/*
* ctfs_mount - the VFS_MOUNT entry point
*/
static int
ctfs_mount(vfs_t *vfsp, vnode_t *mvp, struct mounta *uap, cred_t *cr)
{
ctfs_vfs_t *data;
dev_t dev;
gfs_dirent_t *dirent;
int i;
if (secpolicy_fs_mount(cr, mvp, vfsp) != 0)
return (EPERM);
if (mvp->v_type != VDIR)
return (ENOTDIR);
if ((uap->flags & MS_OVERLAY) == 0 &&
(mvp->v_count > 1 || (mvp->v_flag & VROOT)))
return (EBUSY);
data = kmem_alloc(sizeof (ctfs_vfs_t), KM_SLEEP);
/*
* Initialize vfs fields not initialized by VFS_INIT/domount
*/
vfsp->vfs_bsize = DEV_BSIZE;
vfsp->vfs_fstype = ctfs_fstype;
do
dev = makedevice(ctfs_major,
atomic_add_32_nv(&ctfs_minor, 1) & L_MAXMIN32);
while (vfs_devismounted(dev));
vfs_make_fsid(&vfsp->vfs_fsid, dev, ctfs_fstype);
vfsp->vfs_data = data;
vfsp->vfs_dev = dev;
/*
* Dynamically create gfs_dirent_t array for the root directory.
*/
dirent = kmem_zalloc((ct_ntypes + 2) * sizeof (gfs_dirent_t), KM_SLEEP);
for (i = 0; i < ct_ntypes; i++) {
dirent[i].gfse_name = (char *)ct_types[i]->ct_type_name;
dirent[i].gfse_ctor = ctfs_create_tdirnode;
dirent[i].gfse_flags = GFS_CACHE_VNODE;
}
dirent[i].gfse_name = "all";
dirent[i].gfse_ctor = ctfs_create_adirnode;
dirent[i].gfse_flags = GFS_CACHE_VNODE;
dirent[i+1].gfse_name = NULL;
/*
* Create root vnode
*/
data->ctvfs_root = gfs_root_create(sizeof (ctfs_rootnode_t),
vfsp, ctfs_ops_root, CTFS_INO_ROOT, dirent, ctfs_root_do_inode,
CTFS_NAME_MAX, NULL, NULL);
kmem_free(dirent, (ct_ntypes + 2) * sizeof (gfs_dirent_t));
return (0);
}
/*ARGSUSED*/
static int
fdmount(vfs_t *vfsp, vnode_t *mvp, struct mounta *uap, cred_t *cr)
{
struct vnode *vp;
if (secpolicy_fs_mount(cr, mvp, vfsp) != 0)
return (EPERM);
if (mvp->v_type != VDIR)
return (ENOTDIR);
mutex_enter(&mvp->v_lock);
if ((uap->flags & MS_OVERLAY) == 0 &&
(mvp->v_count > 1 || (mvp->v_flag & VROOT))) {
mutex_exit(&mvp->v_lock);
return (EBUSY);
}
mutex_exit(&mvp->v_lock);
/*
* Having the resource be anything but "fd" doesn't make sense
*/
vfs_setresource(vfsp, "fd");
vp = vn_alloc(KM_SLEEP);
vp->v_vfsp = vfsp;
vn_setops(vp, fd_vnodeops);
vp->v_type = VDIR;
vp->v_data = NULL;
vp->v_flag |= VROOT;
vfsp->vfs_fstype = fdfstype;
vfsp->vfs_data = (char *)vp;
mutex_enter(&fd_minor_lock);
do {
fdfsmin = (fdfsmin + 1) & L_MAXMIN32;
vfsp->vfs_dev = makedevice(fdfsmaj, fdfsmin);
} while (vfs_devismounted(vfsp->vfs_dev));
mutex_exit(&fd_minor_lock);
vfs_make_fsid(&vfsp->vfs_fsid, vfsp->vfs_dev, fdfstype);
vfsp->vfs_bsize = 1024;
return (0);
}
/*
* VFS entry points
*/
static int
objfs_mount(vfs_t *vfsp, vnode_t *mvp, struct mounta *uap, cred_t *cr)
{
objfs_vfs_t *data;
dev_t dev;
if (secpolicy_fs_mount(cr, mvp, vfsp) != 0)
return (EPERM);
if (mvp->v_type != VDIR)
return (ENOTDIR);
if ((uap->flags & MS_OVERLAY) == 0 &&
(mvp->v_count > 1 || (mvp->v_flag & VROOT)))
return (EBUSY);
data = kmem_alloc(sizeof (objfs_vfs_t), KM_SLEEP);
/*
* Initialize vfs fields
*/
vfsp->vfs_bsize = DEV_BSIZE;
vfsp->vfs_fstype = objfs_fstype;
do {
dev = makedevice(objfs_major,
atomic_add_32_nv(&objfs_minor, 1) & L_MAXMIN32);
} while (vfs_devismounted(dev));
vfs_make_fsid(&vfsp->vfs_fsid, dev, objfs_fstype);
vfsp->vfs_data = data;
vfsp->vfs_dev = dev;
/*
* Create root
*/
data->objfs_vfs_root = objfs_create_root(vfsp);
return (0);
}
/*ARGSUSED*/
static int
lo_mount(struct vfs *vfsp,
struct vnode *vp,
struct mounta *uap,
struct cred *cr)
{
int error;
struct vnode *srootvp = NULL; /* the server's root */
struct vnode *realrootvp;
struct loinfo *li;
int nodev;
nodev = vfs_optionisset(vfsp, MNTOPT_NODEVICES, NULL);
if ((error = secpolicy_fs_mount(cr, vp, vfsp)) != 0)
return (EPERM);
/*
* Loopback devices which get "nodevices" added can be done without
* "nodevices" set because we cannot import devices into a zone
* with loopback. Note that we have all zone privileges when
* this happens; if not, we'd have gotten "nosuid".
*/
if (!nodev && vfs_optionisset(vfsp, MNTOPT_NODEVICES, NULL))
vfs_setmntopt(vfsp, MNTOPT_DEVICES, NULL, VFS_NODISPLAY);
mutex_enter(&vp->v_lock);
if (!(uap->flags & MS_OVERLAY) &&
(vp->v_count != 1 || (vp->v_flag & VROOT))) {
mutex_exit(&vp->v_lock);
return (EBUSY);
}
mutex_exit(&vp->v_lock);
/*
* Find real root, and make vfs point to real vfs
*/
if (error = lookupname(uap->spec, (uap->flags & MS_SYSSPACE) ?
UIO_SYSSPACE : UIO_USERSPACE, FOLLOW, NULLVPP, &realrootvp))
return (error);
/*
* Enforce MAC policy if needed.
*
* Loopback mounts must not allow writing up. The dominance test
* is intended to prevent a global zone caller from accidentally
* creating write-up conditions between two labeled zones.
* Local zones can't violate MAC on their own without help from
* the global zone because they can't name a pathname that
* they don't already have.
*
* The special case check for the NET_MAC_AWARE process flag is
* to support the case of the automounter in the global zone. We
* permit automounting of local zone directories such as home
* directories, into the global zone as required by setlabel,
* zonecopy, and saving of desktop sessions. Such mounts are
* trusted not to expose the contents of one zone's directories
* to another by leaking them through the global zone.
*/
if (is_system_labeled() && crgetzoneid(cr) == GLOBAL_ZONEID) {
char specname[MAXPATHLEN];
zone_t *from_zptr;
zone_t *to_zptr;
if (vnodetopath(NULL, realrootvp, specname,
sizeof (specname), CRED()) != 0) {
VN_RELE(realrootvp);
return (EACCES);
}
from_zptr = zone_find_by_path(specname);
to_zptr = zone_find_by_path(refstr_value(vfsp->vfs_mntpt));
/*
* Special case for zone devfs: the zone for /dev will
* incorrectly appear as the global zone since it's not
* under the zone rootpath. So for zone devfs check allow
* read-write mounts.
*
* Second special case for scratch zones used for Live Upgrade:
* this is used to mount the zone's root from /root to /a in
* the scratch zone. As with the other special case, this
* appears to be outside of the zone because it's not under
* the zone rootpath, which is $ZONEPATH/lu in the scratch
* zone case.
*/
if (from_zptr != to_zptr &&
!(to_zptr->zone_flags & ZF_IS_SCRATCH)) {
/*
* We know at this point that the labels aren't equal
* because the zone pointers aren't equal, and zones
* can't share a label.
*
* If the source is the global zone then making
* it available to a local zone must be done in
* read-only mode as the label will become admin_low.
*
* If it is a mount between local zones then if
* the current process is in the global zone and has
* the NET_MAC_AWARE flag, then regular read-write
* access is allowed. If it's in some other zone, but
* the label on the mount point dominates the original
* source, then allow the mount as read-only
* ("read-down").
*/
if (from_zptr->zone_id == GLOBAL_ZONEID) {
/* make the mount read-only */
vfs_setmntopt(vfsp, MNTOPT_RO, NULL, 0);
} else { /* cross-zone mount */
if (to_zptr->zone_id == GLOBAL_ZONEID &&
/* LINTED: no consequent */
getpflags(NET_MAC_AWARE, cr) != 0) {
/* Allow the mount as read-write */
} else if (bldominates(
label2bslabel(to_zptr->zone_slabel),
label2bslabel(from_zptr->zone_slabel))) {
/* make the mount read-only */
vfs_setmntopt(vfsp, MNTOPT_RO, NULL, 0);
} else {
VN_RELE(realrootvp);
zone_rele(to_zptr);
zone_rele(from_zptr);
return (EACCES);
}
}
}
zone_rele(to_zptr);
zone_rele(from_zptr);
}
/*
* realrootvp may be an AUTOFS node, in which case we
* perform a VOP_ACCESS() to trigger the mount of the
* intended filesystem, so we loopback mount the intended
* filesystem instead of the AUTOFS filesystem.
*/
(void) VOP_ACCESS(realrootvp, 0, 0, cr, NULL);
/*
* We're interested in the top most filesystem.
* This is specially important when uap->spec is a trigger
* AUTOFS node, since we're really interested in mounting the
* filesystem AUTOFS mounted as result of the VOP_ACCESS()
* call not the AUTOFS node itself.
*/
if (vn_mountedvfs(realrootvp) != NULL) {
if (error = traverse(&realrootvp)) {
VN_RELE(realrootvp);
return (error);
}
}
/*
* Allocate a vfs info struct and attach it
*/
li = kmem_zalloc(sizeof (struct loinfo), KM_SLEEP);
li->li_realvfs = realrootvp->v_vfsp;
li->li_mountvfs = vfsp;
/*
* Set mount flags to be inherited by loopback vfs's
*/
if (vfs_optionisset(vfsp, MNTOPT_RO, NULL)) {
li->li_mflag |= VFS_RDONLY;
}
if (vfs_optionisset(vfsp, MNTOPT_NOSUID, NULL)) {
li->li_mflag |= (VFS_NOSETUID|VFS_NODEVICES);
}
if (vfs_optionisset(vfsp, MNTOPT_NODEVICES, NULL)) {
li->li_mflag |= VFS_NODEVICES;
}
if (vfs_optionisset(vfsp, MNTOPT_NOSETUID, NULL)) {
li->li_mflag |= VFS_NOSETUID;
}
/*
* Permissive flags are added to the "deny" bitmap.
*/
if (vfs_optionisset(vfsp, MNTOPT_NOXATTR, NULL)) {
li->li_dflag |= VFS_XATTR;
}
if (vfs_optionisset(vfsp, MNTOPT_NONBMAND, NULL)) {
li->li_dflag |= VFS_NBMAND;
}
/*
* Propagate inheritable mount flags from the real vfs.
*/
if ((li->li_realvfs->vfs_flag & VFS_RDONLY) &&
!vfs_optionisset(vfsp, MNTOPT_RO, NULL))
vfs_setmntopt(vfsp, MNTOPT_RO, NULL,
VFS_NODISPLAY);
if ((li->li_realvfs->vfs_flag & VFS_NOSETUID) &&
!vfs_optionisset(vfsp, MNTOPT_NOSETUID, NULL))
vfs_setmntopt(vfsp, MNTOPT_NOSETUID, NULL,
VFS_NODISPLAY);
if ((li->li_realvfs->vfs_flag & VFS_NODEVICES) &&
!vfs_optionisset(vfsp, MNTOPT_NODEVICES, NULL))
vfs_setmntopt(vfsp, MNTOPT_NODEVICES, NULL,
VFS_NODISPLAY);
/*
* Permissive flags such as VFS_XATTR, as opposed to restrictive flags
* such as VFS_RDONLY, are handled differently. An explicit
* MNTOPT_NOXATTR should override the underlying filesystem's VFS_XATTR.
*/
if ((li->li_realvfs->vfs_flag & VFS_XATTR) &&
!vfs_optionisset(vfsp, MNTOPT_NOXATTR, NULL) &&
!vfs_optionisset(vfsp, MNTOPT_XATTR, NULL))
vfs_setmntopt(vfsp, MNTOPT_XATTR, NULL,
VFS_NODISPLAY);
if ((li->li_realvfs->vfs_flag & VFS_NBMAND) &&
!vfs_optionisset(vfsp, MNTOPT_NBMAND, NULL) &&
!vfs_optionisset(vfsp, MNTOPT_NONBMAND, NULL))
vfs_setmntopt(vfsp, MNTOPT_NBMAND, NULL,
VFS_NODISPLAY);
li->li_refct = 0;
vfsp->vfs_data = (caddr_t)li;
vfsp->vfs_bcount = 0;
vfsp->vfs_fstype = lofsfstype;
vfsp->vfs_bsize = li->li_realvfs->vfs_bsize;
vfsp->vfs_dev = li->li_realvfs->vfs_dev;
vfsp->vfs_fsid.val[0] = li->li_realvfs->vfs_fsid.val[0];
vfsp->vfs_fsid.val[1] = li->li_realvfs->vfs_fsid.val[1];
if (vfs_optionisset(vfsp, MNTOPT_LOFS_NOSUB, NULL)) {
li->li_flag |= LO_NOSUB;
}
/*
* Propagate any VFS features
*/
vfs_propagate_features(li->li_realvfs, vfsp);
/*
* Setup the hashtable. If the root of this mount isn't a directory,
* there's no point in allocating a large hashtable. A table with one
* bucket is sufficient.
*/
if (realrootvp->v_type != VDIR)
lsetup(li, 1);
else
lsetup(li, 0);
/*
* Make the root vnode
*/
srootvp = makelonode(realrootvp, li, 0);
srootvp->v_flag |= VROOT;
li->li_rootvp = srootvp;
#ifdef LODEBUG
lo_dprint(4, "lo_mount: vfs %p realvfs %p root %p realroot %p li %p\n",
vfsp, li->li_realvfs, srootvp, realrootvp, li);
#endif
return (0);
}
static int
zfs_vfs_mount(struct mount *mp, vnode_t devvp, user_addr_t data, vfs_context_t context)
{
char *osname = NULL;
size_t osnamelen = 0;
int error = 0;
int canwrite;
/*
* Get the objset name (the "special" mount argument).
* The filesystem that we mount as root is defined in the
* "zfs-bootfs" property.
*/
if (data) {
user_addr_t fspec = USER_ADDR_NULL;
#ifndef __APPLE__
if (ddi_prop_lookup_string(DDI_DEV_T_ANY, ddi_root_node(),
DDI_PROP_DONTPASS, "zfs-bootfs", &zfs_bootpath) !=
DDI_SUCCESS)
return (EIO);
error = parse_bootpath(zfs_bootpath, rootfs.bo_name);
ddi_prop_free(zfs_bootpath);
#endif
osname = kmem_alloc(MAXPATHLEN, KM_SLEEP);
if (vfs_context_is64bit(context)) {
if ( (error = copyin(data, (caddr_t)&fspec, sizeof(fspec))) )
goto out;
} else {
#ifdef ZFS_LEOPARD_ONLY
char *tmp;
#else
user32_addr_t tmp;
#endif
if ( (error = copyin(data, (caddr_t)&tmp, sizeof(tmp))) )
goto out;
/* munge into LP64 addr */
fspec = CAST_USER_ADDR_T(tmp);
}
if ( (error = copyinstr(fspec, osname, MAXPATHLEN, &osnamelen)) )
goto out;
}
#if 0
if (mvp->v_type != VDIR)
return (ENOTDIR);
mutex_enter(&mvp->v_lock);
if ((uap->flags & MS_REMOUNT) == 0 &&
(uap->flags & MS_OVERLAY) == 0 &&
(mvp->v_count != 1 || (mvp->v_flag & VROOT))) {
mutex_exit(&mvp->v_lock);
return (EBUSY);
}
mutex_exit(&mvp->v_lock);
/*
* ZFS does not support passing unparsed data in via MS_DATA.
* Users should use the MS_OPTIONSTR interface; this means
* that all option parsing is already done and the options struct
* can be interrogated.
*/
if ((uap->flags & MS_DATA) && uap->datalen > 0)
return (EINVAL);
/*
* Get the objset name (the "special" mount argument).
*/
if (error = pn_get(uap->spec, fromspace, &spn))
return (error);
osname = spn.pn_path;
#endif
/*
* Check for mount privilege?
*
* If we don't have privilege then see if
* we have local permission to allow it
*/
#ifndef __APPLE__
error = secpolicy_fs_mount(cr, mvp, vfsp);
if (error) {
error = dsl_deleg_access(osname, ZFS_DELEG_PERM_MOUNT, cr);
if (error == 0) {
vattr_t vattr;
/*
* Make sure user is the owner of the mount point
* or has sufficient privileges.
*/
vattr.va_mask = AT_UID;
if (error = VOP_GETATTR(mvp, &vattr, 0, cr)) {
goto out;
}
if (error = secpolicy_vnode_owner(cr, vattr.va_uid)) {
goto out;
}
if (error = VOP_ACCESS(mvp, VWRITE, 0, cr)) {
goto out;
}
secpolicy_fs_mount_clearopts(cr, vfsp);
} else {
goto out;
}
}
#endif
error = zfs_domount(mp, 0, osname, context);
if (error)
printf("zfs_vfs_mount: error %d\n", error);
if (error == 0) {
zfsvfs_t *zfsvfs = NULL;
/* Make the Finder treat sub file systems just like a folder */
if (strpbrk(osname, "/"))
vfs_setflags(mp, (u_int64_t)((unsigned int)MNT_DONTBROWSE));
/* Indicate to VFS that we support ACLs. */
vfs_setextendedsecurity(mp);
/* Advisory locking should be handled at the VFS layer */
vfs_setlocklocal(mp);
/*
* Mac OS X needs a file system modify time
*
* We use the mtime of the "com.apple.system.mtime"
* extended attribute, which is associated with the
* file system root directory.
*
* Here we need to take a ref on z_mtime_vp to keep it around.
* If the attribute isn't there, attempt to create it.
*/
zfsvfs = vfs_fsprivate(mp);
if (zfsvfs->z_mtime_vp == NULL) {
struct vnode * rvp;
struct vnode *xdvp = NULLVP;
struct vnode *xvp = NULLVP;
znode_t *rootzp;
timestruc_t modify_time;
cred_t *cr;
timestruc_t now;
int flag;
int result;
if (zfs_zget(zfsvfs, zfsvfs->z_root, &rootzp) != 0) {
goto out;
}
rvp = ZTOV(rootzp);
cr = (cred_t *)vfs_context_ucred(context);
/* Grab the hidden attribute directory vnode. */
result = zfs_get_xattrdir(rootzp, &xdvp, cr, CREATE_XATTR_DIR);
vnode_put(rvp); /* all done with root vnode */
rvp = NULL;
if (result) {
goto out;
}
/*
* HACK - workaround missing vnode_setnoflush() KPI...
*
* We tag zfsvfs so that zfs_attach_vnode() can then set
* vnfs_marksystem when the vnode gets created.
*/
zfsvfs->z_last_unmount_time = 0xBADC0DE;
zfsvfs->z_last_mtime_synced = VTOZ(xdvp)->z_id;
flag = vfs_isrdonly(mp) ? 0 : ZEXISTS;
/* Lookup or create the named attribute. */
if ( zfs_obtain_xattr(VTOZ(xdvp), ZFS_MTIME_XATTR,
S_IRUSR | S_IWUSR, cr, &xvp,
flag) ) {
zfsvfs->z_last_unmount_time = 0;
zfsvfs->z_last_mtime_synced = 0;
vnode_put(xdvp);
goto out;
}
gethrestime(&now);
ZFS_TIME_ENCODE(&now, VTOZ(xvp)->z_phys->zp_mtime);
vnode_put(xdvp);
vnode_ref(xvp);
zfsvfs->z_mtime_vp = xvp;
ZFS_TIME_DECODE(&modify_time, VTOZ(xvp)->z_phys->zp_mtime);
zfsvfs->z_last_unmount_time = modify_time.tv_sec;
zfsvfs->z_last_mtime_synced = modify_time.tv_sec;
/*
* Keep this referenced vnode from impeding an unmount.
*
* XXX vnode_setnoflush() is MIA from KPI (see workaround above).
*/
#if 0
vnode_setnoflush(xvp);
#endif
vnode_put(xvp);
}
}
out:
if (osname) {
kmem_free(osname, MAXPATHLEN);
}
return (error);
}
/*ARGSUSED*/
static int
zfs_mount(vfs_t *vfsp, vnode_t *mvp, struct mounta *uap, cred_t *cr)
{
char *osname;
pathname_t spn;
int error = 0;
uio_seg_t fromspace = (uap->flags & MS_SYSSPACE) ?
UIO_SYSSPACE : UIO_USERSPACE;
int canwrite;
if (mvp->v_type != VDIR)
return (ENOTDIR);
mutex_enter(&mvp->v_lock);
if ((uap->flags & MS_REMOUNT) == 0 &&
(uap->flags & MS_OVERLAY) == 0 &&
(mvp->v_count != 1 || (mvp->v_flag & VROOT))) {
mutex_exit(&mvp->v_lock);
return (EBUSY);
}
mutex_exit(&mvp->v_lock);
/*
* ZFS does not support passing unparsed data in via MS_DATA.
* Users should use the MS_OPTIONSTR interface; this means
* that all option parsing is already done and the options struct
* can be interrogated.
*/
if ((uap->flags & MS_DATA) && uap->datalen > 0)
return (EINVAL);
/*
* When doing a remount, we simply refresh our temporary properties
* according to those options set in the current VFS options.
*/
if (uap->flags & MS_REMOUNT) {
return (zfs_refresh_properties(vfsp));
}
/*
* Get the objset name (the "special" mount argument).
*/
if (error = pn_get(uap->spec, fromspace, &spn))
return (error);
osname = spn.pn_path;
if ((error = secpolicy_fs_mount(cr, mvp, vfsp)) != 0)
goto out;
/*
* Refuse to mount a filesystem if we are in a local zone and the
* dataset is not visible.
*/
if (!INGLOBALZONE(curproc) &&
(!zone_dataset_visible(osname, &canwrite) || !canwrite)) {
error = EPERM;
goto out;
}
error = zfs_domount(vfsp, osname, cr);
out:
pn_free(&spn);
return (error);
}
static int
VMBlockMount(struct vfs *vfsp, // IN: file system to mount
struct vnode *vnodep, // IN: Vnode that we are mounting on
struct mounta *mntp, // IN: Arguments to mount(2) from user
struct cred *credp) // IN: Credentials of caller
{
VMBlockMountInfo *mip;
int ret;
Debug(VMBLOCK_ENTRY_LOGLEVEL, "VMBlockMount: entry\n");
/*
* These next few checks are done by all other Solaris file systems, so
* let's follow their lead.
*/
ret = secpolicy_fs_mount(credp, vnodep, vfsp);
if (ret) {
Warning("VMBlockMount: mounting security check failed.\n");
return ret;
}
if (vnodep->v_type != VDIR) {
Warning("VMBlockMount: not mounting on a directory.\n");
return ENOTDIR;
}
mutex_enter(&vnodep->v_lock);
if ((mntp->flags & MS_OVERLAY) == 0 &&
(vnodep->v_count != 1 || (vnodep->v_flag & VROOT))) {
mutex_exit(&vnodep->v_lock);
Warning("VMBlockMount: cannot allow unrequested overlay mount.\n");
return EBUSY;
}
mutex_exit(&vnodep->v_lock);
/*
* The directory we are redirecting to is specified as the special file
* since we have no actual device to mount on. We store that path in the
* mount information structure (note that there's another allocation inside
* pn_get() so we must pn_free() that path at unmount time). KM_SLEEP
* guarantees our memory allocation will succeed (pn_get() uses this flag
* too).
*/
mip = kmem_zalloc(sizeof *mip, KM_SLEEP);
ret = pn_get(mntp->spec,
(mntp->flags & MS_SYSSPACE) ? UIO_SYSSPACE : UIO_USERSPACE,
&mip->redirectPath);
if (ret) {
Warning("VMBlockMount: could not obtain redirecting directory.\n");
kmem_free(mip, sizeof *mip);
return ret;
}
/* Do a lookup on the specified path. */
ret = lookupname(mntp->spec,
(mntp->flags & MS_SYSSPACE) ? UIO_SYSSPACE : UIO_USERSPACE,
FOLLOW,
NULLVPP,
&mip->redirectVnode);
if (ret) {
Warning("VMBlockMount: could not obtain redirecting directory.\n");
goto error_lookup;
}
if (mip->redirectVnode->v_type != VDIR) {
Warning("VMBlockMount: not redirecting to a directory.\n");
ret = ENOTDIR;
goto error;
}
/*
* Initialize our vfs structure.
*/
vfsp->vfs_vnodecovered = vnodep;
vfsp->vfs_flag &= ~VFS_UNMOUNTED;
vfsp->vfs_flag |= VMBLOCK_VFS_FLAGS;
vfsp->vfs_bsize = PAGESIZE;
vfsp->vfs_fstype = vmblockType;
vfsp->vfs_bcount = 0;
/* If we had mount options, we'd call vfs_setmntopt with vfsp->vfs_mntopts */
/* Locate a unique device minor number for this mount. */
mutex_enter(&vmblockMutex);
do {
vfsp->vfs_dev = makedevice(vmblockMajor, vmblockMinor);
vmblockMinor = (vmblockMinor + 1) & L_MAXMIN32;
} while (vfs_devismounted(vfsp->vfs_dev));
mutex_exit(&vmblockMutex);
vfs_make_fsid(&vfsp->vfs_fsid, vfsp->vfs_dev, vmblockType);
vfsp->vfs_data = (caddr_t)mip;
/*
* Now create the root vnode of the file system.
*/
ret = VMBlockVnodeGet(&mip->root, mip->redirectVnode,
mip->redirectPath.pn_path,
mip->redirectPath.pn_pathlen,
NULL, vfsp, TRUE);
if (ret) {
Warning("VMBlockMount: couldn't create root vnode.\n");
ret = EFAULT;
goto error;
}
VN_HOLD(vfsp->vfs_vnodecovered);
return 0;
error:
/* lookupname() provides a held vnode. */
VN_RELE(mip->redirectVnode);
error_lookup:
pn_free(&mip->redirectPath);
kmem_free(mip, sizeof *mip);
return ret;
}
/*
* Mount a file descriptor onto the node in the file system.
* Create a new vnode, update the attributes with info from the
* file descriptor and the mount point. The mask, mode, uid, gid,
* atime, mtime and ctime are taken from the mountpt. Link count is
* set to one, the file system id is namedev and nodeid is unique
* for each mounted object. Other attributes are taken from mount point.
* Make sure user is owner (or root) with write permissions on mount point.
* Hash the new vnode and return 0.
* Upon entry to this routine, the file descriptor is in the
* fd field of a struct namefd. Copy that structure from user
* space and retrieve the file descriptor.
*/
static int
nm_mount(vfs_t *vfsp, vnode_t *mvp, struct mounta *uap, cred_t *crp)
{
struct namefd namefdp;
struct vnode *filevp; /* file descriptor vnode */
struct file *fp;
struct vnode *newvp; /* vnode representing this mount */
struct vnode *rvp; /* realvp (if any) for the mountpt */
struct namenode *nodep; /* namenode for this mount */
struct vattr filevattr; /* attributes of file dec. */
struct vattr *vattrp; /* attributes of this mount */
char *resource_name;
char *resource_nodetype;
statvfs64_t *svfsp;
int error = 0;
/*
* Get the file descriptor from user space.
* Make sure the file descriptor is valid and has an
* associated file pointer.
* If so, extract the vnode from the file pointer.
*/
if (uap->datalen != sizeof (struct namefd))
return (EINVAL);
if (copyin(uap->dataptr, &namefdp, uap->datalen))
return (EFAULT);
if ((fp = getf(namefdp.fd)) == NULL)
return (EBADF);
/*
* If the mount point already has something mounted
* on it, disallow this mount. (This restriction may
* be removed in a later release).
* Or unmount has completed but the namefs ROOT vnode
* count has not decremented to zero, disallow this mount.
*/
mutex_enter(&mvp->v_lock);
if ((mvp->v_flag & VROOT) ||
vfs_matchops(mvp->v_vfsp, namefs_vfsops)) {
mutex_exit(&mvp->v_lock);
releasef(namefdp.fd);
return (EBUSY);
}
mutex_exit(&mvp->v_lock);
/*
* Cannot allow users to fattach() in /dev/pts.
* First, there is no need for doing so and secondly
* we cannot allow arbitrary users to park on a node in
* /dev/pts or /dev/vt.
*/
rvp = NULLVP;
if (vn_matchops(mvp, spec_getvnodeops()) &&
VOP_REALVP(mvp, &rvp, NULL) == 0 && rvp &&
(vn_matchops(rvp, devpts_getvnodeops()) ||
vn_matchops(rvp, devvt_getvnodeops()))) {
releasef(namefdp.fd);
return (ENOTSUP);
}
filevp = fp->f_vnode;
if (filevp->v_type == VDIR || filevp->v_type == VPORT) {
releasef(namefdp.fd);
return (EINVAL);
}
/*
* If the fd being mounted refers to neither a door nor a stream,
* make sure the caller is privileged.
*/
if (filevp->v_type != VDOOR && filevp->v_stream == NULL) {
if (secpolicy_fs_mount(crp, filevp, vfsp) != 0) {
/* fd is neither a stream nor a door */
releasef(namefdp.fd);
return (EINVAL);
}
}
/*
* Make sure the file descriptor is not the root of some
* file system.
* If it's not, create a reference and allocate a namenode
* to represent this mount request.
*/
if (filevp->v_flag & VROOT) {
releasef(namefdp.fd);
return (EBUSY);
}
nodep = kmem_zalloc(sizeof (struct namenode), KM_SLEEP);
mutex_init(&nodep->nm_lock, NULL, MUTEX_DEFAULT, NULL);
vattrp = &nodep->nm_vattr;
vattrp->va_mask = AT_ALL;
if (error = VOP_GETATTR(mvp, vattrp, 0, crp, NULL))
goto out;
filevattr.va_mask = AT_ALL;
if (error = VOP_GETATTR(filevp, &filevattr, 0, crp, NULL))
goto out;
/*
* Make sure the user is the owner of the mount point
* or has sufficient privileges.
*/
if (error = secpolicy_vnode_owner(crp, vattrp->va_uid))
goto out;
/*
* Make sure the user has write permissions on the
* mount point (or has sufficient privileges).
*/
if (!(vattrp->va_mode & VWRITE) &&
secpolicy_vnode_access(crp, mvp, vattrp->va_uid, VWRITE) != 0) {
error = EACCES;
goto out;
}
/*
* If the file descriptor has file/record locking, don't
* allow the mount to succeed.
*/
if (vn_has_flocks(filevp)) {
error = EACCES;
goto out;
}
/*
* Initialize the namenode.
*/
if (filevp->v_stream) {
struct stdata *stp = filevp->v_stream;
mutex_enter(&stp->sd_lock);
stp->sd_flag |= STRMOUNT;
mutex_exit(&stp->sd_lock);
}
nodep->nm_filevp = filevp;
mutex_enter(&fp->f_tlock);
fp->f_count++;
mutex_exit(&fp->f_tlock);
releasef(namefdp.fd);
nodep->nm_filep = fp;
nodep->nm_mountpt = mvp;
/*
* The attributes for the mounted file descriptor were initialized
* above by applying VOP_GETATTR to the mount point. Some of
* the fields of the attributes structure will be overwritten
* by the attributes from the file descriptor.
*/
vattrp->va_type = filevattr.va_type;
vattrp->va_fsid = namedev;
vattrp->va_nodeid = namenodeno_alloc();
vattrp->va_nlink = 1;
vattrp->va_size = filevattr.va_size;
vattrp->va_rdev = filevattr.va_rdev;
vattrp->va_blksize = filevattr.va_blksize;
vattrp->va_nblocks = filevattr.va_nblocks;
vattrp->va_seq = 0;
/*
* Initialize new vnode structure for the mounted file descriptor.
*/
nodep->nm_vnode = vn_alloc(KM_SLEEP);
newvp = NMTOV(nodep);
newvp->v_flag = filevp->v_flag | VROOT | VNOMAP | VNOSWAP;
vn_setops(newvp, nm_vnodeops);
newvp->v_vfsp = vfsp;
newvp->v_stream = filevp->v_stream;
newvp->v_type = filevp->v_type;
newvp->v_rdev = filevp->v_rdev;
newvp->v_data = (caddr_t)nodep;
VFS_HOLD(vfsp);
vn_exists(newvp);
/*
* Initialize the vfs structure.
*/
vfsp->vfs_vnodecovered = NULL;
vfsp->vfs_flag |= VFS_UNLINKABLE;
vfsp->vfs_bsize = 1024;
vfsp->vfs_fstype = namefstype;
vfs_make_fsid(&vfsp->vfs_fsid, namedev, namefstype);
vfsp->vfs_data = (caddr_t)nodep;
vfsp->vfs_dev = namedev;
vfsp->vfs_bcount = 0;
/*
* Set the name we mounted from.
*/
switch (filevp->v_type) {
case VPROC: /* VOP_GETATTR() translates this to VREG */
case VREG: resource_nodetype = "file"; break;
case VDIR: resource_nodetype = "directory"; break;
case VBLK: resource_nodetype = "device"; break;
case VCHR: resource_nodetype = "device"; break;
case VLNK: resource_nodetype = "link"; break;
case VFIFO: resource_nodetype = "fifo"; break;
case VDOOR: resource_nodetype = "door"; break;
case VSOCK: resource_nodetype = "socket"; break;
default: resource_nodetype = "resource"; break;
}
#define RESOURCE_NAME_SZ 128 /* Maximum length of the resource name */
resource_name = kmem_alloc(RESOURCE_NAME_SZ, KM_SLEEP);
svfsp = kmem_alloc(sizeof (statvfs64_t), KM_SLEEP);
error = VFS_STATVFS(filevp->v_vfsp, svfsp);
if (error == 0) {
(void) snprintf(resource_name, RESOURCE_NAME_SZ,
"unspecified_%s_%s", svfsp->f_basetype, resource_nodetype);
} else {
(void) snprintf(resource_name, RESOURCE_NAME_SZ,
"unspecified_%s", resource_nodetype);
}
vfs_setresource(vfsp, resource_name);
kmem_free(svfsp, sizeof (statvfs64_t));
kmem_free(resource_name, RESOURCE_NAME_SZ);
#undef RESOURCE_NAME_SZ
/*
* Insert the namenode.
*/
mutex_enter(&ntable_lock);
nameinsert(nodep);
mutex_exit(&ntable_lock);
return (0);
out:
releasef(namefdp.fd);
kmem_free(nodep, sizeof (struct namenode));
return (error);
}
/*ARGSUSED*/
static int
zfs_mount(vfs_t *vfsp)
{
kthread_t *td = curthread;
vnode_t *mvp = vfsp->mnt_vnodecovered;
cred_t *cr = td->td_ucred;
char *osname;
int error = 0;
int canwrite;
if (vfs_getopt(vfsp->mnt_optnew, "from", (void **)&osname, NULL))
return (EINVAL);
/*
* If full-owner-access is enabled and delegated administration is
* turned on, we must set nosuid.
*/
if (zfs_super_owner &&
dsl_deleg_access(osname, ZFS_DELEG_PERM_MOUNT, cr) != ECANCELED) {
secpolicy_fs_mount_clearopts(cr, vfsp);
}
/*
* Check for mount privilege?
*
* If we don't have privilege then see if
* we have local permission to allow it
*/
error = secpolicy_fs_mount(cr, mvp, vfsp);
if (error) {
error = dsl_deleg_access(osname, ZFS_DELEG_PERM_MOUNT, cr);
if (error != 0)
goto out;
if (!(vfsp->vfs_flag & MS_REMOUNT)) {
vattr_t vattr;
/*
* Make sure user is the owner of the mount point
* or has sufficient privileges.
*/
vattr.va_mask = AT_UID;
vn_lock(mvp, LK_SHARED | LK_RETRY);
if (error = VOP_GETATTR(mvp, &vattr, cr)) {
VOP_UNLOCK(mvp, 0);
goto out;
}
#if 0 /* CHECK THIS! Is probably needed for zfs_suser. */
if (secpolicy_vnode_owner(mvp, cr, vattr.va_uid) != 0 &&
VOP_ACCESS(mvp, VWRITE, cr, td) != 0) {
error = EPERM;
goto out;
}
#else
if (error = secpolicy_vnode_owner(mvp, cr, vattr.va_uid)) {
VOP_UNLOCK(mvp, 0);
goto out;
}
if (error = VOP_ACCESS(mvp, VWRITE, cr, td)) {
VOP_UNLOCK(mvp, 0);
goto out;
}
VOP_UNLOCK(mvp, 0);
#endif
}
secpolicy_fs_mount_clearopts(cr, vfsp);
}
/*
* Refuse to mount a filesystem if we are in a local zone and the
* dataset is not visible.
*/
if (!INGLOBALZONE(curthread) &&
(!zone_dataset_visible(osname, &canwrite) || !canwrite)) {
error = EPERM;
goto out;
}
/*
* When doing a remount, we simply refresh our temporary properties
* according to those options set in the current VFS options.
*/
if (vfsp->vfs_flag & MS_REMOUNT) {
/* refresh mount options */
zfs_unregister_callbacks(vfsp->vfs_data);
error = zfs_register_callbacks(vfsp);
goto out;
}
DROP_GIANT();
error = zfs_domount(vfsp, osname);
PICKUP_GIANT();
out:
return (error);
}
/*
* smbfs mount vfsop
* Set up mount info record and attach it to vfs struct.
*/
static int
smbfs_mount(vfs_t *vfsp, vnode_t *mvp, struct mounta *uap, cred_t *cr)
{
char *data = uap->dataptr;
int error;
smbnode_t *rtnp = NULL; /* root of this fs */
smbmntinfo_t *smi = NULL;
dev_t smbfs_dev;
int version;
int devfd;
zone_t *zone = curproc->p_zone;
zone_t *mntzone = NULL;
smb_share_t *ssp = NULL;
smb_cred_t scred;
int flags, sec;
STRUCT_DECL(smbfs_args, args); /* smbfs mount arguments */
if ((error = secpolicy_fs_mount(cr, mvp, vfsp)) != 0)
return (error);
if (mvp->v_type != VDIR)
return (ENOTDIR);
/*
* get arguments
*
* uap->datalen might be different from sizeof (args)
* in a compatible situation.
*/
STRUCT_INIT(args, get_udatamodel());
bzero(STRUCT_BUF(args), SIZEOF_STRUCT(smbfs_args, DATAMODEL_NATIVE));
if (copyin(data, STRUCT_BUF(args), MIN(uap->datalen,
SIZEOF_STRUCT(smbfs_args, DATAMODEL_NATIVE))))
return (EFAULT);
/*
* Check mount program version
*/
version = STRUCT_FGET(args, version);
if (version != SMBFS_VERSION) {
cmn_err(CE_WARN, "mount version mismatch:"
" kernel=%d, mount=%d\n",
SMBFS_VERSION, version);
return (EINVAL);
}
/*
* Deal with re-mount requests.
*/
if (uap->flags & MS_REMOUNT) {
cmn_err(CE_WARN, "MS_REMOUNT not implemented");
return (ENOTSUP);
}
/*
* Check for busy
*/
mutex_enter(&mvp->v_lock);
if (!(uap->flags & MS_OVERLAY) &&
(mvp->v_count != 1 || (mvp->v_flag & VROOT))) {
mutex_exit(&mvp->v_lock);
return (EBUSY);
}
mutex_exit(&mvp->v_lock);
/*
* Get the "share" from the netsmb driver (ssp).
* It is returned with a "ref" (hold) for us.
* Release this hold: at errout below, or in
* smbfs_freevfs().
*/
devfd = STRUCT_FGET(args, devfd);
error = smb_dev2share(devfd, &ssp);
if (error) {
cmn_err(CE_WARN, "invalid device handle %d (%d)\n",
devfd, error);
return (error);
}
/*
* Use "goto errout" from here on.
* See: ssp, smi, rtnp, mntzone
*/
/*
* Determine the zone we're being mounted into.
*/
zone_hold(mntzone = zone); /* start with this assumption */
if (getzoneid() == GLOBAL_ZONEID) {
zone_rele(mntzone);
mntzone = zone_find_by_path(refstr_value(vfsp->vfs_mntpt));
ASSERT(mntzone != NULL);
if (mntzone != zone) {
error = EBUSY;
goto errout;
}
}
/*
* Stop the mount from going any further if the zone is going away.
*/
if (zone_status_get(mntzone) >= ZONE_IS_SHUTTING_DOWN) {
error = EBUSY;
goto errout;
}
/*
* On a Trusted Extensions client, we may have to force read-only
* for read-down mounts.
*/
if (is_system_labeled()) {
void *addr;
int ipvers = 0;
struct smb_vc *vcp;
vcp = SSTOVC(ssp);
addr = smb_vc_getipaddr(vcp, &ipvers);
error = smbfs_mount_label_policy(vfsp, addr, ipvers, cr);
if (error > 0)
goto errout;
if (error == -1) {
/* change mount to read-only to prevent write-down */
vfs_setmntopt(vfsp, MNTOPT_RO, NULL, 0);
}
}
/* Prevent unload. */
atomic_inc_32(&smbfs_mountcount);
/*
* Create a mount record and link it to the vfs struct.
* No more possiblities for errors from here on.
* Tear-down of this stuff is in smbfs_free_smi()
*
* Compare with NFS: nfsrootvp()
*/
smi = kmem_zalloc(sizeof (*smi), KM_SLEEP);
mutex_init(&smi->smi_lock, NULL, MUTEX_DEFAULT, NULL);
cv_init(&smi->smi_statvfs_cv, NULL, CV_DEFAULT, NULL);
rw_init(&smi->smi_hash_lk, NULL, RW_DEFAULT, NULL);
smbfs_init_hash_avl(&smi->smi_hash_avl);
smi->smi_share = ssp;
ssp = NULL;
/*
* Convert the anonymous zone hold acquired via zone_hold() above
* into a zone reference.
*/
zone_init_ref(&smi->smi_zone_ref);
zone_hold_ref(mntzone, &smi->smi_zone_ref, ZONE_REF_SMBFS);
zone_rele(mntzone);
mntzone = NULL;
/*
* Initialize option defaults
*/
smi->smi_flags = SMI_LLOCK;
smi->smi_acregmin = SEC2HR(SMBFS_ACREGMIN);
smi->smi_acregmax = SEC2HR(SMBFS_ACREGMAX);
smi->smi_acdirmin = SEC2HR(SMBFS_ACDIRMIN);
smi->smi_acdirmax = SEC2HR(SMBFS_ACDIRMAX);
/*
* All "generic" mount options have already been
* handled in vfs.c:domount() - see mntopts stuff.
* Query generic options using vfs_optionisset().
*/
if (vfs_optionisset(vfsp, MNTOPT_INTR, NULL))
smi->smi_flags |= SMI_INT;
if (vfs_optionisset(vfsp, MNTOPT_ACL, NULL))
smi->smi_flags |= SMI_ACL;
/*
* Get the mount options that come in as smbfs_args,
* starting with args.flags (SMBFS_MF_xxx)
*/
flags = STRUCT_FGET(args, flags);
smi->smi_uid = STRUCT_FGET(args, uid);
smi->smi_gid = STRUCT_FGET(args, gid);
smi->smi_fmode = STRUCT_FGET(args, file_mode) & 0777;
smi->smi_dmode = STRUCT_FGET(args, dir_mode) & 0777;
/*
* Hande the SMBFS_MF_xxx flags.
*/
if (flags & SMBFS_MF_NOAC)
smi->smi_flags |= SMI_NOAC;
if (flags & SMBFS_MF_ACREGMIN) {
sec = STRUCT_FGET(args, acregmin);
if (sec < 0 || sec > SMBFS_ACMINMAX)
sec = SMBFS_ACMINMAX;
smi->smi_acregmin = SEC2HR(sec);
}
if (flags & SMBFS_MF_ACREGMAX) {
sec = STRUCT_FGET(args, acregmax);
if (sec < 0 || sec > SMBFS_ACMAXMAX)
sec = SMBFS_ACMAXMAX;
smi->smi_acregmax = SEC2HR(sec);
}
if (flags & SMBFS_MF_ACDIRMIN) {
sec = STRUCT_FGET(args, acdirmin);
if (sec < 0 || sec > SMBFS_ACMINMAX)
sec = SMBFS_ACMINMAX;
smi->smi_acdirmin = SEC2HR(sec);
}
if (flags & SMBFS_MF_ACDIRMAX) {
sec = STRUCT_FGET(args, acdirmax);
if (sec < 0 || sec > SMBFS_ACMAXMAX)
sec = SMBFS_ACMAXMAX;
smi->smi_acdirmax = SEC2HR(sec);
}
/*
* Get attributes of the remote file system,
* i.e. ACL support, named streams, etc.
*/
smb_credinit(&scred, cr);
error = smbfs_smb_qfsattr(smi->smi_share, &smi->smi_fsa, &scred);
smb_credrele(&scred);
if (error) {
SMBVDEBUG("smbfs_smb_qfsattr error %d\n", error);
}
/*
* We enable XATTR by default (via smbfs_mntopts)
* but if the share does not support named streams,
* force the NOXATTR option (also clears XATTR).
* Caller will set or clear VFS_XATTR after this.
*/
if ((smi->smi_fsattr & FILE_NAMED_STREAMS) == 0)
vfs_setmntopt(vfsp, MNTOPT_NOXATTR, NULL, 0);
/*
* Ditto ACLs (disable if not supported on this share)
*/
if ((smi->smi_fsattr & FILE_PERSISTENT_ACLS) == 0) {
vfs_setmntopt(vfsp, MNTOPT_NOACL, NULL, 0);
smi->smi_flags &= ~SMI_ACL;
}
/*
* Assign a unique device id to the mount
*/
mutex_enter(&smbfs_minor_lock);
do {
smbfs_minor = (smbfs_minor + 1) & MAXMIN32;
smbfs_dev = makedevice(smbfs_major, smbfs_minor);
} while (vfs_devismounted(smbfs_dev));
mutex_exit(&smbfs_minor_lock);
vfsp->vfs_dev = smbfs_dev;
vfs_make_fsid(&vfsp->vfs_fsid, smbfs_dev, smbfsfstyp);
vfsp->vfs_data = (caddr_t)smi;
vfsp->vfs_fstype = smbfsfstyp;
vfsp->vfs_bsize = MAXBSIZE;
vfsp->vfs_bcount = 0;
smi->smi_vfsp = vfsp;
smbfs_zonelist_add(smi); /* undo in smbfs_freevfs */
/*
* Create the root vnode, which we need in unmount
* for the call to smbfs_check_table(), etc.
* Release this hold in smbfs_unmount.
*/
rtnp = smbfs_node_findcreate(smi, "\\", 1, NULL, 0, 0,
&smbfs_fattr0);
ASSERT(rtnp != NULL);
rtnp->r_vnode->v_type = VDIR;
rtnp->r_vnode->v_flag |= VROOT;
smi->smi_root = rtnp;
/*
* NFS does other stuff here too:
* async worker threads
* init kstats
*
* End of code from NFS nfsrootvp()
*/
return (0);
errout:
vfsp->vfs_data = NULL;
if (smi != NULL)
smbfs_free_smi(smi);
if (mntzone != NULL)
zone_rele(mntzone);
if (ssp != NULL)
smb_share_rele(ssp);
return (error);
}
