From 5cf10fb96a24a673f0ddbbcda322e0eb7af14dae Mon Sep 17 00:00:00 2001 From: Ian Lepore Date: Wed, 20 Dec 2017 18:23:22 +0000 Subject: [PATCH] Add a new kernel config option, MD_ROOT_READONLY, which forces on the MD_READONLY flag for the md device automatically instantiated during kernel init for an mdroot filesystem. Note that there is specifically and by design no tunable or sysctl control over this feature. Without this option, you already have control over whether the mdroot fs is writeable using vfs.root.mountfrom.options from loader(8), the root_rw_mount rcvar, and by using "mount -u[rw] /" or equivelent on the fly. This option is being added to provide a way to make the mdroot fs truly immutable before userland code begins running. Differential Revision: https://reviews.freebsd.org/D13411 --- share/man/man4/md.4 | 5 +++-- sys/conf/NOTES | 3 +++ sys/conf/options | 1 + sys/dev/md/md.c | 10 ++++++++-- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/share/man/man4/md.4 b/share/man/man4/md.4 index f13aa4d2f676..ec734a913c1c 100644 --- a/share/man/man4/md.4 +++ b/share/man/man4/md.4 @@ -7,7 +7,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 5, 2017 +.Dd December 7, 2017 .Dt MD 4 .Os .Sh NAME @@ -79,7 +79,8 @@ To create a kernel with a ramdisk or MD file system, your kernel config needs the following options: .Bd -literal -offset indent options MD_ROOT # MD is a potential root device -options MD_ROOT_SIZE=8192 # 8MB ram disk +options MD_ROOT_READONLY # disallow mounting root writeable +options MD_ROOT_SIZE=8192 # 8MB ram disk makeoptions MFS_IMAGE=/h/foo/ARM-MD options ROOTDEVNAME=\\"ufs:md0\\" .Ed diff --git a/sys/conf/NOTES b/sys/conf/NOTES index be9572b5ee59..9d1ec64895b4 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -1101,6 +1101,9 @@ options MD_ROOT_SIZE=10 # images of type mfs_root or md_root. options MD_ROOT +# Write-protect the md root device so that it may not be mounted writeable. +options MD_ROOT_READONLY + # Disk quotas are supported when this option is enabled. options QUOTA #enable disk quotas diff --git a/sys/conf/options b/sys/conf/options index 6c1099243420..b83926f18a98 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -165,6 +165,7 @@ MAC_STUB opt_dontuse.h MAC_TEST opt_dontuse.h MD_ROOT opt_md.h MD_ROOT_FSTYPE opt_md.h +MD_ROOT_READONLY opt_md.h MD_ROOT_SIZE opt_md.h MFI_DEBUG opt_mfi.h MFI_DECODE_LOG opt_mfi.h diff --git a/sys/dev/md/md.c b/sys/dev/md/md.c index ee76b4f54ba7..3c4075094a19 100644 --- a/sys/dev/md/md.c +++ b/sys/dev/md/md.c @@ -1791,9 +1791,15 @@ md_preloaded(u_char *image, size_t length, const char *name) sc->start = mdstart_preload; if (name != NULL) strlcpy(sc->file, name, sizeof(sc->file)); -#if defined(MD_ROOT) && !defined(ROOTDEVNAME) - if (sc->unit == 0) +#ifdef MD_ROOT + if (sc->unit == 0) { +#ifndef ROOTDEVNAME rootdevnames[0] = MD_ROOT_FSTYPE ":/dev/md0"; +#endif +#ifdef MD_ROOT_READONLY + sc->flags |= MD_READONLY; +#endif + } #endif mdinit(sc); if (name != NULL) {