NetBSD/sys/kern/vfs_init.c
elad 4c9fcb77c3 - Add usermount_common_policy() that implements some common (everything
but access control) user mounting policies: enforced MNT_NOSUID and
  MNT_NODEV, no MNT_EXPORT, MNT_EXEC propagation. This can be useful for
  secmodels that are interested in simply adding finer grained user mount
  support.

- Add a mount subsystem listener for KAUTH_REQ_SYSTEM_MOUNT_GET.
2009-10-05 04:20:13 +00:00

570 lines
14 KiB
C

/* $NetBSD: vfs_init.c,v 1.45 2009/10/05 04:20:13 elad Exp $ */
/*-
* Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
* by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
* NASA Ames Research Center.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed
* to Berkeley by John Heidemann of the UCLA Ficus project.
*
* Source: * @(#)i405_init.c 2.10 92/04/27 UCLA Ficus project
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)vfs_init.c 8.5 (Berkeley) 5/11/95
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: vfs_init.c,v 1.45 2009/10/05 04:20:13 elad Exp $");
#include <sys/param.h>
#include <sys/mount.h>
#include <sys/time.h>
#include <sys/vnode.h>
#include <sys/stat.h>
#include <sys/namei.h>
#include <sys/ucred.h>
#include <sys/buf.h>
#include <sys/errno.h>
#include <sys/kmem.h>
#include <sys/systm.h>
#include <sys/module.h>
#include <sys/dirhash.h>
#include <sys/sysctl.h>
#include <sys/kauth.h>
/*
* Sigh, such primitive tools are these...
*/
#if 0
#define DODEBUG(A) A
#else
#define DODEBUG(A)
#endif
/*
* The global list of vnode operations.
*/
extern const struct vnodeop_desc * const vfs_op_descs[];
/*
* These vnodeopv_descs are listed here because they are not
* associated with any particular file system, and thus cannot
* be initialized by vfs_attach().
*/
extern const struct vnodeopv_desc dead_vnodeop_opv_desc;
extern const struct vnodeopv_desc fifo_vnodeop_opv_desc;
extern const struct vnodeopv_desc spec_vnodeop_opv_desc;
extern const struct vnodeopv_desc sync_vnodeop_opv_desc;
const struct vnodeopv_desc * const vfs_special_vnodeopv_descs[] = {
&dead_vnodeop_opv_desc,
&fifo_vnodeop_opv_desc,
&spec_vnodeop_opv_desc,
&sync_vnodeop_opv_desc,
NULL,
};
struct vfs_list_head vfs_list = /* vfs list */
LIST_HEAD_INITIALIZER(vfs_list);
static kauth_listener_t mount_listener;
/*
* This code doesn't work if the defn is **vnodop_defns with cc.
* The problem is because of the compiler sometimes putting in an
* extra level of indirection for arrays. It's an interesting
* "feature" of C.
*/
typedef int (*PFI)(void *);
/*
* A miscellaneous routine.
* A generic "default" routine that just returns an error.
*/
/*ARGSUSED*/
int
vn_default_error(void *v)
{
return (EOPNOTSUPP);
}
static struct sysctllog *vfs_sysctllog;
/*
* Top level filesystem related information gathering.
*/
static void
sysctl_vfs_setup(void)
{
extern int vfs_magiclinks;
sysctl_createv(&vfs_sysctllog, 0, NULL, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "vfs", NULL,
NULL, 0, NULL, 0,
CTL_VFS, CTL_EOL);
sysctl_createv(&vfs_sysctllog, 0, NULL, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "generic",
SYSCTL_DESCR("Non-specific vfs related information"),
NULL, 0, NULL, 0,
CTL_VFS, VFS_GENERIC, CTL_EOL);
sysctl_createv(&vfs_sysctllog, 0, NULL, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_STRING, "fstypes",
SYSCTL_DESCR("List of file systems present"),
sysctl_vfs_generic_fstypes, 0, NULL, 0,
CTL_VFS, VFS_GENERIC, CTL_CREATE, CTL_EOL);
sysctl_createv(&vfs_sysctllog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "magiclinks",
SYSCTL_DESCR("Whether \"magic\" symlinks are expanded"),
NULL, 0, &vfs_magiclinks, 0,
CTL_VFS, VFS_GENERIC, VFS_MAGICLINKS, CTL_EOL);
}
/*
* vfs_init.c
*
* Allocate and fill in operations vectors.
*
* An undocumented feature of this approach to defining operations is that
* there can be multiple entries in vfs_opv_descs for the same operations
* vector. This allows third parties to extend the set of operations
* supported by another layer in a binary compatibile way. For example,
* assume that NFS needed to be modified to support Ficus. NFS has an entry
* (probably nfs_vnopdeop_decls) declaring all the operations NFS supports by
* default. Ficus could add another entry (ficus_nfs_vnodeop_decl_entensions)
* listing those new operations Ficus adds to NFS, all without modifying the
* NFS code. (Of couse, the OTW NFS protocol still needs to be munged, but
* that is a(whole)nother story.) This is a feature.
*/
/*
* Init the vector, if it needs it.
* Also handle backwards compatibility.
*/
static void
vfs_opv_init_explicit(const struct vnodeopv_desc *vfs_opv_desc)
{
int (**opv_desc_vector)(void *);
const struct vnodeopv_entry_desc *opve_descp;
opv_desc_vector = *(vfs_opv_desc->opv_desc_vector_p);
for (opve_descp = vfs_opv_desc->opv_desc_ops;
opve_descp->opve_op;
opve_descp++) {
/*
* Sanity check: is this operation listed
* in the list of operations? We check this
* by seeing if its offset is zero. Since
* the default routine should always be listed
* first, it should be the only one with a zero
* offset. Any other operation with a zero
* offset is probably not listed in
* vfs_op_descs, and so is probably an error.
*
* A panic here means the layer programmer
* has committed the all-too common bug
* of adding a new operation to the layer's
* list of vnode operations but
* not adding the operation to the system-wide
* list of supported operations.
*/
if (opve_descp->opve_op->vdesc_offset == 0 &&
opve_descp->opve_op->vdesc_offset != VOFFSET(vop_default)) {
printf("operation %s not listed in %s.\n",
opve_descp->opve_op->vdesc_name, "vfs_op_descs");
panic ("vfs_opv_init: bad operation");
}
/*
* Fill in this entry.
*/
opv_desc_vector[opve_descp->opve_op->vdesc_offset] =
opve_descp->opve_impl;
}
}
static void
vfs_opv_init_default(const struct vnodeopv_desc *vfs_opv_desc)
{
int j;
int (**opv_desc_vector)(void *);
opv_desc_vector = *(vfs_opv_desc->opv_desc_vector_p);
/*
* Force every operations vector to have a default routine.
*/
if (opv_desc_vector[VOFFSET(vop_default)] == NULL)
panic("vfs_opv_init: operation vector without default routine.");
for (j = 0; j < VNODE_OPS_COUNT; j++)
if (opv_desc_vector[j] == NULL)
opv_desc_vector[j] =
opv_desc_vector[VOFFSET(vop_default)];
}
void
vfs_opv_init(const struct vnodeopv_desc * const *vopvdpp)
{
int (**opv_desc_vector)(void *);
int i;
/*
* Allocate the vectors.
*/
for (i = 0; vopvdpp[i] != NULL; i++) {
opv_desc_vector =
kmem_alloc(VNODE_OPS_COUNT * sizeof(PFI), KM_SLEEP);
memset(opv_desc_vector, 0, VNODE_OPS_COUNT * sizeof(PFI));
*(vopvdpp[i]->opv_desc_vector_p) = opv_desc_vector;
DODEBUG(printf("vector at %p allocated\n",
opv_desc_vector_p));
}
/*
* ...and fill them in.
*/
for (i = 0; vopvdpp[i] != NULL; i++)
vfs_opv_init_explicit(vopvdpp[i]);
/*
* Finally, go back and replace unfilled routines
* with their default.
*/
for (i = 0; vopvdpp[i] != NULL; i++)
vfs_opv_init_default(vopvdpp[i]);
}
void
vfs_opv_free(const struct vnodeopv_desc * const *vopvdpp)
{
int i;
/*
* Free the vectors allocated in vfs_opv_init().
*/
for (i = 0; vopvdpp[i] != NULL; i++) {
kmem_free(*(vopvdpp[i]->opv_desc_vector_p),
VNODE_OPS_COUNT * sizeof(PFI));
*(vopvdpp[i]->opv_desc_vector_p) = NULL;
}
}
#ifdef DEBUG
static void
vfs_op_check(void)
{
int i;
DODEBUG(printf("Vnode_interface_init.\n"));
/*
* Check offset of each op.
*/
for (i = 0; vfs_op_descs[i]; i++) {
if (vfs_op_descs[i]->vdesc_offset != i)
panic("vfs_op_check: vfs_op_desc[] offset mismatch");
}
if (i != VNODE_OPS_COUNT) {
panic("vfs_op_check: vnode ops count mismatch (%d != %d)",
i, VNODE_OPS_COUNT);
}
DODEBUG(printf ("vfs_opv_numops=%d\n", VNODE_OPS_COUNT));
}
#endif /* DEBUG */
/*
* Common routine to check if an unprivileged mount is allowed.
*
* We export just this part (i.e., without the access control) so that if a
* secmodel wants to implement finer grained user mounts it can do so without
* copying too much code. More elaborate policies (i.e., specific users allowed
* to also create devices and/or introduce set-id binaries, or export
* file-systems) will require a different implementation.
*
* This routine is intended to be called from listener context, and as such
* does not take credentials as an argument.
*/
int
usermount_common_policy(struct mount *mp, u_long flags)
{
/* No exporting if unprivileged. */
if (flags & MNT_EXPORTED)
return EPERM;
/* Must have 'nosuid' and 'nodev'. */
if ((flags & MNT_NODEV) == 0 || (flags & MNT_NOSUID) == 0)
return EPERM;
/* Retain 'noexec'. */
if ((mp->mnt_flag & MNT_NOEXEC) && (flags & MNT_NOEXEC) == 0)
return EPERM;
return 0;
}
static int
mount_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
void *arg0, void *arg1, void *arg2, void *arg3)
{
int result;
enum kauth_system_req req;
result = KAUTH_RESULT_DEFER;
req = (enum kauth_system_req)arg0;
if ((action != KAUTH_SYSTEM_MOUNT) ||
(req != KAUTH_REQ_SYSTEM_MOUNT_GET))
return result;
result = KAUTH_RESULT_ALLOW;
return result;
}
/*
* Initialize the vnode structures and initialize each file system type.
*/
void
vfsinit(void)
{
/*
* Attach sysctl nodes
*/
sysctl_vfs_setup();
/*
* Initialize the namei pathname buffer pool and cache.
*/
pnbuf_cache = pool_cache_init(MAXPATHLEN, 0, 0, 0, "pnbufpl",
NULL, IPL_NONE, NULL, NULL, NULL);
KASSERT(pnbuf_cache != NULL);
/*
* Initialize the vnode table
*/
vntblinit();
/*
* Initialize the vnode name cache
*/
nchinit();
#ifdef DEBUG
/*
* Check the list of vnode operations.
*/
vfs_op_check();
#endif
/*
* Initialize the special vnode operations.
*/
vfs_opv_init(vfs_special_vnodeopv_descs);
/*
* Initialise generic dirhash.
*/
dirhash_init();
/*
* Initialise VFS hooks.
*/
vfs_hooks_init();
mount_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
mount_listener_cb, NULL);
/*
* Establish each file system which was statically
* included in the kernel.
*/
module_init_class(MODULE_CLASS_VFS);
}
/*
* Drop a reference to a file system type.
*/
void
vfs_delref(struct vfsops *vfs)
{
mutex_enter(&vfs_list_lock);
vfs->vfs_refcount--;
mutex_exit(&vfs_list_lock);
}
/*
* Establish a file system and initialize it.
*/
int
vfs_attach(struct vfsops *vfs)
{
struct vfsops *v;
int error = 0;
mutex_enter(&vfs_list_lock);
/*
* Make sure this file system doesn't already exist.
*/
LIST_FOREACH(v, &vfs_list, vfs_list) {
if (strcmp(vfs->vfs_name, v->vfs_name) == 0) {
error = EEXIST;
goto out;
}
}
/*
* Initialize the vnode operations for this file system.
*/
vfs_opv_init(vfs->vfs_opv_descs);
/*
* Now initialize the file system itself.
*/
(*vfs->vfs_init)();
/*
* ...and link it into the kernel's list.
*/
LIST_INSERT_HEAD(&vfs_list, vfs, vfs_list);
/*
* Sanity: make sure the reference count is 0.
*/
vfs->vfs_refcount = 0;
out:
mutex_exit(&vfs_list_lock);
return (error);
}
/*
* Remove a file system from the kernel.
*/
int
vfs_detach(struct vfsops *vfs)
{
struct vfsops *v;
int error = 0;
mutex_enter(&vfs_list_lock);
/*
* Make sure no one is using the filesystem.
*/
if (vfs->vfs_refcount != 0) {
error = EBUSY;
goto out;
}
/*
* ...and remove it from the kernel's list.
*/
LIST_FOREACH(v, &vfs_list, vfs_list) {
if (v == vfs) {
LIST_REMOVE(v, vfs_list);
break;
}
}
if (v == NULL) {
error = ESRCH;
goto out;
}
/*
* Now run the file system-specific cleanups.
*/
(*vfs->vfs_done)();
/*
* Free the vnode operations vector.
*/
vfs_opv_free(vfs->vfs_opv_descs);
out:
mutex_exit(&vfs_list_lock);
return (error);
}
void
vfs_reinit(void)
{
struct vfsops *vfs;
mutex_enter(&vfs_list_lock);
LIST_FOREACH(vfs, &vfs_list, vfs_list) {
if (vfs->vfs_reinit) {
vfs->vfs_refcount++;
mutex_exit(&vfs_list_lock);
(*vfs->vfs_reinit)();
mutex_enter(&vfs_list_lock);
vfs->vfs_refcount--;
}
}
mutex_exit(&vfs_list_lock);
}