Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 Dec 2017 18:23:23 +0000 (UTC)
From:      Ian Lepore <ian@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r327032 - in head: share/man/man4 sys/conf sys/dev/md
Message-ID:  <201712201823.vBKINNH1066643@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: ian
Date: Wed Dec 20 18:23:22 2017
New Revision: 327032
URL: https://svnweb.freebsd.org/changeset/base/327032

Log:
  Add a new kernel config option, MD_ROOT_READONLY, which forces on the
  MD_READONLY flag for the md device automatically instantiated during
  kernel init for an mdroot filesystem.
  
  Note that there is specifically and by design no tunable or sysctl
  control over this feature.  Without this option, you already have control
  over whether the mdroot fs is writeable using vfs.root.mountfrom.options
  from loader(8), the root_rw_mount rcvar, and by using "mount -u[rw] /"
  or equivelent on the fly.  This option is being added to provide a way
  to make the mdroot fs truly immutable before userland code begins running.
  
  Differential Revision:	https://reviews.freebsd.org/D13411

Modified:
  head/share/man/man4/md.4
  head/sys/conf/NOTES
  head/sys/conf/options
  head/sys/dev/md/md.c

Modified: head/share/man/man4/md.4
==============================================================================
--- head/share/man/man4/md.4	Wed Dec 20 18:15:06 2017	(r327031)
+++ head/share/man/man4/md.4	Wed Dec 20 18:23:22 2017	(r327032)
@@ -7,7 +7,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd November 5, 2017
+.Dd December 7, 2017
 .Dt MD 4
 .Os
 .Sh NAME
@@ -79,7 +79,8 @@ To create a kernel with a ramdisk or MD file system, y
 needs the following options:
 .Bd -literal -offset indent
 options 	MD_ROOT			# MD is a potential root device
-options		MD_ROOT_SIZE=8192	# 8MB ram disk
+options 	MD_ROOT_READONLY	# disallow mounting root writeable
+options 	MD_ROOT_SIZE=8192	# 8MB ram disk
 makeoptions	MFS_IMAGE=/h/foo/ARM-MD
 options 	ROOTDEVNAME=\\"ufs:md0\\"
 .Ed

Modified: head/sys/conf/NOTES
==============================================================================
--- head/sys/conf/NOTES	Wed Dec 20 18:15:06 2017	(r327031)
+++ head/sys/conf/NOTES	Wed Dec 20 18:23:22 2017	(r327032)
@@ -1101,6 +1101,9 @@ options 	MD_ROOT_SIZE=10
 # images of type mfs_root or md_root.
 options 	MD_ROOT
 
+# Write-protect the md root device so that it may not be mounted writeable.
+options 	MD_ROOT_READONLY
+
 # Disk quotas are supported when this option is enabled.
 options 	QUOTA			#enable disk quotas
 

Modified: head/sys/conf/options
==============================================================================
--- head/sys/conf/options	Wed Dec 20 18:15:06 2017	(r327031)
+++ head/sys/conf/options	Wed Dec 20 18:23:22 2017	(r327032)
@@ -165,6 +165,7 @@ MAC_STUB	opt_dontuse.h
 MAC_TEST	opt_dontuse.h
 MD_ROOT		opt_md.h
 MD_ROOT_FSTYPE	opt_md.h
+MD_ROOT_READONLY	opt_md.h
 MD_ROOT_SIZE	opt_md.h
 MFI_DEBUG	opt_mfi.h
 MFI_DECODE_LOG	opt_mfi.h

Modified: head/sys/dev/md/md.c
==============================================================================
--- head/sys/dev/md/md.c	Wed Dec 20 18:15:06 2017	(r327031)
+++ head/sys/dev/md/md.c	Wed Dec 20 18:23:22 2017	(r327032)
@@ -1791,9 +1791,15 @@ md_preloaded(u_char *image, size_t length, const char 
 	sc->start = mdstart_preload;
 	if (name != NULL)
 		strlcpy(sc->file, name, sizeof(sc->file));
-#if defined(MD_ROOT) && !defined(ROOTDEVNAME)
-	if (sc->unit == 0)
+#ifdef MD_ROOT
+	if (sc->unit == 0) {
+#ifndef ROOTDEVNAME
 		rootdevnames[0] = MD_ROOT_FSTYPE ":/dev/md0";
+#endif
+#ifdef MD_ROOT_READONLY
+		sc->flags |= MD_READONLY;
+#endif
+	}
 #endif
 	mdinit(sc);
 	if (name != NULL) {



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201712201823.vBKINNH1066643>