freebsd-dev/sys/kern/vfs_init.c
Jamie Gritton 0e5c6bd436 Make it easier for filesystems to count themselves as jail-enabled,
by doing most of the work in a new function prison_add_vfs in kern_jail.c
Now a jail-enabled filesystem need only mark itself with VFCF_JAIL, and
the rest is taken care of.  This includes adding a jail parameter like
allow.mount.foofs, and a sysctl like security.jail.mount_foofs_allowed.
Both of these used to be a static list of known filesystems, with
predefined permission bits.

Reviewed by:	kib
Differential Revision:	D14681
2018-05-04 20:54:27 +00:00

377 lines
10 KiB
C

/*-
* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed
* to Berkeley by John Heidemann of the UCLA Ficus project.
*
* Source: * @(#)i405_init.c 2.10 92/04/27 UCLA Ficus project
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)vfs_init.c 8.3 (Berkeley) 1/4/94
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/fnv_hash.h>
#include <sys/jail.h>
#include <sys/kernel.h>
#include <sys/linker.h>
#include <sys/mount.h>
#include <sys/proc.h>
#include <sys/sx.h>
#include <sys/syscallsubr.h>
#include <sys/sysctl.h>
#include <sys/vnode.h>
#include <sys/malloc.h>
static int vfs_register(struct vfsconf *);
static int vfs_unregister(struct vfsconf *);
MALLOC_DEFINE(M_VNODE, "vnodes", "Dynamically allocated vnodes");
/*
* The highest defined VFS number.
*/
int maxvfsconf = VFS_GENERIC + 1;
/*
* Single-linked list of configured VFSes.
* New entries are added/deleted by vfs_register()/vfs_unregister()
*/
struct vfsconfhead vfsconf = TAILQ_HEAD_INITIALIZER(vfsconf);
struct sx vfsconf_sx;
SX_SYSINIT(vfsconf, &vfsconf_sx, "vfsconf");
/*
* Loader.conf variable vfs.typenumhash enables setting vfc_typenum using a hash
* calculation on vfc_name, so that it doesn't change when file systems are
* loaded in a different order. This will avoid the NFS server file handles from
* changing for file systems that use vfc_typenum in their fsid.
*/
static int vfs_typenumhash = 1;
SYSCTL_INT(_vfs, OID_AUTO, typenumhash, CTLFLAG_RDTUN, &vfs_typenumhash, 0,
"Set vfc_typenum using a hash calculation on vfc_name, so that it does not"
"change when file systems are loaded in a different order.");
/*
* A Zen vnode attribute structure.
*
* Initialized when the first filesystem registers by vfs_register().
*/
struct vattr va_null;
/*
* vfs_init.c
*
* Allocate and fill in operations vectors.
*
* An undocumented feature of this approach to defining operations is that
* there can be multiple entries in vfs_opv_descs for the same operations
* vector. This allows third parties to extend the set of operations
* supported by another layer in a binary compatibile way. For example,
* assume that NFS needed to be modified to support Ficus. NFS has an entry
* (probably nfs_vnopdeop_decls) declaring all the operations NFS supports by
* default. Ficus could add another entry (ficus_nfs_vnodeop_decl_entensions)
* listing those new operations Ficus adds to NFS, all without modifying the
* NFS code. (Of couse, the OTW NFS protocol still needs to be munged, but
* that is a(whole)nother story.) This is a feature.
*/
/*
* Routines having to do with the management of the vnode table.
*/
static struct vfsconf *
vfs_byname_locked(const char *name)
{
struct vfsconf *vfsp;
sx_assert(&vfsconf_sx, SA_LOCKED);
if (!strcmp(name, "ffs"))
name = "ufs";
TAILQ_FOREACH(vfsp, &vfsconf, vfc_list) {
if (!strcmp(name, vfsp->vfc_name))
return (vfsp);
}
return (NULL);
}
struct vfsconf *
vfs_byname(const char *name)
{
struct vfsconf *vfsp;
vfsconf_slock();
vfsp = vfs_byname_locked(name);
vfsconf_sunlock();
return (vfsp);
}
struct vfsconf *
vfs_byname_kld(const char *fstype, struct thread *td, int *error)
{
struct vfsconf *vfsp;
int fileid, loaded;
vfsp = vfs_byname(fstype);
if (vfsp != NULL)
return (vfsp);
/* Try to load the respective module. */
*error = kern_kldload(td, fstype, &fileid);
loaded = (*error == 0);
if (*error == EEXIST)
*error = 0;
if (*error)
return (NULL);
/* Look up again to see if the VFS was loaded. */
vfsp = vfs_byname(fstype);
if (vfsp == NULL) {
if (loaded)
(void)kern_kldunload(td, fileid, LINKER_UNLOAD_FORCE);
*error = ENODEV;
return (NULL);
}
return (vfsp);
}
/* Register a new filesystem type in the global table */
static int
vfs_register(struct vfsconf *vfc)
{
struct sysctl_oid *oidp;
struct vfsops *vfsops;
static int once;
struct vfsconf *tvfc;
uint32_t hashval;
int secondpass;
if (!once) {
vattr_null(&va_null);
once = 1;
}
if (vfc->vfc_version != VFS_VERSION) {
printf("ERROR: filesystem %s, unsupported ABI version %x\n",
vfc->vfc_name, vfc->vfc_version);
return (EINVAL);
}
vfsconf_lock();
if (vfs_byname_locked(vfc->vfc_name) != NULL) {
vfsconf_unlock();
return (EEXIST);
}
if (vfs_typenumhash != 0) {
/*
* Calculate a hash on vfc_name to use for vfc_typenum. Unless
* all of 1<->255 are assigned, it is limited to 8bits since
* that is what ZFS uses from vfc_typenum and is also the
* preferred range for vfs_getnewfsid().
*/
hashval = fnv_32_str(vfc->vfc_name, FNV1_32_INIT);
hashval &= 0xff;
secondpass = 0;
do {
/* Look for and fix any collision. */
TAILQ_FOREACH(tvfc, &vfsconf, vfc_list) {
if (hashval == tvfc->vfc_typenum) {
if (hashval == 255 && secondpass == 0) {
hashval = 1;
secondpass = 1;
} else
hashval++;
break;
}
}
} while (tvfc != NULL);
vfc->vfc_typenum = hashval;
if (vfc->vfc_typenum >= maxvfsconf)
maxvfsconf = vfc->vfc_typenum + 1;
} else
vfc->vfc_typenum = maxvfsconf++;
TAILQ_INSERT_TAIL(&vfsconf, vfc, vfc_list);
/*
* Initialise unused ``struct vfsops'' fields, to use
* the vfs_std*() functions. Note, we need the mount
* and unmount operations, at the least. The check
* for vfsops available is just a debugging aid.
*/
KASSERT(vfc->vfc_vfsops != NULL,
("Filesystem %s has no vfsops", vfc->vfc_name));
/*
* Check the mount and unmount operations.
*/
vfsops = vfc->vfc_vfsops;
KASSERT(vfsops->vfs_mount != NULL,
("Filesystem %s has no mount op", vfc->vfc_name));
KASSERT(vfsops->vfs_unmount != NULL,
("Filesystem %s has no unmount op", vfc->vfc_name));
if (vfsops->vfs_root == NULL)
/* return file system's root vnode */
vfsops->vfs_root = vfs_stdroot;
if (vfsops->vfs_quotactl == NULL)
/* quota control */
vfsops->vfs_quotactl = vfs_stdquotactl;
if (vfsops->vfs_statfs == NULL)
/* return file system's status */
vfsops->vfs_statfs = vfs_stdstatfs;
if (vfsops->vfs_sync == NULL)
/*
* flush unwritten data (nosync)
* file systems can use vfs_stdsync
* explicitly by setting it in the
* vfsop vector.
*/
vfsops->vfs_sync = vfs_stdnosync;
if (vfsops->vfs_vget == NULL)
/* convert an inode number to a vnode */
vfsops->vfs_vget = vfs_stdvget;
if (vfsops->vfs_fhtovp == NULL)
/* turn an NFS file handle into a vnode */
vfsops->vfs_fhtovp = vfs_stdfhtovp;
if (vfsops->vfs_checkexp == NULL)
/* check if file system is exported */
vfsops->vfs_checkexp = vfs_stdcheckexp;
if (vfsops->vfs_init == NULL)
/* file system specific initialisation */
vfsops->vfs_init = vfs_stdinit;
if (vfsops->vfs_uninit == NULL)
/* file system specific uninitialisation */
vfsops->vfs_uninit = vfs_stduninit;
if (vfsops->vfs_extattrctl == NULL)
/* extended attribute control */
vfsops->vfs_extattrctl = vfs_stdextattrctl;
if (vfsops->vfs_sysctl == NULL)
vfsops->vfs_sysctl = vfs_stdsysctl;
if (vfc->vfc_flags & VFCF_JAIL)
prison_add_vfs(vfc);
/*
* Call init function for this VFS...
*/
(*(vfc->vfc_vfsops->vfs_init))(vfc);
vfsconf_unlock();
/*
* If this filesystem has a sysctl node under vfs
* (i.e. vfs.xxfs), then change the oid number of that node to
* match the filesystem's type number. This allows user code
* which uses the type number to read sysctl variables defined
* by the filesystem to continue working. Since the oids are
* in a sorted list, we need to make sure the order is
* preserved by re-registering the oid after modifying its
* number.
*/
sysctl_wlock();
SLIST_FOREACH(oidp, SYSCTL_CHILDREN(&sysctl___vfs), oid_link) {
if (strcmp(oidp->oid_name, vfc->vfc_name) == 0) {
sysctl_unregister_oid(oidp);
oidp->oid_number = vfc->vfc_typenum;
sysctl_register_oid(oidp);
break;
}
}
sysctl_wunlock();
return (0);
}
/* Remove registration of a filesystem type */
static int
vfs_unregister(struct vfsconf *vfc)
{
struct vfsconf *vfsp;
int error, maxtypenum;
vfsconf_lock();
vfsp = vfs_byname_locked(vfc->vfc_name);
if (vfsp == NULL) {
vfsconf_unlock();
return (EINVAL);
}
if (vfsp->vfc_refcount != 0) {
vfsconf_unlock();
return (EBUSY);
}
if (vfc->vfc_vfsops->vfs_uninit != NULL) {
error = (*vfc->vfc_vfsops->vfs_uninit)(vfsp);
if (error != 0) {
vfsconf_unlock();
return (error);
}
}
TAILQ_REMOVE(&vfsconf, vfsp, vfc_list);
maxtypenum = VFS_GENERIC;
TAILQ_FOREACH(vfsp, &vfsconf, vfc_list)
if (maxtypenum < vfsp->vfc_typenum)
maxtypenum = vfsp->vfc_typenum;
maxvfsconf = maxtypenum + 1;
vfsconf_unlock();
return (0);
}
/*
* Standard kernel module handling code for filesystem modules.
* Referenced from VFS_SET().
*/
int
vfs_modevent(module_t mod, int type, void *data)
{
struct vfsconf *vfc;
int error = 0;
vfc = (struct vfsconf *)data;
switch (type) {
case MOD_LOAD:
if (vfc)
error = vfs_register(vfc);
break;
case MOD_UNLOAD:
if (vfc)
error = vfs_unregister(vfc);
break;
default:
error = EOPNOTSUPP;
break;
}
return (error);
}