_clear(mp);
1781 if (coveredvp != NULL)
1782 vn_seqc_write_begin(coveredvp);
1783 if (flags & MNT_NONBUSY) {
1785 error = vfs_check_usecounts(mp);
1788 vn_seqc_write_end(coveredvp);
1789 dounmount_cleanup(mp, coveredvp, MNTK_UNMOUNT);
1790 if (rootvp != NULL) {
1791 vn_seqc_write_end(rootvp);
1797 /* Allow filesystems to detect that a forced unmount is in progress. */
1798 if (flags & MNT_FORCE) {
1799 mp->mnt_kern_flag |= MNTK_UNMOUNTF;
1802 * Must be done after setting MNTK_UNMOUNTF and before
1803 * waiting for mnt_lockref to become 0.
1809 if (mp->mnt_lockref) {
1810 mp->mnt_kern_flag |= MNTK_DRAINING;
1811 error = msleep(&mp->mnt_lockref, MNT_MTX(mp), PVFS,
1815 KASSERT(mp->mnt_lockref == 0,
1816 ("%s: invalid lock refcount in the drain path @ %s:%d",
1817 __func__, __FILE__, __LINE__));
1819 ("%s: invalid return value for msleep in the drain path @ %s:%d",
1820 __func__, __FILE__, __LINE__));
1823 * We want to keep the vnode around so that we can vn_seqc_write_end
1824 * after we are done with unmount. Downgrade our reference to a mere
1825 * hold count so that we don't interefere with anything.
1827 if (rootvp != NULL) {
1832 if (mp->mnt_flag & MNT_EXPUBLIC)
1833 vfs_setpublicfs(NULL, NULL, NULL);
1835 vfs_periodic(mp, MNT_WAIT);
1837 async_flag = mp->mnt_flag & MNT_ASYNC;
1838 mp->mnt_flag &= ~MNT_ASYNC;
1839 mp->mnt_kern_flag &= ~MNTK_ASYNC;
1841 vfs_deallocate_syncvnode(mp);
1842 error = VFS_UNMOUNT(mp, flags);
1843 vn_finished_write(mp);
1845 * If we failed to flush the dirty blocks for this mount point,
1846 * undo all the cdir/rdir and rootvnode changes we made above.
1847 * Unless we failed to do so because the device is reporting that
1848 * it doesn't exist anymore.
1850 if (error && error != ENXIO) {
1852 if ((mp->mnt_flag & MNT_RDONLY) == 0) {
1854 vfs_allocate_syncvnode(mp);
1857 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
1858 mp->mnt_flag |= async_flag;
1859 if ((mp->mnt_flag & MNT_ASYNC) != 0 &&
1860 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0)
1861 mp->mnt_kern_flag |= MNTK_ASYNC;
1862 if (mp->mnt_kern_flag & MNTK_MWAIT) {
1863 mp->mnt_kern_flag &= ~MNTK_MWAIT;
1866 vfs_op_exit_locked(mp);
1869 vn_seqc_write_end(coveredvp);
1870 VOP_UNLOCK(coveredvp);
1873 if (rootvp != NULL) {
1874 vn_seqc_write_end(rootvp);
1879 mtx_lock(&mountlist_mtx);
1880 TAILQ_REMOVE(&mountlist, mp, mnt_list);
1881 mtx_unlock(&mountlist_mtx);
1882 EVENTHANDLER_DIRECT_INVOKE(vfs_unmounted, mp, td);
1883 if (coveredvp != NULL) {
1884 coveredvp->v_mountedhere = NULL;
1885 vn_seqc_write_end(coveredvp);
1886 VOP_UNLOCK(coveredvp);
1889 mount_devctl_event("UNMOUNT", mp, false);
1890 if (rootvp != NULL) {
1891 vn_seqc_write_end(rootvp);
1894 vfs_event_signal(NULL, VQ_UNMOUNT, 0);
1895 if (rootvnode != NULL && mp == rootvnode->v_mount) {
1899 if (mp == rootdevmp)
1901 vfs_mount_destroy(mp);
1906 * Report errors during filesystem mounting.
1909 vfs_mount_error(struct mount *mp, const char *fmt, ...)
1911 struct vfsoptlist *moptlist = mp->mnt_optnew;
1916 error = vfs_getopt(moptlist, "errmsg", (void **)&errmsg, &len);
1917 if (error || errmsg == NULL || len <= 0)
1921 vsnprintf(errmsg, (size_t)len, fmt, ap);
1926 vfs_opterror(struct vfsoptlist *opts, const char *fmt, ...)
1932 error = vfs_getopt(opts, "errmsg", (void **)&errmsg, &len);
1933 if (error || errmsg == NULL || len <= 0)
1937 vsnprintf(errmsg, (size_t)len, fmt, ap);
1942 * ---------------------------------------------------------------------
1943 * Functions for querying mount options/arguments from filesystems.
1947 * Check that no unknown options are given
1950 vfs_filteropt(struct vfsoptlist *opts, const char **legal)
1954 const char **t, *p, *q;
1957 TAILQ_FOREACH(opt, opts, link) {
1960 if (p[0] == 'n' && p[1] == 'o')
1962 for(t = global_opts; *t != NULL; t++) {
1963 if (strcmp(*t, p) == 0)
1966 if (strcmp(*t, q) == 0)
1972 for(t = legal; *t != NULL; t++) {
1973 if (strcmp(*t, p) == 0)
1976 if (strcmp(*t, q) == 0)
1982 snprintf(errmsg, sizeof(errmsg),
1983 "mount option <%s> is unknown", p);
1987 TAILQ_FOREACH(opt, opts, link) {
1988 if (strcmp(opt->name, "errmsg") == 0) {
1989 strncpy((char *)opt->value, errmsg, opt->len);
1994 printf("%s\n", errmsg);
2000 * Get a mount option by its name.
2002 * Return 0 if the option was found, ENOENT otherwise.
2003 * If len is non-NULL it will be filled with the length
2004 * of the option. If buf is non-NULL, it will be filled
2005 * with the address of the option.
2008 vfs_getopt(struct vfsoptlist *opts, const char *name, void **buf, int *len)
2012 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL"));
2014 TAILQ_FOREACH(opt, opts, link) {
2015 if (strcmp(name, opt->name) == 0) {
2028 vfs_getopt_pos(struct vfsoptlist *opts, const char *name)
2035 TAILQ_FOREACH(opt, opts, link) {
2036 if (strcmp(name, opt->name) == 0) {
2045 vfs_getopt_size(struct vfsoptlist *opts, const char *name, off_t *value)
2047 char *opt_value, *vtp;
2051 error = vfs_getopt(opts, name, (void **)&opt_value, &opt_len);
2054 if (opt_len == 0 || opt_value == NULL)
2056 if (opt_value[0] == '\0' || opt_value[opt_len - 1] != '\0')
2058 iv = strtoq(opt_value, &vtp, 0);
2059 if (vtp == opt_value || (vtp[0] != '\0' && vtp[1] != '\0'))
2086 vfs_getopts(struct vfsoptlist *opts, const char *name, int *error)
2091 TAILQ_FOREACH(opt, opts, link) {
2092 if (strcmp(name, opt->name) != 0)
2095 if (opt->len == 0 ||
2096 ((char *)opt->value)[opt->len - 1] != '\0') {
2100 return (opt->value);
2107 vfs_flagopt(struct vfsoptlist *opts, const char *name, uint64_t *w,
2112 TAILQ_FOREACH(opt, opts, link) {
2113 if (strcmp(name, opt->name) == 0) {
2126 vfs_scanopt(struct vfsoptlist *opts, const char *name, const char *fmt, ...)
2132 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL"));
2134 TAILQ_FOREACH(opt, opts, link) {
2135 if (strcmp(name, opt->name) != 0)
2138 if (opt->len == 0 || opt->value == NULL)
2140 if (((char *)opt->value)[opt->len - 1] != '\0')
2143 ret = vsscanf(opt->value, fmt, ap);
2151 vfs_setopt(struct vfsoptlist *opts, const char *name, void *value, int len)
2155 TAILQ_FOREACH(opt, opts, link) {
2156 if (strcmp(name, opt->name) != 0)
2159 if (opt->value == NULL)
2162 if (opt->len != len)
2164 bcopy(value, opt->value, len);
2172 vfs_setopt_part(struct vfsoptlist *opts, const char *name, void *value, int len)
2176 TAILQ_FOREACH(opt, opts, link) {
2177 if (strcmp(name, opt->name) != 0)
2180 if (opt->value == NULL)
2186 bcopy(value, opt->value, len);
2194 vfs_setopts(struct vfsoptlist *opts, const char *name, const char *value)
2198 TAILQ_FOREACH(opt, opts, link) {
2199 if (strcmp(name, opt->name) != 0)
2202 if (opt->value == NULL)
2203 opt->len = strlen(value) + 1;
2204 else if (strlcpy(opt->value, value, opt->len) >= opt->len)
2212 * Find and copy a mount option.
2214 * The size of the buffer has to be specified
2215 * in len, if it is not the same length as the
2216 * mount option, EINVAL is returned.
2217 * Returns ENOENT if the option is not found.
2220 vfs_copyopt(struct vfsoptlist *opts, const char *name, void *dest, int len)
2224 KASSERT(opts != NULL, ("vfs_copyopt: caller passed 'opts' as NULL"));
2226 TAILQ_FOREACH(opt, opts, link) {
2227 if (strcmp(name, opt->name) == 0) {
2229 if (len != opt->len)
2231 bcopy(opt->value, dest, opt->len);
2239 __vfs_statfs(struct mount *mp, struct statfs *sbp)
2243 * Filesystems only fill in part of the structure for updates, we
2244 * have to read the entirety first to get all content.
2246 if (sbp != &mp->mnt_stat)
2247 memcpy(sbp, &mp->mnt_stat, sizeof(*sbp));
2250 * Set these in case the underlying filesystem fails to do so.
2252 sbp->f_version = STATFS_VERSION;
2253 sbp->f_namemax = NAME_MAX;
2254 sbp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
2256 return (mp->mnt_op->vfs_statfs(mp, sbp));
2260 vfs_mountedfrom(struct mount *mp, const char *from)
2263 bzero(mp->mnt_stat.f_mntfromname, sizeof mp->mnt_stat.f_mntfromname);
2264 strlcpy(mp->mnt_stat.f_mntfromname, from,
2265 sizeof mp->mnt_stat.f_mntfromname);
2269 * ---------------------------------------------------------------------
2270 * This is the api for building mount args and mounting filesystems from
2271 * inside the kernel.
2273 * The API works by accumulation of individual args. First error is
2276 * XXX: should be documented in new manpage kernel_mount(9)
2279 /* A memory allocation which must be freed when we are done */
2281 SLIST_ENTRY(mntaarg) next;
2284 /* The header for the mount arguments */
2289 SLIST_HEAD(, mntaarg) list;
2293 * Add a boolean argument.
2295 * flag is the boolean value.
2296 * name must start with "no".
2299 mount_argb(struct mntarg *ma, int flag, const char *name)
2302 KASSERT(name[0] == 'n' && name[1] == 'o',
2303 ("mount_argb(...,%s): name must start with 'no'", name));
2305 return (mount_arg(ma, name + (flag ? 2 : 0), NULL, 0));
2309 * Add an argument printf style
2312 mount_argf(struct mntarg *ma, const char *name, const char *fmt, ...)
2315 struct mntaarg *maa;
2320 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO);
2321 SLIST_INIT(&ma->list);
2326 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2),
2328 ma->v[ma->len].iov_base = (void *)(uintptr_t)name;
2329 ma->v[ma->len].iov_len = strlen(name) + 1;
2332 sb = sbuf_new_auto();
2334 sbuf_vprintf(sb, fmt, ap);
2337 len = sbuf_len(sb) + 1;
2338 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO);
2339 SLIST_INSERT_HEAD(&ma->list, maa, next);
2340 bcopy(sbuf_data(sb), maa + 1, len);
2343 ma->v[ma->len].iov_base = maa + 1;
2344 ma->v[ma->len].iov_len = len;
2351 * Add an argument which is a userland string.
2354 mount_argsu(struct mntarg *ma, const char *name, const void *val, int len)
2356 struct mntaarg *maa;
2362 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO);
2363 SLIST_INIT(&ma->list);
2367 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO);
2368 SLIST_INSERT_HEAD(&ma->list, maa, next);
2369 tbuf = (void *)(maa + 1);
2370 ma->error = copyinstr(val, tbuf, len, NULL);
2371 return (mount_arg(ma, name, tbuf, -1));
2377 * If length is -1, treat value as a C string.
2380 mount_arg(struct mntarg *ma, const char *name, const void *val, int len)
2384 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO);
2385 SLIST_INIT(&ma->list);
2390 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2),
2392 ma->v[ma->len].iov_base = (void *)(uintptr_t)name;
2393 ma->v[ma->len].iov_len = strlen(name) + 1;
2396 ma->v[ma->len].iov_base = (void *)(uintptr_t)val;
2398 ma->v[ma->len].iov_len = strlen(val) + 1;
2400 ma->v[ma->len].iov_len = len;
2406 * Free a mntarg structure
2409 free_mntarg(struct mntarg *ma)
2411 struct mntaarg *maa;
2413 while (!SLIST_EMPTY(&ma->list)) {
2414 maa = SLIST_FIRST(&ma->list);
2415 SLIST_REMOVE_HEAD(&ma->list, next);
2418 free(ma->v, M_MOUNT);
2423 * Mount a filesystem
2426 kernel_mount(struct mntarg *ma, uint64_t flags)
2431 KASSERT(ma != NULL, ("kernel_mount NULL ma"));
2432 KASSERT(ma->v != NULL, ("kernel_mount NULL ma->v"));
2433 KASSERT(!(ma->len & 1), ("kernel_mount odd ma->len (%d)", ma->len));
2435 auio.uio_iov = ma->v;
2436 auio.uio_iovcnt = ma->len;
2437 auio.uio_segflg = UIO_SYSSPACE;
2441 error = vfs_donmount(curthread, flags, &auio);
2447 * A printflike function to mount a filesystem.
2450 kernel_vmount(int flags, ...)
2452 struct mntarg *ma = NULL;
2458 va_start(ap, flags);
2460 cp = va_arg(ap, const char *);
2463 vp = va_arg(ap, const void *);
2464 ma = mount_arg(ma, cp, vp, (vp != NULL ? -1 : 0));
2468 error = kernel_mount(ma, flags);
2472 /* Map from mount options to printable formats. */
2473 static struct mntoptnames optnames[] = {
2478 mount_devctl_event_mntopt(struct sbuf *sb, const char *what, struct vfsoptlist *opts)
2482 if (opts == NULL || TAILQ_EMPTY(opts))
2484 sbuf_printf(sb, " %s=\"", what);
2485 TAILQ_FOREACH(opt, opts, link) {
2486 if (opt->name[0] == '\0' || (opt->len > 0 && *(char *)opt->value == '\0'))
2488 devctl_safe_quote_sb(sb, opt->name);
2491 devctl_safe_quote_sb(sb, opt->value);
2498 #define DEVCTL_LEN 1024
2500 mount_devctl_event(const char *type, struct mount *mp, bool donew)
2503 struct mntoptnames *fp;
2505 struct statfs *sfp = &mp->mnt_stat;
2508 buf = malloc(DEVCTL_LEN, M_MOUNT, M_NOWAIT);
2511 sbuf_new(&sb, buf, DEVCTL_LEN, SBUF_FIXEDLEN);
2512 sbuf_cpy(&sb, "mount-point=\"");
2513 devctl_safe_quote_sb(&sb, sfp->f_mntonname);
2514 sbuf_cat(&sb, "\" mount-dev=\"");
2515 devctl_safe_quote_sb(&sb, sfp->f_mntfromname);
2516 sbuf_cat(&sb, "\" mount-type=\"");
2517 devctl_safe_quote_sb(&sb, sfp->f_fstypename);
2518 sbuf_cat(&sb, "\" fsid=0x");
2519 cp = (const uint8_t *)&sfp->f_fsid.val[0];
2520 for (int i = 0; i < sizeof(sfp->f_fsid); i++)
2521 sbuf_printf(&sb, "%02x", cp[i]);
2522 sbuf_printf(&sb, " owner=%u flags=\"", sfp->f_owner);
2523 for (fp = optnames; fp->o_opt != 0; fp++) {
2524 if ((mp->mnt_flag & fp->o_opt) != 0) {
2525 sbuf_cat(&sb, fp->o_name);
2526 sbuf_putc(&sb, ';');
2529 sbuf_putc(&sb, '"');
2530 mount_devctl_event_mntopt(&sb, "opt", mp->mnt_opt);
2532 mount_devctl_event_mntopt(&sb, "optnew", mp->mnt_optnew);
2535 if (sbuf_error(&sb) == 0)
2536 devctl_notify("VFS", "FS", type, sbuf_data(&sb));
2542 * Suspend write operations on all local writeable filesystems. Does
2543 * full sync of them in the process.
2545 * Iterate over the mount points in reverse order, suspending most
2546 * recently mounted filesystems first. It handles a case where a
2547 * filesystem mounted from a md(4) vnode-backed device should be
2548 * suspended before the filesystem that owns the vnode.
2551 suspend_all_fs(void)
2556 mtx_lock(&mountlist_mtx);
2557 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) {
2558 error = vfs_busy(mp, MBF_MNTLSTLOCK | MBF_NOWAIT);
2561 if ((mp->mnt_flag & (MNT_RDONLY | MNT_LOCAL)) != MNT_LOCAL ||
2562 (mp->mnt_kern_flag & MNTK_SUSPEND) != 0) {
2563 mtx_lock(&mountlist_mtx);
2567 error = vfs_write_suspend(mp, 0);
2570 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0);
2571 mp->mnt_kern_flag |= MNTK_SUSPEND_ALL;
2573 mtx_lock(&mountlist_mtx);
2575 printf("suspend of %s failed, error %d\n",
2576 mp->mnt_stat.f_mntonname, error);
2577 mtx_lock(&mountlist_mtx);
2581 mtx_unlock(&mountlist_mtx);
2589 mtx_lock(&mountlist_mtx);
2590 TAILQ_FOREACH(mp, &mountlist, mnt_list) {
2591 if ((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0)
2593 mtx_unlock(&mountlist_mtx);
2595 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND) != 0);
2596 mp->mnt_kern_flag &= ~MNTK_SUSPEND_ALL;
2598 vfs_write_resume(mp, 0);
2599 mtx_lock(&mountlist_mtx);
2602 mtx_unlock(&mountlist_mtx);
projects / FreeBSD / FreeBSD.git / blob