2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1999-2004 Poul-Henning Kamp
5 * Copyright (c) 1999 Michael Smith
6 * Copyright (c) 1989, 1993
7 * The Regents of the University of California. All rights reserved.
8 * (c) UNIX System Laboratories, Inc.
9 * All or some portions of this file are derived from material licensed
10 * to the University of California by American Telephone and Telegraph
11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
12 * the permission of UNIX System Laboratories, Inc.
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in the
21 * documentation and/or other materials provided with the distribution.
22 * 3. Neither the name of the University nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 #include <sys/param.h>
42 #include <sys/devctl.h>
43 #include <sys/eventhandler.h>
44 #include <sys/fcntl.h>
46 #include <sys/kernel.h>
48 #include <sys/libkern.h>
49 #include <sys/limits.h>
50 #include <sys/malloc.h>
51 #include <sys/mount.h>
52 #include <sys/mutex.h>
53 #include <sys/namei.h>
56 #include <sys/filedesc.h>
57 #include <sys/reboot.h>
59 #include <sys/syscallsubr.h>
60 #include <sys/sysproto.h>
62 #include <sys/sysctl.h>
63 #include <sys/systm.h>
64 #include <sys/taskqueue.h>
65 #include <sys/vnode.h>
68 #include <geom/geom.h>
70 #include <machine/stdarg.h>
72 #include <security/audit/audit.h>
73 #include <security/mac/mac_framework.h>
75 #define VFS_MOUNTARG_SIZE_MAX (1024 * 64)
77 static int vfs_domount(struct thread *td, const char *fstype, char *fspath,
78 uint64_t fsflags, bool jail_export,
79 struct vfsoptlist **optlist);
80 static void free_mntarg(struct mntarg *ma);
82 static int usermount = 0;
83 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0,
84 "Unprivileged users may mount and unmount file systems");
86 static bool default_autoro = false;
87 SYSCTL_BOOL(_vfs, OID_AUTO, default_autoro, CTLFLAG_RW, &default_autoro, 0,
88 "Retry failed r/w mount as r/o if no explicit ro/rw option is specified");
90 static bool recursive_forced_unmount = false;
91 SYSCTL_BOOL(_vfs, OID_AUTO, recursive_forced_unmount, CTLFLAG_RW,
92 &recursive_forced_unmount, 0, "Recursively unmount stacked upper mounts"
93 " when a file system is forcibly unmounted");
95 static SYSCTL_NODE(_vfs, OID_AUTO, deferred_unmount,
96 CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "deferred unmount controls");
98 static unsigned int deferred_unmount_retry_limit = 10;
99 SYSCTL_UINT(_vfs_deferred_unmount, OID_AUTO, retry_limit, CTLFLAG_RW,
100 &deferred_unmount_retry_limit, 0,
101 "Maximum number of retries for deferred unmount failure");
103 static int deferred_unmount_retry_delay_hz;
104 SYSCTL_INT(_vfs_deferred_unmount, OID_AUTO, retry_delay_hz, CTLFLAG_RW,
105 &deferred_unmount_retry_delay_hz, 0,
106 "Delay in units of [1/kern.hz]s when retrying a failed deferred unmount");
108 static int deferred_unmount_total_retries = 0;
109 SYSCTL_INT(_vfs_deferred_unmount, OID_AUTO, total_retries, CTLFLAG_RD,
110 &deferred_unmount_total_retries, 0,
111 "Total number of retried deferred unmounts");
113 MALLOC_DEFINE(M_MOUNT, "mount", "vfs mount structure");
114 MALLOC_DEFINE(M_STATFS, "statfs", "statfs structure");
115 static uma_zone_t mount_zone;
117 /* List of mounted filesystems. */
118 struct mntlist mountlist = TAILQ_HEAD_INITIALIZER(mountlist);
120 /* For any iteration/modification of mountlist */
121 struct mtx_padalign __exclusive_cache_line mountlist_mtx;
123 EVENTHANDLER_LIST_DEFINE(vfs_mounted);
124 EVENTHANDLER_LIST_DEFINE(vfs_unmounted);
126 static void vfs_deferred_unmount(void *arg, int pending);
127 static struct timeout_task deferred_unmount_task;
128 static struct mtx deferred_unmount_lock;
129 MTX_SYSINIT(deferred_unmount, &deferred_unmount_lock, "deferred_unmount",
131 static STAILQ_HEAD(, mount) deferred_unmount_list =
132 STAILQ_HEAD_INITIALIZER(deferred_unmount_list);
133 TASKQUEUE_DEFINE_THREAD(deferred_unmount);
135 static void mount_devctl_event(const char *type, struct mount *mp, bool donew);
138 * Global opts, taken by all filesystems
140 static const char *global_opts[] = {
152 mount_init(void *mem, int size, int flags)
156 mp = (struct mount *)mem;
157 mtx_init(&mp->mnt_mtx, "struct mount mtx", NULL, MTX_DEF);
158 mtx_init(&mp->mnt_listmtx, "struct mount vlist mtx", NULL, MTX_DEF);
159 lockinit(&mp->mnt_explock, PVFS, "explock", 0, 0);
160 mp->mnt_pcpu = uma_zalloc_pcpu(pcpu_zone_16, M_WAITOK | M_ZERO);
163 mp->mnt_rootvnode = NULL;
168 mount_fini(void *mem, int size)
172 mp = (struct mount *)mem;
173 uma_zfree_pcpu(pcpu_zone_16, mp->mnt_pcpu);
174 lockdestroy(&mp->mnt_explock);
175 mtx_destroy(&mp->mnt_listmtx);
176 mtx_destroy(&mp->mnt_mtx);
180 vfs_mount_init(void *dummy __unused)
182 TIMEOUT_TASK_INIT(taskqueue_deferred_unmount, &deferred_unmount_task,
183 0, vfs_deferred_unmount, NULL);
184 deferred_unmount_retry_delay_hz = hz;
185 mount_zone = uma_zcreate("Mountpoints", sizeof(struct mount), NULL,
186 NULL, mount_init, mount_fini, UMA_ALIGN_CACHE, UMA_ZONE_NOFREE);
187 mtx_init(&mountlist_mtx, "mountlist", NULL, MTX_DEF);
189 SYSINIT(vfs_mount, SI_SUB_VFS, SI_ORDER_ANY, vfs_mount_init, NULL);
192 * ---------------------------------------------------------------------
193 * Functions for building and sanitizing the mount options
196 /* Remove one mount option. */
198 vfs_freeopt(struct vfsoptlist *opts, struct vfsopt *opt)
201 TAILQ_REMOVE(opts, opt, link);
202 free(opt->name, M_MOUNT);
203 if (opt->value != NULL)
204 free(opt->value, M_MOUNT);
208 /* Release all resources related to the mount options. */
210 vfs_freeopts(struct vfsoptlist *opts)
214 while (!TAILQ_EMPTY(opts)) {
215 opt = TAILQ_FIRST(opts);
216 vfs_freeopt(opts, opt);
222 vfs_deleteopt(struct vfsoptlist *opts, const char *name)
224 struct vfsopt *opt, *temp;
228 TAILQ_FOREACH_SAFE(opt, opts, link, temp) {
229 if (strcmp(opt->name, name) == 0)
230 vfs_freeopt(opts, opt);
235 vfs_isopt_ro(const char *opt)
238 if (strcmp(opt, "ro") == 0 || strcmp(opt, "rdonly") == 0 ||
239 strcmp(opt, "norw") == 0)
245 vfs_isopt_rw(const char *opt)
248 if (strcmp(opt, "rw") == 0 || strcmp(opt, "noro") == 0)
254 * Check if options are equal (with or without the "no" prefix).
257 vfs_equalopts(const char *opt1, const char *opt2)
261 /* "opt" vs. "opt" or "noopt" vs. "noopt" */
262 if (strcmp(opt1, opt2) == 0)
264 /* "noopt" vs. "opt" */
265 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0)
267 /* "opt" vs. "noopt" */
268 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0)
270 while ((p = strchr(opt1, '.')) != NULL &&
271 !strncmp(opt1, opt2, ++p - opt1)) {
274 /* "foo.noopt" vs. "foo.opt" */
275 if (strncmp(opt1, "no", 2) == 0 && strcmp(opt1 + 2, opt2) == 0)
277 /* "foo.opt" vs. "foo.noopt" */
278 if (strncmp(opt2, "no", 2) == 0 && strcmp(opt1, opt2 + 2) == 0)
281 /* "ro" / "rdonly" / "norw" / "rw" / "noro" */
282 if ((vfs_isopt_ro(opt1) || vfs_isopt_rw(opt1)) &&
283 (vfs_isopt_ro(opt2) || vfs_isopt_rw(opt2)))
289 * If a mount option is specified several times,
290 * (with or without the "no" prefix) only keep
291 * the last occurrence of it.
294 vfs_sanitizeopts(struct vfsoptlist *opts)
296 struct vfsopt *opt, *opt2, *tmp;
298 TAILQ_FOREACH_REVERSE(opt, opts, vfsoptlist, link) {
299 opt2 = TAILQ_PREV(opt, vfsoptlist, link);
300 while (opt2 != NULL) {
301 if (vfs_equalopts(opt->name, opt2->name)) {
302 tmp = TAILQ_PREV(opt2, vfsoptlist, link);
303 vfs_freeopt(opts, opt2);
306 opt2 = TAILQ_PREV(opt2, vfsoptlist, link);
313 * Build a linked list of mount options from a struct uio.
316 vfs_buildopts(struct uio *auio, struct vfsoptlist **options)
318 struct vfsoptlist *opts;
320 size_t memused, namelen, optlen;
321 unsigned int i, iovcnt;
324 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK);
327 iovcnt = auio->uio_iovcnt;
328 for (i = 0; i < iovcnt; i += 2) {
329 namelen = auio->uio_iov[i].iov_len;
330 optlen = auio->uio_iov[i + 1].iov_len;
331 memused += sizeof(struct vfsopt) + optlen + namelen;
333 * Avoid consuming too much memory, and attempts to overflow
336 if (memused > VFS_MOUNTARG_SIZE_MAX ||
337 optlen > VFS_MOUNTARG_SIZE_MAX ||
338 namelen > VFS_MOUNTARG_SIZE_MAX) {
343 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK);
344 opt->name = malloc(namelen, M_MOUNT, M_WAITOK);
351 * Do this early, so jumps to "bad" will free the current
354 TAILQ_INSERT_TAIL(opts, opt, link);
356 if (auio->uio_segflg == UIO_SYSSPACE) {
357 bcopy(auio->uio_iov[i].iov_base, opt->name, namelen);
359 error = copyin(auio->uio_iov[i].iov_base, opt->name,
364 /* Ensure names are null-terminated strings. */
365 if (namelen == 0 || opt->name[namelen - 1] != '\0') {
371 opt->value = malloc(optlen, M_MOUNT, M_WAITOK);
372 if (auio->uio_segflg == UIO_SYSSPACE) {
373 bcopy(auio->uio_iov[i + 1].iov_base, opt->value,
376 error = copyin(auio->uio_iov[i + 1].iov_base,
383 vfs_sanitizeopts(opts);
392 * Merge the old mount options with the new ones passed
393 * in the MNT_UPDATE case.
395 * XXX: This function will keep a "nofoo" option in the new
396 * options. E.g, if the option's canonical name is "foo",
397 * "nofoo" ends up in the mount point's active options.
400 vfs_mergeopts(struct vfsoptlist *toopts, struct vfsoptlist *oldopts)
402 struct vfsopt *opt, *new;
404 TAILQ_FOREACH(opt, oldopts, link) {
405 new = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK);
406 new->name = strdup(opt->name, M_MOUNT);
408 new->value = malloc(opt->len, M_MOUNT, M_WAITOK);
409 bcopy(opt->value, new->value, opt->len);
413 new->seen = opt->seen;
414 TAILQ_INSERT_HEAD(toopts, new, link);
416 vfs_sanitizeopts(toopts);
420 * Mount a filesystem.
422 #ifndef _SYS_SYSPROTO_H_
430 sys_nmount(struct thread *td, struct nmount_args *uap)
438 * Mount flags are now 64-bits. On 32-bit archtectures only
439 * 32-bits are passed in, but from here on everything handles
440 * 64-bit flags correctly.
444 AUDIT_ARG_FFLAGS(flags);
445 CTR4(KTR_VFS, "%s: iovp %p with iovcnt %d and flags %d", __func__,
446 uap->iovp, uap->iovcnt, flags);
449 * Filter out MNT_ROOTFS. We do not want clients of nmount() in
450 * userspace to set this flag, but we must filter it out if we want
451 * MNT_UPDATE on the root file system to work.
452 * MNT_ROOTFS should only be set by the kernel when mounting its
455 flags &= ~MNT_ROOTFS;
457 iovcnt = uap->iovcnt;
459 * Check that we have an even number of iovec's
460 * and that we have at least two options.
462 if ((iovcnt & 1) || (iovcnt < 4)) {
463 CTR2(KTR_VFS, "%s: failed for invalid iovcnt %d", __func__,
468 error = copyinuio(uap->iovp, iovcnt, &auio);
470 CTR2(KTR_VFS, "%s: failed for invalid uio op with %d errno",
474 error = vfs_donmount(td, flags, auio);
481 * ---------------------------------------------------------------------
482 * Various utility functions
486 * Get a reference on a mount point from a vnode.
488 * The vnode is allowed to be passed unlocked and race against dooming. Note in
489 * such case there are no guarantees the referenced mount point will still be
490 * associated with it after the function returns.
493 vfs_ref_from_vp(struct vnode *vp)
496 struct mount_pcpu *mpcpu;
498 mp = atomic_load_ptr(&vp->v_mount);
499 if (__predict_false(mp == NULL)) {
502 if (vfs_op_thread_enter(mp, mpcpu)) {
503 if (__predict_true(mp == vp->v_mount)) {
504 vfs_mp_count_add_pcpu(mpcpu, ref, 1);
505 vfs_op_thread_exit(mp, mpcpu);
507 vfs_op_thread_exit(mp, mpcpu);
512 if (mp == vp->v_mount) {
524 vfs_ref(struct mount *mp)
526 struct mount_pcpu *mpcpu;
528 CTR2(KTR_VFS, "%s: mp %p", __func__, mp);
529 if (vfs_op_thread_enter(mp, mpcpu)) {
530 vfs_mp_count_add_pcpu(mpcpu, ref, 1);
531 vfs_op_thread_exit(mp, mpcpu);
541 * Register ump as an upper mount of the mount associated with
542 * vnode vp. This registration will be tracked through
543 * mount_upper_node upper, which should be allocated by the
544 * caller and stored in per-mount data associated with mp.
546 * If successful, this function will return the mount associated
547 * with vp, and will ensure that it cannot be unmounted until
548 * ump has been unregistered as one of its upper mounts.
550 * Upon failure this function will return NULL.
553 vfs_register_upper_from_vp(struct vnode *vp, struct mount *ump,
554 struct mount_upper_node *upper)
558 mp = atomic_load_ptr(&vp->v_mount);
562 if (mp != vp->v_mount ||
563 ((mp->mnt_kern_flag & (MNTK_UNMOUNT | MNTK_RECURSE)) != 0)) {
567 KASSERT(ump != mp, ("upper and lower mounts are identical"));
570 TAILQ_INSERT_TAIL(&mp->mnt_uppers, upper, mnt_upper_link);
576 * Register upper mount ump to receive vnode unlink/reclaim
577 * notifications from lower mount mp. This registration will
578 * be tracked through mount_upper_node upper, which should be
579 * allocated by the caller and stored in per-mount data
580 * associated with mp.
582 * ump must already be registered as an upper mount of mp
583 * through a call to vfs_register_upper_from_vp().
586 vfs_register_for_notification(struct mount *mp, struct mount *ump,
587 struct mount_upper_node *upper)
591 TAILQ_INSERT_TAIL(&mp->mnt_notify, upper, mnt_upper_link);
596 vfs_drain_upper_locked(struct mount *mp)
598 mtx_assert(MNT_MTX(mp), MA_OWNED);
599 while (mp->mnt_upper_pending != 0) {
600 mp->mnt_kern_flag |= MNTK_UPPER_WAITER;
601 msleep(&mp->mnt_uppers, MNT_MTX(mp), 0, "mntupw", 0);
606 * Undo a previous call to vfs_register_for_notification().
607 * The mount represented by upper must be currently registered
608 * as an upper mount for mp.
611 vfs_unregister_for_notification(struct mount *mp,
612 struct mount_upper_node *upper)
615 vfs_drain_upper_locked(mp);
616 TAILQ_REMOVE(&mp->mnt_notify, upper, mnt_upper_link);
621 * Undo a previous call to vfs_register_upper_from_vp().
622 * This must be done before mp can be unmounted.
625 vfs_unregister_upper(struct mount *mp, struct mount_upper_node *upper)
628 KASSERT((mp->mnt_kern_flag & MNTK_UNMOUNT) == 0,
629 ("registered upper with pending unmount"));
630 vfs_drain_upper_locked(mp);
631 TAILQ_REMOVE(&mp->mnt_uppers, upper, mnt_upper_link);
632 if ((mp->mnt_kern_flag & MNTK_TASKQUEUE_WAITER) != 0 &&
633 TAILQ_EMPTY(&mp->mnt_uppers)) {
634 mp->mnt_kern_flag &= ~MNTK_TASKQUEUE_WAITER;
635 wakeup(&mp->mnt_taskqueue_link);
642 vfs_rel(struct mount *mp)
644 struct mount_pcpu *mpcpu;
646 CTR2(KTR_VFS, "%s: mp %p", __func__, mp);
647 if (vfs_op_thread_enter(mp, mpcpu)) {
648 vfs_mp_count_sub_pcpu(mpcpu, ref, 1);
649 vfs_op_thread_exit(mp, mpcpu);
659 * Allocate and initialize the mount point struct.
662 vfs_mount_alloc(struct vnode *vp, struct vfsconf *vfsp, const char *fspath,
667 mp = uma_zalloc(mount_zone, M_WAITOK);
668 bzero(&mp->mnt_startzero,
669 __rangeof(struct mount, mnt_startzero, mnt_endzero));
670 mp->mnt_kern_flag = 0;
672 mp->mnt_rootvnode = NULL;
673 mp->mnt_vnodecovered = NULL;
676 TAILQ_INIT(&mp->mnt_nvnodelist);
677 mp->mnt_nvnodelistsize = 0;
678 TAILQ_INIT(&mp->mnt_lazyvnodelist);
679 mp->mnt_lazyvnodelistsize = 0;
680 MPPASS(mp->mnt_ref == 0 && mp->mnt_lockref == 0 &&
681 mp->mnt_writeopcount == 0, mp);
682 MPASSERT(mp->mnt_vfs_ops == 1, mp,
683 ("vfs_ops should be 1 but %d found", mp->mnt_vfs_ops));
684 (void) vfs_busy(mp, MBF_NOWAIT);
685 atomic_add_acq_int(&vfsp->vfc_refcount, 1);
686 mp->mnt_op = vfsp->vfc_vfsops;
688 mp->mnt_stat.f_type = vfsp->vfc_typenum;
690 strlcpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN);
691 mp->mnt_vnodecovered = vp;
692 mp->mnt_cred = crdup(cred);
693 mp->mnt_stat.f_owner = cred->cr_uid;
694 strlcpy(mp->mnt_stat.f_mntonname, fspath, MNAMELEN);
695 mp->mnt_iosize_max = DFLTPHYS;
698 mac_mount_create(cred, mp);
700 arc4rand(&mp->mnt_hashseed, sizeof mp->mnt_hashseed, 0);
701 mp->mnt_upper_pending = 0;
702 TAILQ_INIT(&mp->mnt_uppers);
703 TAILQ_INIT(&mp->mnt_notify);
704 mp->mnt_taskqueue_flags = 0;
705 mp->mnt_unmount_retries = 0;
710 * Destroy the mount struct previously allocated by vfs_mount_alloc().
713 vfs_mount_destroy(struct mount *mp)
716 MPPASS(mp->mnt_vfs_ops != 0, mp);
718 vfs_assert_mount_counters(mp);
721 mp->mnt_kern_flag |= MNTK_REFEXPIRE;
722 if (mp->mnt_kern_flag & MNTK_MWAIT) {
723 mp->mnt_kern_flag &= ~MNTK_MWAIT;
727 msleep(mp, MNT_MTX(mp), PVFS, "mntref", 0);
728 KASSERT(mp->mnt_ref == 0,
729 ("%s: invalid refcount in the drain path @ %s:%d", __func__,
730 __FILE__, __LINE__));
731 MPPASS(mp->mnt_writeopcount == 0, mp);
732 MPPASS(mp->mnt_secondary_writes == 0, mp);
733 atomic_subtract_rel_int(&mp->mnt_vfc->vfc_refcount, 1);
734 if (!TAILQ_EMPTY(&mp->mnt_nvnodelist)) {
737 TAILQ_FOREACH(vp, &mp->mnt_nvnodelist, v_nmntvnodes)
738 vn_printf(vp, "dangling vnode ");
739 panic("unmount: dangling vnode");
741 KASSERT(mp->mnt_upper_pending == 0, ("mnt_upper_pending"));
742 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers"));
743 KASSERT(TAILQ_EMPTY(&mp->mnt_notify), ("mnt_notify"));
744 MPPASS(mp->mnt_nvnodelistsize == 0, mp);
745 MPPASS(mp->mnt_lazyvnodelistsize == 0, mp);
746 MPPASS(mp->mnt_lockref == 0, mp);
749 MPASSERT(mp->mnt_vfs_ops == 1, mp,
750 ("vfs_ops should be 1 but %d found", mp->mnt_vfs_ops));
752 MPASSERT(mp->mnt_rootvnode == NULL, mp,
753 ("mount point still has a root vnode %p", mp->mnt_rootvnode));
755 if (mp->mnt_vnodecovered != NULL)
756 vrele(mp->mnt_vnodecovered);
758 mac_mount_destroy(mp);
760 if (mp->mnt_opt != NULL)
761 vfs_freeopts(mp->mnt_opt);
762 if (mp->mnt_exjail != NULL) {
763 atomic_subtract_int(&mp->mnt_exjail->cr_prison->pr_exportcnt,
765 crfree(mp->mnt_exjail);
767 if (mp->mnt_export != NULL) {
768 vfs_free_addrlist(mp->mnt_export);
769 free(mp->mnt_export, M_MOUNT);
771 crfree(mp->mnt_cred);
772 uma_zfree(mount_zone, mp);
776 vfs_should_downgrade_to_ro_mount(uint64_t fsflags, int error)
778 /* This is an upgrade of an exisiting mount. */
779 if ((fsflags & MNT_UPDATE) != 0)
781 /* This is already an R/O mount. */
782 if ((fsflags & MNT_RDONLY) != 0)
786 case ENODEV: /* generic, geom, ... */
787 case EACCES: /* cam/scsi, ... */
788 case EROFS: /* md, mmcsd, ... */
790 * These errors can be returned by the storage layer to signal
791 * that the media is read-only. No harm in the R/O mount
792 * attempt if the error was returned for some other reason.
801 vfs_donmount(struct thread *td, uint64_t fsflags, struct uio *fsoptions)
803 struct vfsoptlist *optlist;
804 struct vfsopt *opt, *tmp_opt;
805 char *fstype, *fspath, *errmsg;
806 int error, fstypelen, fspathlen, errmsg_len, errmsg_pos;
807 bool autoro, has_nonexport, jail_export;
809 errmsg = fspath = NULL;
810 errmsg_len = fspathlen = 0;
812 autoro = default_autoro;
814 error = vfs_buildopts(fsoptions, &optlist);
818 if (vfs_getopt(optlist, "errmsg", (void **)&errmsg, &errmsg_len) == 0)
819 errmsg_pos = vfs_getopt_pos(optlist, "errmsg");
822 * We need these two options before the others,
823 * and they are mandatory for any filesystem.
824 * Ensure they are NUL terminated as well.
827 error = vfs_getopt(optlist, "fstype", (void **)&fstype, &fstypelen);
828 if (error || fstypelen <= 0 || fstype[fstypelen - 1] != '\0') {
831 strncpy(errmsg, "Invalid fstype", errmsg_len);
835 error = vfs_getopt(optlist, "fspath", (void **)&fspath, &fspathlen);
836 if (error || fspathlen <= 0 || fspath[fspathlen - 1] != '\0') {
839 strncpy(errmsg, "Invalid fspath", errmsg_len);
844 * Check to see that "export" is only used with the "update", "fstype",
845 * "fspath", "from" and "errmsg" options when in a vnet jail.
846 * These are the ones used to set/update exports by mountd(8).
847 * If only the above options are set in a jail that can run mountd(8),
848 * then the jail_export argument of vfs_domount() will be true.
849 * When jail_export is true, the vfs_suser() check does not cause
850 * failure, but limits the update to exports only.
851 * This allows mountd(8) running within the vnet jail
852 * to export file systems visible within the jail, but
853 * mounted outside of the jail.
856 * We need to see if we have the "update" option
857 * before we call vfs_domount(), since vfs_domount() has special
858 * logic based on MNT_UPDATE. This is very important
859 * when we want to update the root filesystem.
861 has_nonexport = false;
863 TAILQ_FOREACH_SAFE(opt, optlist, link, tmp_opt) {
866 if (jailed(td->td_ucred) &&
867 strcmp(opt->name, "export") != 0 &&
868 strcmp(opt->name, "update") != 0 &&
869 strcmp(opt->name, "fstype") != 0 &&
870 strcmp(opt->name, "fspath") != 0 &&
871 strcmp(opt->name, "from") != 0 &&
872 strcmp(opt->name, "errmsg") != 0)
873 has_nonexport = true;
874 if (strcmp(opt->name, "update") == 0) {
875 fsflags |= MNT_UPDATE;
878 else if (strcmp(opt->name, "async") == 0)
879 fsflags |= MNT_ASYNC;
880 else if (strcmp(opt->name, "force") == 0) {
881 fsflags |= MNT_FORCE;
884 else if (strcmp(opt->name, "reload") == 0) {
885 fsflags |= MNT_RELOAD;
888 else if (strcmp(opt->name, "multilabel") == 0)
889 fsflags |= MNT_MULTILABEL;
890 else if (strcmp(opt->name, "noasync") == 0)
891 fsflags &= ~MNT_ASYNC;
892 else if (strcmp(opt->name, "noatime") == 0)
893 fsflags |= MNT_NOATIME;
894 else if (strcmp(opt->name, "atime") == 0) {
895 free(opt->name, M_MOUNT);
896 opt->name = strdup("nonoatime", M_MOUNT);
898 else if (strcmp(opt->name, "noclusterr") == 0)
899 fsflags |= MNT_NOCLUSTERR;
900 else if (strcmp(opt->name, "clusterr") == 0) {
901 free(opt->name, M_MOUNT);
902 opt->name = strdup("nonoclusterr", M_MOUNT);
904 else if (strcmp(opt->name, "noclusterw") == 0)
905 fsflags |= MNT_NOCLUSTERW;
906 else if (strcmp(opt->name, "clusterw") == 0) {
907 free(opt->name, M_MOUNT);
908 opt->name = strdup("nonoclusterw", M_MOUNT);
910 else if (strcmp(opt->name, "noexec") == 0)
911 fsflags |= MNT_NOEXEC;
912 else if (strcmp(opt->name, "exec") == 0) {
913 free(opt->name, M_MOUNT);
914 opt->name = strdup("nonoexec", M_MOUNT);
916 else if (strcmp(opt->name, "nosuid") == 0)
917 fsflags |= MNT_NOSUID;
918 else if (strcmp(opt->name, "suid") == 0) {
919 free(opt->name, M_MOUNT);
920 opt->name = strdup("nonosuid", M_MOUNT);
922 else if (strcmp(opt->name, "nosymfollow") == 0)
923 fsflags |= MNT_NOSYMFOLLOW;
924 else if (strcmp(opt->name, "symfollow") == 0) {
925 free(opt->name, M_MOUNT);
926 opt->name = strdup("nonosymfollow", M_MOUNT);
928 else if (strcmp(opt->name, "noro") == 0) {
929 fsflags &= ~MNT_RDONLY;
932 else if (strcmp(opt->name, "rw") == 0) {
933 fsflags &= ~MNT_RDONLY;
936 else if (strcmp(opt->name, "ro") == 0) {
937 fsflags |= MNT_RDONLY;
940 else if (strcmp(opt->name, "rdonly") == 0) {
941 free(opt->name, M_MOUNT);
942 opt->name = strdup("ro", M_MOUNT);
943 fsflags |= MNT_RDONLY;
946 else if (strcmp(opt->name, "autoro") == 0) {
950 else if (strcmp(opt->name, "suiddir") == 0)
951 fsflags |= MNT_SUIDDIR;
952 else if (strcmp(opt->name, "sync") == 0)
953 fsflags |= MNT_SYNCHRONOUS;
954 else if (strcmp(opt->name, "union") == 0)
955 fsflags |= MNT_UNION;
956 else if (strcmp(opt->name, "export") == 0) {
957 fsflags |= MNT_EXPORTED;
959 } else if (strcmp(opt->name, "automounted") == 0) {
960 fsflags |= MNT_AUTOMOUNTED;
962 } else if (strcmp(opt->name, "nocover") == 0) {
963 fsflags |= MNT_NOCOVER;
965 } else if (strcmp(opt->name, "cover") == 0) {
966 fsflags &= ~MNT_NOCOVER;
968 } else if (strcmp(opt->name, "emptydir") == 0) {
969 fsflags |= MNT_EMPTYDIR;
971 } else if (strcmp(opt->name, "noemptydir") == 0) {
972 fsflags &= ~MNT_EMPTYDIR;
976 vfs_freeopt(optlist, opt);
980 * Be ultra-paranoid about making sure the type and fspath
981 * variables will fit in our mp buffers, including the
984 if (fstypelen > MFSNAMELEN || fspathlen > MNAMELEN) {
985 error = ENAMETOOLONG;
990 * If has_nonexport is true or the caller is not running within a
991 * vnet prison that can run mountd(8), set jail_export false.
993 if (has_nonexport || !jailed(td->td_ucred) ||
994 !prison_check_nfsd(td->td_ucred))
997 error = vfs_domount(td, fstype, fspath, fsflags, jail_export, &optlist);
998 if (error == ENODEV) {
1001 strncpy(errmsg, "Invalid fstype", errmsg_len);
1006 * See if we can mount in the read-only mode if the error code suggests
1007 * that it could be possible and the mount options allow for that.
1008 * Never try it if "[no]{ro|rw}" has been explicitly requested and not
1009 * overridden by "autoro".
1011 if (autoro && vfs_should_downgrade_to_ro_mount(fsflags, error)) {
1012 printf("%s: R/W mount failed, possibly R/O media,"
1013 " trying R/O mount\n", __func__);
1014 fsflags |= MNT_RDONLY;
1015 error = vfs_domount(td, fstype, fspath, fsflags, jail_export,
1019 /* copyout the errmsg */
1020 if (errmsg_pos != -1 && ((2 * errmsg_pos + 1) < fsoptions->uio_iovcnt)
1021 && errmsg_len > 0 && errmsg != NULL) {
1022 if (fsoptions->uio_segflg == UIO_SYSSPACE) {
1024 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base,
1025 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len);
1028 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_base,
1029 fsoptions->uio_iov[2 * errmsg_pos + 1].iov_len);
1033 if (optlist != NULL)
1034 vfs_freeopts(optlist);
1041 #ifndef _SYS_SYSPROTO_H_
1051 sys_mount(struct thread *td, struct mount_args *uap)
1054 struct vfsconf *vfsp = NULL;
1055 struct mntarg *ma = NULL;
1060 * Mount flags are now 64-bits. On 32-bit architectures only
1061 * 32-bits are passed in, but from here on everything handles
1062 * 64-bit flags correctly.
1066 AUDIT_ARG_FFLAGS(flags);
1069 * Filter out MNT_ROOTFS. We do not want clients of mount() in
1070 * userspace to set this flag, but we must filter it out if we want
1071 * MNT_UPDATE on the root file system to work.
1072 * MNT_ROOTFS should only be set by the kernel when mounting its
1075 flags &= ~MNT_ROOTFS;
1077 fstype = malloc(MFSNAMELEN, M_TEMP, M_WAITOK);
1078 error = copyinstr(uap->type, fstype, MFSNAMELEN, NULL);
1080 free(fstype, M_TEMP);
1084 AUDIT_ARG_TEXT(fstype);
1085 vfsp = vfs_byname_kld(fstype, td, &error);
1086 free(fstype, M_TEMP);
1089 if (((vfsp->vfc_flags & VFCF_SBDRY) != 0 &&
1090 vfsp->vfc_vfsops_sd->vfs_cmount == NULL) ||
1091 ((vfsp->vfc_flags & VFCF_SBDRY) == 0 &&
1092 vfsp->vfc_vfsops->vfs_cmount == NULL))
1093 return (EOPNOTSUPP);
1095 ma = mount_argsu(ma, "fstype", uap->type, MFSNAMELEN);
1096 ma = mount_argsu(ma, "fspath", uap->path, MNAMELEN);
1097 ma = mount_argb(ma, flags & MNT_RDONLY, "noro");
1098 ma = mount_argb(ma, !(flags & MNT_NOSUID), "nosuid");
1099 ma = mount_argb(ma, !(flags & MNT_NOEXEC), "noexec");
1101 if ((vfsp->vfc_flags & VFCF_SBDRY) != 0)
1102 return (vfsp->vfc_vfsops_sd->vfs_cmount(ma, uap->data, flags));
1103 return (vfsp->vfc_vfsops->vfs_cmount(ma, uap->data, flags));
1107 * vfs_domount_first(): first file system mount (not update)
1111 struct thread *td, /* Calling thread. */
1112 struct vfsconf *vfsp, /* File system type. */
1113 char *fspath, /* Mount path. */
1114 struct vnode *vp, /* Vnode to be covered. */
1115 uint64_t fsflags, /* Flags common to all filesystems. */
1116 struct vfsoptlist **optlist /* Options local to the filesystem. */
1121 struct vnode *newdp, *rootvp;
1125 ASSERT_VOP_ELOCKED(vp, __func__);
1126 KASSERT((fsflags & MNT_UPDATE) == 0, ("MNT_UPDATE shouldn't be here"));
1129 * If the jail of the calling thread lacks permission for this type of
1130 * file system, or is trying to cover its own root, deny immediately.
1132 if (jailed(td->td_ucred) && (!prison_allow(td->td_ucred,
1133 vfsp->vfc_prison_flag) || vp == td->td_ucred->cr_prison->pr_root)) {
1139 * If the user is not root, ensure that they own the directory
1140 * onto which we are attempting to mount.
1142 error = VOP_GETATTR(vp, &va, td->td_ucred);
1143 if (error == 0 && va.va_uid != td->td_ucred->cr_uid)
1144 error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN);
1146 error = vinvalbuf(vp, V_SAVE, 0, 0);
1147 if (vfsp->vfc_flags & VFCF_FILEMOUNT) {
1148 if (error == 0 && vp->v_type != VDIR && vp->v_type != VREG)
1151 * For file mounts, ensure that there is only one hardlink to the file.
1153 if (error == 0 && vp->v_type == VREG && va.va_nlink != 1)
1156 if (error == 0 && vp->v_type != VDIR)
1159 if (error == 0 && (fsflags & MNT_EMPTYDIR) != 0)
1160 error = vn_dir_check_empty(vp);
1163 if ((vp->v_iflag & VI_MOUNT) == 0 && vp->v_mountedhere == NULL)
1164 vp->v_iflag |= VI_MOUNT;
1173 vn_seqc_write_begin(vp);
1176 /* Allocate and initialize the filesystem. */
1177 mp = vfs_mount_alloc(vp, vfsp, fspath, td->td_ucred);
1178 /* XXXMAC: pass to vfs_mount_alloc? */
1179 mp->mnt_optnew = *optlist;
1180 /* Set the mount level flags. */
1181 mp->mnt_flag = (fsflags &
1182 (MNT_UPDATEMASK | MNT_ROOTFS | MNT_RDONLY | MNT_FORCE));
1185 * Mount the filesystem.
1186 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they
1187 * get. No freeing of cn_pnbuf.
1191 if ((error = VFS_MOUNT(mp)) != 0 ||
1192 (error1 = VFS_STATFS(mp, &mp->mnt_stat)) != 0 ||
1193 (error1 = VFS_ROOT(mp, LK_EXCLUSIVE, &newdp)) != 0) {
1197 rootvp = vfs_cache_root_clear(mp);
1198 if (rootvp != NULL) {
1202 (void)vn_start_write(NULL, &mp, V_WAIT);
1204 mp->mnt_kern_flag |= MNTK_UNMOUNT | MNTK_UNMOUNTF;
1207 error = VFS_UNMOUNT(mp, 0);
1208 vn_finished_write(mp);
1211 "failed post-mount (%d): rollback unmount returned %d\n",
1218 mp->mnt_vnodecovered = NULL;
1220 /* XXXKIB wait for mnt_lockref drain? */
1221 vfs_mount_destroy(mp);
1224 vp->v_iflag &= ~VI_MOUNT;
1226 if (rootvp != NULL) {
1227 vn_seqc_write_end(rootvp);
1230 vn_seqc_write_end(vp);
1234 vn_seqc_write_begin(newdp);
1237 if (mp->mnt_opt != NULL)
1238 vfs_freeopts(mp->mnt_opt);
1239 mp->mnt_opt = mp->mnt_optnew;
1243 * Prevent external consumers of mount options from reading mnt_optnew.
1245 mp->mnt_optnew = NULL;
1248 if ((mp->mnt_flag & MNT_ASYNC) != 0 &&
1249 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0)
1250 mp->mnt_kern_flag |= MNTK_ASYNC;
1252 mp->mnt_kern_flag &= ~MNTK_ASYNC;
1256 * VIRF_MOUNTPOINT and v_mountedhere need to be set under the
1257 * vp lock to satisfy vfs_lookup() requirements.
1259 VOP_LOCK(vp, LK_EXCLUSIVE | LK_RETRY);
1261 vn_irflag_set_locked(vp, VIRF_MOUNTPOINT);
1262 vp->v_mountedhere = mp;
1268 * We need to lock both vnodes.
1270 * Use vn_lock_pair to avoid establishing an ordering between vnodes
1271 * from different filesystems.
1273 vn_lock_pair(vp, false, LK_EXCLUSIVE, newdp, false, LK_EXCLUSIVE);
1276 vp->v_iflag &= ~VI_MOUNT;
1278 /* Place the new filesystem at the end of the mount list. */
1279 mtx_lock(&mountlist_mtx);
1280 TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list);
1281 mtx_unlock(&mountlist_mtx);
1282 vfs_event_signal(NULL, VQ_MOUNT, 0);
1284 EVENTHANDLER_DIRECT_INVOKE(vfs_mounted, mp, newdp, td);
1286 mount_devctl_event("MOUNT", mp, false);
1287 mountcheckdirs(vp, newdp);
1288 vn_seqc_write_end(vp);
1289 vn_seqc_write_end(newdp);
1291 if ((mp->mnt_flag & MNT_RDONLY) == 0)
1292 vfs_allocate_syncvnode(mp);
1299 * vfs_domount_update(): update of mounted file system
1303 struct thread *td, /* Calling thread. */
1304 struct vnode *vp, /* Mount point vnode. */
1305 uint64_t fsflags, /* Flags common to all filesystems. */
1306 bool jail_export, /* Got export option in vnet prison. */
1307 struct vfsoptlist **optlist /* Options local to the filesystem. */
1310 struct export_args export;
1311 struct o2export_args o2export;
1312 struct vnode *rootvp;
1315 int error, export_error, i, len, fsid_up_len;
1319 bool vfs_suser_failed;
1321 ASSERT_VOP_ELOCKED(vp, __func__);
1322 KASSERT((fsflags & MNT_UPDATE) != 0, ("MNT_UPDATE should be here"));
1325 if ((vp->v_vflag & VV_ROOT) == 0) {
1326 if (vfs_copyopt(*optlist, "export", &export, sizeof(export))
1336 * We only allow the filesystem to be reloaded if it
1337 * is currently mounted read-only.
1339 flag = mp->mnt_flag;
1340 if ((fsflags & MNT_RELOAD) != 0 && (flag & MNT_RDONLY) == 0) {
1342 return (EOPNOTSUPP); /* Needs translation */
1345 * Only privileged root, or (if MNT_USER is set) the user that
1346 * did the original mount is permitted to update it.
1349 * For the case of mountd(8) doing exports in a jail, the vfs_suser()
1350 * call does not cause failure. vfs_domount() has already checked
1351 * that "root" is doing this and vfs_suser() will fail when
1352 * the file system has been mounted outside the jail.
1353 * jail_export set true indicates that "export" is not mixed
1354 * with other options that change mount behaviour.
1356 vfs_suser_failed = false;
1357 error = vfs_suser(mp, td);
1358 if (jail_export && error != 0) {
1360 vfs_suser_failed = true;
1366 if (vfs_busy(mp, MBF_NOWAIT)) {
1371 if ((vp->v_iflag & VI_MOUNT) != 0 || vp->v_mountedhere != NULL) {
1377 vp->v_iflag |= VI_MOUNT;
1383 vn_seqc_write_begin(vp);
1385 if (vfs_getopt(*optlist, "fsid", (void **)&fsid_up,
1386 &fsid_up_len) == 0) {
1387 if (fsid_up_len != sizeof(*fsid_up)) {
1391 if (fsidcmp(&fsid_up, &mp->mnt_stat.f_fsid) != 0) {
1395 vfs_deleteopt(*optlist, "fsid");
1399 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0) {
1404 if (vfs_suser_failed) {
1405 KASSERT((fsflags & (MNT_EXPORTED | MNT_UPDATE)) ==
1406 (MNT_EXPORTED | MNT_UPDATE),
1407 ("%s: jailed export did not set expected fsflags",
1410 * For this case, only MNT_UPDATE and
1411 * MNT_EXPORTED have been set in fsflags
1412 * by the options. Only set MNT_UPDATE,
1413 * since that is the one that would be set
1414 * when set in fsflags, below.
1416 mp->mnt_flag |= MNT_UPDATE;
1418 mp->mnt_flag &= ~MNT_UPDATEMASK;
1419 mp->mnt_flag |= fsflags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE |
1420 MNT_SNAPSHOT | MNT_ROOTFS | MNT_UPDATEMASK | MNT_RDONLY);
1421 if ((mp->mnt_flag & MNT_ASYNC) == 0)
1422 mp->mnt_kern_flag &= ~MNTK_ASYNC;
1424 rootvp = vfs_cache_root_clear(mp);
1426 mp->mnt_optnew = *optlist;
1427 vfs_mergeopts(mp->mnt_optnew, mp->mnt_opt);
1430 * Mount the filesystem.
1431 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they
1432 * get. No freeing of cn_pnbuf.
1435 * For the case of mountd(8) doing exports from within a vnet jail,
1436 * "from" is typically not set correctly such that VFS_MOUNT() will
1437 * return ENOENT. It is not obvious that VFS_MOUNT() ever needs to be
1438 * called when mountd is doing exports, but this check only applies to
1439 * the specific case where it is running inside a vnet jail, to
1440 * avoid any POLA violation.
1444 error = VFS_MOUNT(mp);
1447 /* Process the export option. */
1448 if (error == 0 && vfs_getopt(mp->mnt_optnew, "export", &bufp,
1450 /* Assume that there is only 1 ABI for each length. */
1452 case (sizeof(struct oexport_args)):
1453 bzero(&o2export, sizeof(o2export));
1455 case (sizeof(o2export)):
1456 bcopy(bufp, &o2export, len);
1457 export.ex_flags = (uint64_t)o2export.ex_flags;
1458 export.ex_root = o2export.ex_root;
1459 export.ex_uid = o2export.ex_anon.cr_uid;
1460 export.ex_groups = NULL;
1461 export.ex_ngroups = o2export.ex_anon.cr_ngroups;
1462 if (export.ex_ngroups > 0) {
1463 if (export.ex_ngroups <= XU_NGROUPS) {
1464 export.ex_groups = malloc(
1465 export.ex_ngroups * sizeof(gid_t),
1467 for (i = 0; i < export.ex_ngroups; i++)
1468 export.ex_groups[i] =
1469 o2export.ex_anon.cr_groups[i];
1471 export_error = EINVAL;
1472 } else if (export.ex_ngroups < 0)
1473 export_error = EINVAL;
1474 export.ex_addr = o2export.ex_addr;
1475 export.ex_addrlen = o2export.ex_addrlen;
1476 export.ex_mask = o2export.ex_mask;
1477 export.ex_masklen = o2export.ex_masklen;
1478 export.ex_indexfile = o2export.ex_indexfile;
1479 export.ex_numsecflavors = o2export.ex_numsecflavors;
1480 if (export.ex_numsecflavors < MAXSECFLAVORS) {
1481 for (i = 0; i < export.ex_numsecflavors; i++)
1482 export.ex_secflavors[i] =
1483 o2export.ex_secflavors[i];
1485 export_error = EINVAL;
1486 if (export_error == 0)
1487 export_error = vfs_export(mp, &export, true);
1488 free(export.ex_groups, M_TEMP);
1490 case (sizeof(export)):
1491 bcopy(bufp, &export, len);
1493 if (export.ex_ngroups > 0) {
1494 if (export.ex_ngroups <= NGROUPS_MAX) {
1495 grps = malloc(export.ex_ngroups *
1496 sizeof(gid_t), M_TEMP, M_WAITOK);
1497 export_error = copyin(export.ex_groups,
1498 grps, export.ex_ngroups *
1500 if (export_error == 0)
1501 export.ex_groups = grps;
1503 export_error = EINVAL;
1504 } else if (export.ex_ngroups == 0)
1505 export.ex_groups = NULL;
1507 export_error = EINVAL;
1508 if (export_error == 0)
1509 export_error = vfs_export(mp, &export, true);
1513 export_error = EINVAL;
1520 mp->mnt_flag &= ~(MNT_UPDATE | MNT_RELOAD | MNT_FORCE |
1524 * If we fail, restore old mount flags. MNT_QUOTA is special,
1525 * because it is not part of MNT_UPDATEMASK, but it could have
1526 * changed in the meantime if quotactl(2) was called.
1527 * All in all we want current value of MNT_QUOTA, not the old
1530 mp->mnt_flag = (mp->mnt_flag & MNT_QUOTA) | (flag & ~MNT_QUOTA);
1532 if ((mp->mnt_flag & MNT_ASYNC) != 0 &&
1533 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0)
1534 mp->mnt_kern_flag |= MNTK_ASYNC;
1536 mp->mnt_kern_flag &= ~MNTK_ASYNC;
1542 mount_devctl_event("REMOUNT", mp, true);
1543 if (mp->mnt_opt != NULL)
1544 vfs_freeopts(mp->mnt_opt);
1545 mp->mnt_opt = mp->mnt_optnew;
1547 (void)VFS_STATFS(mp, &mp->mnt_stat);
1549 * Prevent external consumers of mount options from reading
1552 mp->mnt_optnew = NULL;
1554 if ((mp->mnt_flag & MNT_RDONLY) == 0)
1555 vfs_allocate_syncvnode(mp);
1557 vfs_deallocate_syncvnode(mp);
1560 if (rootvp != NULL) {
1561 vn_seqc_write_end(rootvp);
1564 vn_seqc_write_end(vp);
1567 vp->v_iflag &= ~VI_MOUNT;
1570 return (error != 0 ? error : export_error);
1574 * vfs_domount(): actually attempt a filesystem mount.
1578 struct thread *td, /* Calling thread. */
1579 const char *fstype, /* Filesystem type. */
1580 char *fspath, /* Mount path. */
1581 uint64_t fsflags, /* Flags common to all filesystems. */
1582 bool jail_export, /* Got export option in vnet prison. */
1583 struct vfsoptlist **optlist /* Options local to the filesystem. */
1586 struct vfsconf *vfsp;
1587 struct nameidata nd;
1593 * Be ultra-paranoid about making sure the type and fspath
1594 * variables will fit in our mp buffers, including the
1597 if (strlen(fstype) >= MFSNAMELEN || strlen(fspath) >= MNAMELEN)
1598 return (ENAMETOOLONG);
1601 error = priv_check(td, PRIV_NFS_DAEMON);
1604 } else if (jailed(td->td_ucred) || usermount == 0) {
1605 if ((error = priv_check(td, PRIV_VFS_MOUNT)) != 0)
1610 * Do not allow NFS export or MNT_SUIDDIR by unprivileged users.
1612 if (fsflags & MNT_EXPORTED) {
1613 error = priv_check(td, PRIV_VFS_MOUNT_EXPORTED);
1617 if (fsflags & MNT_SUIDDIR) {
1618 error = priv_check(td, PRIV_VFS_MOUNT_SUIDDIR);
1623 * Silently enforce MNT_NOSUID and MNT_USER for unprivileged users.
1625 if ((fsflags & (MNT_NOSUID | MNT_USER)) != (MNT_NOSUID | MNT_USER)) {
1626 if (priv_check(td, PRIV_VFS_MOUNT_NONUSER) != 0)
1627 fsflags |= MNT_NOSUID | MNT_USER;
1630 /* Load KLDs before we lock the covered vnode to avoid reversals. */
1632 if ((fsflags & MNT_UPDATE) == 0) {
1633 /* Don't try to load KLDs if we're mounting the root. */
1634 if (fsflags & MNT_ROOTFS) {
1635 if ((vfsp = vfs_byname(fstype)) == NULL)
1638 if ((vfsp = vfs_byname_kld(fstype, td, &error)) == NULL)
1644 * Get vnode to be covered or mount point's vnode in case of MNT_UPDATE.
1646 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1 | WANTPARENT,
1647 UIO_SYSSPACE, fspath);
1653 * Don't allow stacking file mounts to work around problems with the way
1654 * that namei sets nd.ni_dvp to vp_crossmp for these.
1656 if (vp->v_type == VREG)
1657 fsflags |= MNT_NOCOVER;
1658 if ((fsflags & MNT_UPDATE) == 0) {
1659 if ((vp->v_vflag & VV_ROOT) != 0 &&
1660 (fsflags & MNT_NOCOVER) != 0) {
1665 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK);
1666 strcpy(pathbuf, fspath);
1668 * Note: we allow any vnode type here. If the path sanity check
1669 * succeeds, the type will be validated in vfs_domount_first
1672 if (vp->v_type == VDIR)
1673 error = vn_path_to_global_path(td, vp, pathbuf,
1676 error = vn_path_to_global_path_hardlink(td, vp,
1677 nd.ni_dvp, pathbuf, MNAMELEN,
1678 nd.ni_cnd.cn_nameptr, nd.ni_cnd.cn_namelen);
1680 error = vfs_domount_first(td, vfsp, pathbuf, vp,
1683 free(pathbuf, M_TEMP);
1685 error = vfs_domount_update(td, vp, fsflags, jail_export,
1696 * Unmount a filesystem.
1698 * Note: unmount takes a path to the vnode mounted on as argument, not
1699 * special file (as before).
1701 #ifndef _SYS_SYSPROTO_H_
1702 struct unmount_args {
1709 sys_unmount(struct thread *td, struct unmount_args *uap)
1712 return (kern_unmount(td, uap->path, uap->flags));
1716 kern_unmount(struct thread *td, const char *path, int flags)
1718 struct nameidata nd;
1720 char *fsidbuf, *pathbuf;
1724 AUDIT_ARG_VALUE(flags);
1725 if (jailed(td->td_ucred) || usermount == 0) {
1726 error = priv_check(td, PRIV_VFS_UNMOUNT);
1731 if (flags & MNT_BYFSID) {
1732 fsidbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK);
1733 error = copyinstr(path, fsidbuf, MNAMELEN, NULL);
1735 free(fsidbuf, M_TEMP);
1739 AUDIT_ARG_TEXT(fsidbuf);
1740 /* Decode the filesystem ID. */
1741 if (sscanf(fsidbuf, "FSID:%d:%d", &fsid.val[0], &fsid.val[1]) != 2) {
1742 free(fsidbuf, M_TEMP);
1746 mp = vfs_getvfs(&fsid);
1747 free(fsidbuf, M_TEMP);
1752 pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK);
1753 error = copyinstr(path, pathbuf, MNAMELEN, NULL);
1755 free(pathbuf, M_TEMP);
1760 * Try to find global path for path argument.
1762 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1,
1763 UIO_SYSSPACE, pathbuf);
1764 if (namei(&nd) == 0) {
1766 error = vn_path_to_global_path(td, nd.ni_vp, pathbuf,
1771 mtx_lock(&mountlist_mtx);
1772 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) {
1773 if (strcmp(mp->mnt_stat.f_mntonname, pathbuf) == 0) {
1778 mtx_unlock(&mountlist_mtx);
1779 free(pathbuf, M_TEMP);
1782 * Previously we returned ENOENT for a nonexistent path and
1783 * EINVAL for a non-mountpoint. We cannot tell these apart
1784 * now, so in the !MNT_BYFSID case return the more likely
1785 * EINVAL for compatibility.
1792 * Don't allow unmounting the root filesystem.
1794 if (mp->mnt_flag & MNT_ROOTFS) {
1798 error = dounmount(mp, flags, td);
1803 * Return error if any of the vnodes, ignoring the root vnode
1804 * and the syncer vnode, have non-zero usecount.
1806 * This function is purely advisory - it can return false positives
1810 vfs_check_usecounts(struct mount *mp)
1812 struct vnode *vp, *mvp;
1814 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) {
1815 if ((vp->v_vflag & VV_ROOT) == 0 && vp->v_type != VNON &&
1816 vp->v_usecount != 0) {
1818 MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp);
1828 dounmount_cleanup(struct mount *mp, struct vnode *coveredvp, int mntkflags)
1831 mtx_assert(MNT_MTX(mp), MA_OWNED);
1832 mp->mnt_kern_flag &= ~mntkflags;
1833 if ((mp->mnt_kern_flag & MNTK_MWAIT) != 0) {
1834 mp->mnt_kern_flag &= ~MNTK_MWAIT;
1837 vfs_op_exit_locked(mp);
1839 if (coveredvp != NULL) {
1840 VOP_UNLOCK(coveredvp);
1843 vn_finished_write(mp);
1848 * There are various reference counters associated with the mount point.
1849 * Normally it is permitted to modify them without taking the mnt ilock,
1850 * but this behavior can be temporarily disabled if stable value is needed
1851 * or callers are expected to block (e.g. to not allow new users during
1855 vfs_op_enter(struct mount *mp)
1857 struct mount_pcpu *mpcpu;
1862 if (mp->mnt_vfs_ops > 1) {
1866 vfs_op_barrier_wait(mp);
1868 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
1870 mp->mnt_ref += mpcpu->mntp_ref;
1871 mpcpu->mntp_ref = 0;
1873 mp->mnt_lockref += mpcpu->mntp_lockref;
1874 mpcpu->mntp_lockref = 0;
1876 mp->mnt_writeopcount += mpcpu->mntp_writeopcount;
1877 mpcpu->mntp_writeopcount = 0;
1879 MPASSERT(mp->mnt_ref > 0 && mp->mnt_lockref >= 0 &&
1880 mp->mnt_writeopcount >= 0, mp,
1881 ("invalid count(s): ref %d lockref %d writeopcount %d",
1882 mp->mnt_ref, mp->mnt_lockref, mp->mnt_writeopcount));
1884 vfs_assert_mount_counters(mp);
1888 vfs_op_exit_locked(struct mount *mp)
1891 mtx_assert(MNT_MTX(mp), MA_OWNED);
1893 MPASSERT(mp->mnt_vfs_ops > 0, mp,
1894 ("invalid vfs_ops count %d", mp->mnt_vfs_ops));
1895 MPASSERT(mp->mnt_vfs_ops > 1 ||
1896 (mp->mnt_kern_flag & (MNTK_UNMOUNT | MNTK_SUSPEND)) == 0, mp,
1897 ("vfs_ops too low %d in unmount or suspend", mp->mnt_vfs_ops));
1902 vfs_op_exit(struct mount *mp)
1906 vfs_op_exit_locked(mp);
1910 struct vfs_op_barrier_ipi {
1912 struct smp_rendezvous_cpus_retry_arg srcra;
1916 vfs_op_action_func(void *arg)
1918 struct vfs_op_barrier_ipi *vfsopipi;
1921 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra);
1924 if (!vfs_op_thread_entered(mp))
1925 smp_rendezvous_cpus_done(arg);
1929 vfs_op_wait_func(void *arg, int cpu)
1931 struct vfs_op_barrier_ipi *vfsopipi;
1933 struct mount_pcpu *mpcpu;
1935 vfsopipi = __containerof(arg, struct vfs_op_barrier_ipi, srcra);
1938 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
1939 while (atomic_load_int(&mpcpu->mntp_thread_in_ops))
1944 vfs_op_barrier_wait(struct mount *mp)
1946 struct vfs_op_barrier_ipi vfsopipi;
1950 smp_rendezvous_cpus_retry(all_cpus,
1951 smp_no_rendezvous_barrier,
1953 smp_no_rendezvous_barrier,
1960 vfs_assert_mount_counters(struct mount *mp)
1962 struct mount_pcpu *mpcpu;
1965 if (mp->mnt_vfs_ops == 0)
1969 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
1970 if (mpcpu->mntp_ref != 0 ||
1971 mpcpu->mntp_lockref != 0 ||
1972 mpcpu->mntp_writeopcount != 0)
1973 vfs_dump_mount_counters(mp);
1978 vfs_dump_mount_counters(struct mount *mp)
1980 struct mount_pcpu *mpcpu;
1981 int ref, lockref, writeopcount;
1984 printf("%s: mp %p vfs_ops %d\n", __func__, mp, mp->mnt_vfs_ops);
1989 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
1990 printf("%d ", mpcpu->mntp_ref);
1991 ref += mpcpu->mntp_ref;
1994 printf(" lockref : ");
1995 lockref = mp->mnt_lockref;
1997 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
1998 printf("%d ", mpcpu->mntp_lockref);
1999 lockref += mpcpu->mntp_lockref;
2002 printf("writeopcount: ");
2003 writeopcount = mp->mnt_writeopcount;
2005 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
2006 printf("%d ", mpcpu->mntp_writeopcount);
2007 writeopcount += mpcpu->mntp_writeopcount;
2011 printf("counter struct total\n");
2012 printf("ref %-5d %-5d\n", mp->mnt_ref, ref);
2013 printf("lockref %-5d %-5d\n", mp->mnt_lockref, lockref);
2014 printf("writeopcount %-5d %-5d\n", mp->mnt_writeopcount, writeopcount);
2016 panic("invalid counts on struct mount");
2021 vfs_mount_fetch_counter(struct mount *mp, enum mount_counter which)
2023 struct mount_pcpu *mpcpu;
2030 case MNT_COUNT_LOCKREF:
2031 sum = mp->mnt_lockref;
2033 case MNT_COUNT_WRITEOPCOUNT:
2034 sum = mp->mnt_writeopcount;
2039 mpcpu = vfs_mount_pcpu_remote(mp, cpu);
2042 sum += mpcpu->mntp_ref;
2044 case MNT_COUNT_LOCKREF:
2045 sum += mpcpu->mntp_lockref;
2047 case MNT_COUNT_WRITEOPCOUNT:
2048 sum += mpcpu->mntp_writeopcount;
2056 deferred_unmount_enqueue(struct mount *mp, uint64_t flags, bool requeue,
2062 mtx_lock(&deferred_unmount_lock);
2063 if ((mp->mnt_taskqueue_flags & MNT_DEFERRED) == 0 || requeue) {
2064 mp->mnt_taskqueue_flags = flags | MNT_DEFERRED;
2065 STAILQ_INSERT_TAIL(&deferred_unmount_list, mp,
2066 mnt_taskqueue_link);
2069 mtx_unlock(&deferred_unmount_lock);
2072 taskqueue_enqueue_timeout(taskqueue_deferred_unmount,
2073 &deferred_unmount_task, timeout_ticks);
2080 * Taskqueue handler for processing async/recursive unmounts
2083 vfs_deferred_unmount(void *argi __unused, int pending __unused)
2085 STAILQ_HEAD(, mount) local_unmounts;
2087 struct mount *mp, *tmp;
2089 unsigned int retries;
2092 STAILQ_INIT(&local_unmounts);
2093 mtx_lock(&deferred_unmount_lock);
2094 STAILQ_CONCAT(&local_unmounts, &deferred_unmount_list);
2095 mtx_unlock(&deferred_unmount_lock);
2097 STAILQ_FOREACH_SAFE(mp, &local_unmounts, mnt_taskqueue_link, tmp) {
2098 flags = mp->mnt_taskqueue_flags;
2099 KASSERT((flags & MNT_DEFERRED) != 0,
2100 ("taskqueue unmount without MNT_DEFERRED"));
2101 error = dounmount(mp, flags, curthread);
2104 unmounted = ((mp->mnt_kern_flag & MNTK_REFEXPIRE) != 0);
2108 * The deferred unmount thread is the only thread that
2109 * modifies the retry counts, so locking/atomics aren't
2112 retries = (mp->mnt_unmount_retries)++;
2113 deferred_unmount_total_retries++;
2114 if (!unmounted && retries < deferred_unmount_retry_limit) {
2115 deferred_unmount_enqueue(mp, flags, true,
2116 -deferred_unmount_retry_delay_hz);
2118 if (retries >= deferred_unmount_retry_limit) {
2119 printf("giving up on deferred unmount "
2120 "of %s after %d retries, error %d\n",
2121 mp->mnt_stat.f_mntonname, retries, error);
2130 * Do the actual filesystem unmount.
2133 dounmount(struct mount *mp, uint64_t flags, struct thread *td)
2135 struct mount_upper_node *upper;
2136 struct vnode *coveredvp, *rootvp;
2138 uint64_t async_flag;
2140 unsigned int retries;
2142 KASSERT((flags & MNT_DEFERRED) == 0 ||
2143 (flags & (MNT_RECURSE | MNT_FORCE)) == (MNT_RECURSE | MNT_FORCE),
2144 ("MNT_DEFERRED requires MNT_RECURSE | MNT_FORCE"));
2147 * If the caller has explicitly requested the unmount to be handled by
2148 * the taskqueue and we're not already in taskqueue context, queue
2149 * up the unmount request and exit. This is done prior to any
2150 * credential checks; MNT_DEFERRED should be used only for kernel-
2151 * initiated unmounts and will therefore be processed with the
2152 * (kernel) credentials of the taskqueue thread. Still, callers
2153 * should be sure this is the behavior they want.
2155 if ((flags & MNT_DEFERRED) != 0 &&
2156 taskqueue_member(taskqueue_deferred_unmount, curthread) == 0) {
2157 if (!deferred_unmount_enqueue(mp, flags, false, 0))
2159 return (EINPROGRESS);
2163 * Only privileged root, or (if MNT_USER is set) the user that did the
2164 * original mount is permitted to unmount this filesystem.
2165 * This check should be made prior to queueing up any recursive
2166 * unmounts of upper filesystems. Those unmounts will be executed
2167 * with kernel thread credentials and are expected to succeed, so
2168 * we must at least ensure the originating context has sufficient
2169 * privilege to unmount the base filesystem before proceeding with
2172 error = vfs_suser(mp, td);
2174 KASSERT((flags & MNT_DEFERRED) == 0,
2175 ("taskqueue unmount with insufficient privilege"));
2180 if (recursive_forced_unmount && ((flags & MNT_FORCE) != 0))
2181 flags |= MNT_RECURSE;
2183 if ((flags & MNT_RECURSE) != 0) {
2184 KASSERT((flags & MNT_FORCE) != 0,
2185 ("MNT_RECURSE requires MNT_FORCE"));
2189 * Set MNTK_RECURSE to prevent new upper mounts from being
2190 * added, and note that an operation on the uppers list is in
2191 * progress. This will ensure that unregistration from the
2192 * uppers list, and therefore any pending unmount of the upper
2193 * FS, can't complete until after we finish walking the list.
2195 mp->mnt_kern_flag |= MNTK_RECURSE;
2196 mp->mnt_upper_pending++;
2197 TAILQ_FOREACH(upper, &mp->mnt_uppers, mnt_upper_link) {
2198 retries = upper->mp->mnt_unmount_retries;
2199 if (retries > deferred_unmount_retry_limit) {
2206 if (!deferred_unmount_enqueue(upper->mp, flags,
2211 mp->mnt_upper_pending--;
2212 if ((mp->mnt_kern_flag & MNTK_UPPER_WAITER) != 0 &&
2213 mp->mnt_upper_pending == 0) {
2214 mp->mnt_kern_flag &= ~MNTK_UPPER_WAITER;
2215 wakeup(&mp->mnt_uppers);
2219 * If we're not on the taskqueue, wait until the uppers list
2220 * is drained before proceeding with unmount. Otherwise, if
2221 * we are on the taskqueue and there are still pending uppers,
2222 * just re-enqueue on the end of the taskqueue.
2224 if ((flags & MNT_DEFERRED) == 0) {
2225 while (error == 0 && !TAILQ_EMPTY(&mp->mnt_uppers)) {
2226 mp->mnt_kern_flag |= MNTK_TASKQUEUE_WAITER;
2227 error = msleep(&mp->mnt_taskqueue_link,
2228 MNT_MTX(mp), PCATCH, "umntqw", 0);
2235 } else if (!TAILQ_EMPTY(&mp->mnt_uppers)) {
2238 deferred_unmount_enqueue(mp, flags, true, 0);
2242 KASSERT(TAILQ_EMPTY(&mp->mnt_uppers), ("mnt_uppers not empty"));
2245 /* Allow the taskqueue to safely re-enqueue on failure */
2246 if ((flags & MNT_DEFERRED) != 0)
2249 if ((coveredvp = mp->mnt_vnodecovered) != NULL) {
2250 mnt_gen_r = mp->mnt_gen;
2253 vn_lock(coveredvp, LK_EXCLUSIVE | LK_INTERLOCK | LK_RETRY);
2255 * Check for mp being unmounted while waiting for the
2256 * covered vnode lock.
2258 if (coveredvp->v_mountedhere != mp ||
2259 coveredvp->v_mountedhere->mnt_gen != mnt_gen_r) {
2260 VOP_UNLOCK(coveredvp);
2269 vn_start_write(NULL, &mp, V_WAIT);
2271 if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0 ||
2272 (mp->mnt_flag & MNT_UPDATE) != 0 ||
2273 !TAILQ_EMPTY(&mp->mnt_uppers)) {
2274 dounmount_cleanup(mp, coveredvp, 0);
2277 mp->mnt_kern_flag |= MNTK_UNMOUNT;
2278 rootvp = vfs_cache_root_clear(mp);
2279 if (coveredvp != NULL)
2280 vn_seqc_write_begin(coveredvp);
2281 if (flags & MNT_NONBUSY) {
2283 error = vfs_check_usecounts(mp);
2286 vn_seqc_write_end(coveredvp);
2287 dounmount_cleanup(mp, coveredvp, MNTK_UNMOUNT);
2288 if (rootvp != NULL) {
2289 vn_seqc_write_end(rootvp);
2295 /* Allow filesystems to detect that a forced unmount is in progress. */
2296 if (flags & MNT_FORCE) {
2297 mp->mnt_kern_flag |= MNTK_UNMOUNTF;
2300 * Must be done after setting MNTK_UNMOUNTF and before
2301 * waiting for mnt_lockref to become 0.
2307 if (mp->mnt_lockref) {
2308 mp->mnt_kern_flag |= MNTK_DRAINING;
2309 error = msleep(&mp->mnt_lockref, MNT_MTX(mp), PVFS,
2313 KASSERT(mp->mnt_lockref == 0,
2314 ("%s: invalid lock refcount in the drain path @ %s:%d",
2315 __func__, __FILE__, __LINE__));
2317 ("%s: invalid return value for msleep in the drain path @ %s:%d",
2318 __func__, __FILE__, __LINE__));
2321 * We want to keep the vnode around so that we can vn_seqc_write_end
2322 * after we are done with unmount. Downgrade our reference to a mere
2323 * hold count so that we don't interefere with anything.
2325 if (rootvp != NULL) {
2330 if (mp->mnt_flag & MNT_EXPUBLIC)
2331 vfs_setpublicfs(NULL, NULL, NULL);
2333 vfs_periodic(mp, MNT_WAIT);
2335 async_flag = mp->mnt_flag & MNT_ASYNC;
2336 mp->mnt_flag &= ~MNT_ASYNC;
2337 mp->mnt_kern_flag &= ~MNTK_ASYNC;
2339 vfs_deallocate_syncvnode(mp);
2340 error = VFS_UNMOUNT(mp, flags);
2341 vn_finished_write(mp);
2344 * If we failed to flush the dirty blocks for this mount point,
2345 * undo all the cdir/rdir and rootvnode changes we made above.
2346 * Unless we failed to do so because the device is reporting that
2347 * it doesn't exist anymore.
2349 if (error && error != ENXIO) {
2351 if ((mp->mnt_flag & MNT_RDONLY) == 0) {
2353 vfs_allocate_syncvnode(mp);
2356 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
2357 mp->mnt_flag |= async_flag;
2358 if ((mp->mnt_flag & MNT_ASYNC) != 0 &&
2359 (mp->mnt_kern_flag & MNTK_NOASYNC) == 0)
2360 mp->mnt_kern_flag |= MNTK_ASYNC;
2361 if (mp->mnt_kern_flag & MNTK_MWAIT) {
2362 mp->mnt_kern_flag &= ~MNTK_MWAIT;
2365 vfs_op_exit_locked(mp);
2368 vn_seqc_write_end(coveredvp);
2369 VOP_UNLOCK(coveredvp);
2372 if (rootvp != NULL) {
2373 vn_seqc_write_end(rootvp);
2379 mtx_lock(&mountlist_mtx);
2380 TAILQ_REMOVE(&mountlist, mp, mnt_list);
2381 mtx_unlock(&mountlist_mtx);
2382 EVENTHANDLER_DIRECT_INVOKE(vfs_unmounted, mp, td);
2383 if (coveredvp != NULL) {
2385 vn_irflag_unset_locked(coveredvp, VIRF_MOUNTPOINT);
2386 coveredvp->v_mountedhere = NULL;
2387 vn_seqc_write_end_locked(coveredvp);
2388 VI_UNLOCK(coveredvp);
2389 VOP_UNLOCK(coveredvp);
2392 mount_devctl_event("UNMOUNT", mp, false);
2393 if (rootvp != NULL) {
2394 vn_seqc_write_end(rootvp);
2397 vfs_event_signal(NULL, VQ_UNMOUNT, 0);
2398 if (rootvnode != NULL && mp == rootvnode->v_mount) {
2402 if (mp == rootdevmp)
2404 if ((flags & MNT_DEFERRED) != 0)
2406 vfs_mount_destroy(mp);
2411 * Report errors during filesystem mounting.
2414 vfs_mount_error(struct mount *mp, const char *fmt, ...)
2416 struct vfsoptlist *moptlist = mp->mnt_optnew;
2421 error = vfs_getopt(moptlist, "errmsg", (void **)&errmsg, &len);
2422 if (error || errmsg == NULL || len <= 0)
2426 vsnprintf(errmsg, (size_t)len, fmt, ap);
2431 vfs_opterror(struct vfsoptlist *opts, const char *fmt, ...)
2437 error = vfs_getopt(opts, "errmsg", (void **)&errmsg, &len);
2438 if (error || errmsg == NULL || len <= 0)
2442 vsnprintf(errmsg, (size_t)len, fmt, ap);
2447 * ---------------------------------------------------------------------
2448 * Functions for querying mount options/arguments from filesystems.
2452 * Check that no unknown options are given
2455 vfs_filteropt(struct vfsoptlist *opts, const char **legal)
2459 const char **t, *p, *q;
2462 TAILQ_FOREACH(opt, opts, link) {
2465 if (p[0] == 'n' && p[1] == 'o')
2467 for(t = global_opts; *t != NULL; t++) {
2468 if (strcmp(*t, p) == 0)
2471 if (strcmp(*t, q) == 0)
2477 for(t = legal; *t != NULL; t++) {
2478 if (strcmp(*t, p) == 0)
2481 if (strcmp(*t, q) == 0)
2487 snprintf(errmsg, sizeof(errmsg),
2488 "mount option <%s> is unknown", p);
2492 TAILQ_FOREACH(opt, opts, link) {
2493 if (strcmp(opt->name, "errmsg") == 0) {
2494 strncpy((char *)opt->value, errmsg, opt->len);
2499 printf("%s\n", errmsg);
2505 * Get a mount option by its name.
2507 * Return 0 if the option was found, ENOENT otherwise.
2508 * If len is non-NULL it will be filled with the length
2509 * of the option. If buf is non-NULL, it will be filled
2510 * with the address of the option.
2513 vfs_getopt(struct vfsoptlist *opts, const char *name, void **buf, int *len)
2517 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL"));
2519 TAILQ_FOREACH(opt, opts, link) {
2520 if (strcmp(name, opt->name) == 0) {
2533 vfs_getopt_pos(struct vfsoptlist *opts, const char *name)
2540 TAILQ_FOREACH(opt, opts, link) {
2541 if (strcmp(name, opt->name) == 0) {
2550 vfs_getopt_size(struct vfsoptlist *opts, const char *name, off_t *value)
2552 char *opt_value, *vtp;
2556 error = vfs_getopt(opts, name, (void **)&opt_value, &opt_len);
2559 if (opt_len == 0 || opt_value == NULL)
2561 if (opt_value[0] == '\0' || opt_value[opt_len - 1] != '\0')
2563 iv = strtoq(opt_value, &vtp, 0);
2564 if (vtp == opt_value || (vtp[0] != '\0' && vtp[1] != '\0'))
2591 vfs_getopts(struct vfsoptlist *opts, const char *name, int *error)
2596 TAILQ_FOREACH(opt, opts, link) {
2597 if (strcmp(name, opt->name) != 0)
2600 if (opt->len == 0 ||
2601 ((char *)opt->value)[opt->len - 1] != '\0') {
2605 return (opt->value);
2612 vfs_flagopt(struct vfsoptlist *opts, const char *name, uint64_t *w,
2617 TAILQ_FOREACH(opt, opts, link) {
2618 if (strcmp(name, opt->name) == 0) {
2631 vfs_scanopt(struct vfsoptlist *opts, const char *name, const char *fmt, ...)
2637 KASSERT(opts != NULL, ("vfs_getopt: caller passed 'opts' as NULL"));
2639 TAILQ_FOREACH(opt, opts, link) {
2640 if (strcmp(name, opt->name) != 0)
2643 if (opt->len == 0 || opt->value == NULL)
2645 if (((char *)opt->value)[opt->len - 1] != '\0')
2648 ret = vsscanf(opt->value, fmt, ap);
2656 vfs_setopt(struct vfsoptlist *opts, const char *name, void *value, int len)
2660 TAILQ_FOREACH(opt, opts, link) {
2661 if (strcmp(name, opt->name) != 0)
2664 if (opt->value == NULL)
2667 if (opt->len != len)
2669 bcopy(value, opt->value, len);
2677 vfs_setopt_part(struct vfsoptlist *opts, const char *name, void *value, int len)
2681 TAILQ_FOREACH(opt, opts, link) {
2682 if (strcmp(name, opt->name) != 0)
2685 if (opt->value == NULL)
2691 bcopy(value, opt->value, len);
2699 vfs_setopts(struct vfsoptlist *opts, const char *name, const char *value)
2703 TAILQ_FOREACH(opt, opts, link) {
2704 if (strcmp(name, opt->name) != 0)
2707 if (opt->value == NULL)
2708 opt->len = strlen(value) + 1;
2709 else if (strlcpy(opt->value, value, opt->len) >= opt->len)
2717 * Find and copy a mount option.
2719 * The size of the buffer has to be specified
2720 * in len, if it is not the same length as the
2721 * mount option, EINVAL is returned.
2722 * Returns ENOENT if the option is not found.
2725 vfs_copyopt(struct vfsoptlist *opts, const char *name, void *dest, int len)
2729 KASSERT(opts != NULL, ("vfs_copyopt: caller passed 'opts' as NULL"));
2731 TAILQ_FOREACH(opt, opts, link) {
2732 if (strcmp(name, opt->name) == 0) {
2734 if (len != opt->len)
2736 bcopy(opt->value, dest, opt->len);
2744 __vfs_statfs(struct mount *mp, struct statfs *sbp)
2747 * Filesystems only fill in part of the structure for updates, we
2748 * have to read the entirety first to get all content.
2750 if (sbp != &mp->mnt_stat)
2751 memcpy(sbp, &mp->mnt_stat, sizeof(*sbp));
2754 * Set these in case the underlying filesystem fails to do so.
2756 sbp->f_version = STATFS_VERSION;
2757 sbp->f_namemax = NAME_MAX;
2758 sbp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
2759 sbp->f_nvnodelistsize = mp->mnt_nvnodelistsize;
2761 return (mp->mnt_op->vfs_statfs(mp, sbp));
2765 vfs_mountedfrom(struct mount *mp, const char *from)
2768 bzero(mp->mnt_stat.f_mntfromname, sizeof mp->mnt_stat.f_mntfromname);
2769 strlcpy(mp->mnt_stat.f_mntfromname, from,
2770 sizeof mp->mnt_stat.f_mntfromname);
2774 * ---------------------------------------------------------------------
2775 * This is the api for building mount args and mounting filesystems from
2776 * inside the kernel.
2778 * The API works by accumulation of individual args. First error is
2781 * XXX: should be documented in new manpage kernel_mount(9)
2784 /* A memory allocation which must be freed when we are done */
2786 SLIST_ENTRY(mntaarg) next;
2789 /* The header for the mount arguments */
2794 SLIST_HEAD(, mntaarg) list;
2798 * Add a boolean argument.
2800 * flag is the boolean value.
2801 * name must start with "no".
2804 mount_argb(struct mntarg *ma, int flag, const char *name)
2807 KASSERT(name[0] == 'n' && name[1] == 'o',
2808 ("mount_argb(...,%s): name must start with 'no'", name));
2810 return (mount_arg(ma, name + (flag ? 2 : 0), NULL, 0));
2814 * Add an argument printf style
2817 mount_argf(struct mntarg *ma, const char *name, const char *fmt, ...)
2820 struct mntaarg *maa;
2825 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO);
2826 SLIST_INIT(&ma->list);
2831 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2),
2833 ma->v[ma->len].iov_base = (void *)(uintptr_t)name;
2834 ma->v[ma->len].iov_len = strlen(name) + 1;
2837 sb = sbuf_new_auto();
2839 sbuf_vprintf(sb, fmt, ap);
2842 len = sbuf_len(sb) + 1;
2843 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO);
2844 SLIST_INSERT_HEAD(&ma->list, maa, next);
2845 bcopy(sbuf_data(sb), maa + 1, len);
2848 ma->v[ma->len].iov_base = maa + 1;
2849 ma->v[ma->len].iov_len = len;
2856 * Add an argument which is a userland string.
2859 mount_argsu(struct mntarg *ma, const char *name, const void *val, int len)
2861 struct mntaarg *maa;
2867 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO);
2868 SLIST_INIT(&ma->list);
2872 maa = malloc(sizeof *maa + len, M_MOUNT, M_WAITOK | M_ZERO);
2873 SLIST_INSERT_HEAD(&ma->list, maa, next);
2874 tbuf = (void *)(maa + 1);
2875 ma->error = copyinstr(val, tbuf, len, NULL);
2876 return (mount_arg(ma, name, tbuf, -1));
2882 * If length is -1, treat value as a C string.
2885 mount_arg(struct mntarg *ma, const char *name, const void *val, int len)
2889 ma = malloc(sizeof *ma, M_MOUNT, M_WAITOK | M_ZERO);
2890 SLIST_INIT(&ma->list);
2895 ma->v = realloc(ma->v, sizeof *ma->v * (ma->len + 2),
2897 ma->v[ma->len].iov_base = (void *)(uintptr_t)name;
2898 ma->v[ma->len].iov_len = strlen(name) + 1;
2901 ma->v[ma->len].iov_base = (void *)(uintptr_t)val;
2903 ma->v[ma->len].iov_len = strlen(val) + 1;
2905 ma->v[ma->len].iov_len = len;
2911 * Free a mntarg structure
2914 free_mntarg(struct mntarg *ma)
2916 struct mntaarg *maa;
2918 while (!SLIST_EMPTY(&ma->list)) {
2919 maa = SLIST_FIRST(&ma->list);
2920 SLIST_REMOVE_HEAD(&ma->list, next);
2923 free(ma->v, M_MOUNT);
2928 * Mount a filesystem
2931 kernel_mount(struct mntarg *ma, uint64_t flags)
2936 KASSERT(ma != NULL, ("kernel_mount NULL ma"));
2937 KASSERT(ma->error != 0 || ma->v != NULL, ("kernel_mount NULL ma->v"));
2938 KASSERT(!(ma->len & 1), ("kernel_mount odd ma->len (%d)", ma->len));
2942 auio.uio_iov = ma->v;
2943 auio.uio_iovcnt = ma->len;
2944 auio.uio_segflg = UIO_SYSSPACE;
2945 error = vfs_donmount(curthread, flags, &auio);
2951 /* Map from mount options to printable formats. */
2952 static struct mntoptnames optnames[] = {
2956 #define DEVCTL_LEN 1024
2958 mount_devctl_event(const char *type, struct mount *mp, bool donew)
2961 struct mntoptnames *fp;
2963 struct statfs *sfp = &mp->mnt_stat;
2966 buf = malloc(DEVCTL_LEN, M_MOUNT, M_NOWAIT);
2969 sbuf_new(&sb, buf, DEVCTL_LEN, SBUF_FIXEDLEN);
2970 sbuf_cpy(&sb, "mount-point=\"");
2971 devctl_safe_quote_sb(&sb, sfp->f_mntonname);
2972 sbuf_cat(&sb, "\" mount-dev=\"");
2973 devctl_safe_quote_sb(&sb, sfp->f_mntfromname);
2974 sbuf_cat(&sb, "\" mount-type=\"");
2975 devctl_safe_quote_sb(&sb, sfp->f_fstypename);
2976 sbuf_cat(&sb, "\" fsid=0x");
2977 cp = (const uint8_t *)&sfp->f_fsid.val[0];
2978 for (int i = 0; i < sizeof(sfp->f_fsid); i++)
2979 sbuf_printf(&sb, "%02x", cp[i]);
2980 sbuf_printf(&sb, " owner=%u flags=\"", sfp->f_owner);
2981 for (fp = optnames; fp->o_opt != 0; fp++) {
2982 if ((mp->mnt_flag & fp->o_opt) != 0) {
2983 sbuf_cat(&sb, fp->o_name);
2984 sbuf_putc(&sb, ';');
2987 sbuf_putc(&sb, '"');
2991 * Options are not published because the form of the options depends on
2992 * the file system and may include binary data. In addition, they don't
2993 * necessarily provide enough useful information to be actionable when
2994 * devd processes them.
2997 if (sbuf_error(&sb) == 0)
2998 devctl_notify("VFS", "FS", type, sbuf_data(&sb));
3004 * Force remount specified mount point to read-only. The argument
3005 * must be busied to avoid parallel unmount attempts.
3007 * Intended use is to prevent further writes if some metadata
3008 * inconsistency is detected. Note that the function still flushes
3009 * all cached metadata and data for the mount point, which might be
3010 * not always suitable.
3013 vfs_remount_ro(struct mount *mp)
3015 struct vfsoptlist *opts;
3017 struct vnode *vp_covered, *rootvp;
3021 KASSERT(mp->mnt_lockref > 0,
3022 ("vfs_remount_ro: mp %p is not busied", mp));
3023 KASSERT((mp->mnt_kern_flag & MNTK_UNMOUNT) == 0,
3024 ("vfs_remount_ro: mp %p is being unmounted (and busy?)", mp));
3027 vp_covered = mp->mnt_vnodecovered;
3028 error = vget(vp_covered, LK_EXCLUSIVE | LK_NOWAIT);
3033 VI_LOCK(vp_covered);
3034 if ((vp_covered->v_iflag & VI_MOUNT) != 0) {
3035 VI_UNLOCK(vp_covered);
3040 vp_covered->v_iflag |= VI_MOUNT;
3041 VI_UNLOCK(vp_covered);
3042 vn_seqc_write_begin(vp_covered);
3045 if ((mp->mnt_flag & MNT_RDONLY) != 0) {
3050 mp->mnt_flag |= MNT_UPDATE | MNT_FORCE | MNT_RDONLY;
3051 rootvp = vfs_cache_root_clear(mp);
3054 opts = malloc(sizeof(struct vfsoptlist), M_MOUNT, M_WAITOK | M_ZERO);
3056 opt = malloc(sizeof(struct vfsopt), M_MOUNT, M_WAITOK | M_ZERO);
3057 opt->name = strdup("ro", M_MOUNT);
3059 TAILQ_INSERT_TAIL(opts, opt, link);
3060 vfs_mergeopts(opts, mp->mnt_opt);
3061 mp->mnt_optnew = opts;
3063 error = VFS_MOUNT(mp);
3067 mp->mnt_flag &= ~(MNT_UPDATE | MNT_FORCE);
3069 vfs_deallocate_syncvnode(mp);
3070 if (mp->mnt_opt != NULL)
3071 vfs_freeopts(mp->mnt_opt);
3072 mp->mnt_opt = mp->mnt_optnew;
3075 mp->mnt_flag &= ~(MNT_UPDATE | MNT_FORCE | MNT_RDONLY);
3077 vfs_freeopts(mp->mnt_optnew);
3079 mp->mnt_optnew = NULL;
3083 VI_LOCK(vp_covered);
3084 vp_covered->v_iflag &= ~VI_MOUNT;
3085 VI_UNLOCK(vp_covered);
3087 vn_seqc_write_end(vp_covered);
3088 if (rootvp != NULL) {
3089 vn_seqc_write_end(rootvp);
3096 * Suspend write operations on all local writeable filesystems. Does
3097 * full sync of them in the process.
3099 * Iterate over the mount points in reverse order, suspending most
3100 * recently mounted filesystems first. It handles a case where a
3101 * filesystem mounted from a md(4) vnode-backed device should be
3102 * suspended before the filesystem that owns the vnode.
3105 suspend_all_fs(void)
3110 mtx_lock(&mountlist_mtx);
3111 TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) {
3112 error = vfs_busy(mp, MBF_MNTLSTLOCK | MBF_NOWAIT);
3115 if ((mp->mnt_flag & (MNT_RDONLY | MNT_LOCAL)) != MNT_LOCAL ||
3116 (mp->mnt_kern_flag & MNTK_SUSPEND) != 0) {
3117 mtx_lock(&mountlist_mtx);
3121 error = vfs_write_suspend(mp, 0);
3124 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0);
3125 mp->mnt_kern_flag |= MNTK_SUSPEND_ALL;
3127 mtx_lock(&mountlist_mtx);
3129 printf("suspend of %s failed, error %d\n",
3130 mp->mnt_stat.f_mntonname, error);
3131 mtx_lock(&mountlist_mtx);
3135 mtx_unlock(&mountlist_mtx);
3139 * Clone the mnt_exjail field to a new mount point.
3142 vfs_exjail_clone(struct mount *inmp, struct mount *outmp)
3148 cr = inmp->mnt_exjail;
3153 sx_slock(&allprison_lock);
3154 if (!prison_isalive(pr)) {
3155 sx_sunlock(&allprison_lock);
3160 if (outmp->mnt_exjail == NULL) {
3161 outmp->mnt_exjail = cr;
3162 atomic_add_int(&pr->pr_exportcnt, 1);
3166 sx_sunlock(&allprison_lock);
3178 mtx_lock(&mountlist_mtx);
3179 TAILQ_FOREACH(mp, &mountlist, mnt_list) {
3180 if ((mp->mnt_kern_flag & MNTK_SUSPEND_ALL) == 0)
3182 mtx_unlock(&mountlist_mtx);
3184 MPASS((mp->mnt_kern_flag & MNTK_SUSPEND) != 0);
3185 mp->mnt_kern_flag &= ~MNTK_SUSPEND_ALL;
3187 vfs_write_resume(mp, 0);
3188 mtx_lock(&mountlist_mtx);
3191 mtx_unlock(&mountlist_mtx);
projects / FreeBSD / FreeBSD.git / blob