Add a new kernel config option, MD_ROOT_READONLY, which forces on the

MD_READONLY flag for the md device automatically instantiated during kernel init for an mdroot filesystem. Note that there is specifically and by design no tunable or sysctl control over this feature. Without this option, you already have control over whether the mdroot fs is writeable using vfs.root.mountfrom.options from loader(8), the root_rw_mount rcvar, and by using "mount -u[rw] /" or equivelent on the fly. This option is being added to provide a way to make the mdroot fs truly immutable before userland code begins running. Differential Revision: https://reviews.freebsd.org/D13411
svn path=/head/; revision=327032
2017-12-20 18:23:22 +00:00 · 2017-12-20 18:23:22 +00:00 · 5cf10fb96a · 2020-12-20 02:59:44 +00:00
commit 5cf10fb96a
parent c19c7afee3
4 changed files with 15 additions and 4 deletions
--- a/share/man/man4/md.4
+++ b/share/man/man4/md.4
@ -7,7 +7,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd November 5, 2017
+.Dd December 7, 2017
 .Dt MD 4
 .Os
 .Sh NAME
@ -79,7 +79,8 @@ To create a kernel with a ramdisk or MD file system, your kernel config
 needs the following options:
 .Bd -literal -offset indent
 options 	MD_ROOT			# MD is a potential root device
-options		MD_ROOT_SIZE=8192	# 8MB ram disk
+options 	MD_ROOT_READONLY	# disallow mounting root writeable
+options 	MD_ROOT_SIZE=8192	# 8MB ram disk
 makeoptions	MFS_IMAGE=/h/foo/ARM-MD
 options 	ROOTDEVNAME=\\"ufs:md0\\"
 .Ed
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@ -1101,6 +1101,9 @@ options 	MD_ROOT_SIZE=10
 # images of type mfs_root or md_root.
 options 	MD_ROOT

+# Write-protect the md root device so that it may not be mounted writeable.
+options 	MD_ROOT_READONLY
+
 # Disk quotas are supported when this option is enabled.
 options 	QUOTA			#enable disk quotas

--- a/sys/conf/options
+++ b/sys/conf/options
@ -165,6 +165,7 @@ MAC_STUB	opt_dontuse.h
 MAC_TEST	opt_dontuse.h
 MD_ROOT		opt_md.h
 MD_ROOT_FSTYPE	opt_md.h
+MD_ROOT_READONLY	opt_md.h
 MD_ROOT_SIZE	opt_md.h
 MFI_DEBUG	opt_mfi.h
 MFI_DECODE_LOG	opt_mfi.h
--- a/sys/dev/md/md.c
+++ b/sys/dev/md/md.c
@ -1791,9 +1791,15 @@ md_preloaded(u_char *image, size_t length, const char *name)
 	sc->start = mdstart_preload;
 	if (name != NULL)
 		strlcpy(sc->file, name, sizeof(sc->file));
-#if defined(MD_ROOT) && !defined(ROOTDEVNAME)
-	if (sc->unit == 0)
+#ifdef MD_ROOT
+	if (sc->unit == 0) {
+#ifndef ROOTDEVNAME
 		rootdevnames[0] = MD_ROOT_FSTYPE ":/dev/md0";
+#endif
+#ifdef MD_ROOT_READONLY
+		sc->flags |= MD_READONLY;
+#endif
+	}
 #endif
 	mdinit(sc);
 	if (name != NULL) {