Date: Sat, 6 Jan 2018 23:20:35 +0000 (UTC) From: Ian Lepore <ian@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r327655 - in stable/11: share/man/man4 sys/conf sys/dev/md Message-ID: <201801062320.w06NKZkl010357@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ian Date: Sat Jan 6 23:20:35 2018 New Revision: 327655 URL: https://svnweb.freebsd.org/changeset/base/327655 Log: MFC r327032: Add a new kernel config option, MD_ROOT_READONLY, which forces on the MD_READONLY flag for the md device automatically instantiated during kernel init for an mdroot filesystem. Note that there is specifically and by design no tunable or sysctl control over this feature. Without this option, you already have control over whether the mdroot fs is writeable using vfs.root.mountfrom.options from loader(8), the root_rw_mount rcvar, and by using "mount -u[rw] /" or equivelent on the fly. This option is being added to provide a way to make the mdroot fs truly immutable before userland code begins running. Differential Revision: https://reviews.freebsd.org/D13411 Modified: stable/11/share/man/man4/md.4 stable/11/sys/conf/NOTES stable/11/sys/conf/options stable/11/sys/dev/md/md.c Directory Properties: stable/11/ (props changed) Modified: stable/11/share/man/man4/md.4 ============================================================================== --- stable/11/share/man/man4/md.4 Sat Jan 6 23:12:32 2018 (r327654) +++ stable/11/share/man/man4/md.4 Sat Jan 6 23:20:35 2018 (r327655) @@ -7,7 +7,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 5, 2017 +.Dd December 7, 2017 .Dt MD 4 .Os .Sh NAME @@ -79,7 +79,8 @@ To create a kernel with a ramdisk or MD file system, y needs the following options: .Bd -literal -offset indent options MD_ROOT # MD is a potential root device -options MD_ROOT_SIZE=8192 # 8MB ram disk +options MD_ROOT_READONLY # disallow mounting root writeable +options MD_ROOT_SIZE=8192 # 8MB ram disk makeoptions MFS_IMAGE=/h/foo/ARM-MD options ROOTDEVNAME=\\"ufs:md0\\" .Ed Modified: stable/11/sys/conf/NOTES ============================================================================== --- stable/11/sys/conf/NOTES Sat Jan 6 23:12:32 2018 (r327654) +++ stable/11/sys/conf/NOTES Sat Jan 6 23:20:35 2018 (r327655) @@ -1102,6 +1102,9 @@ options MD_ROOT_SIZE=10 # images of type mfs_root or md_root. options MD_ROOT +# Write-protect the md root device so that it may not be mounted writeable. +options MD_ROOT_READONLY + # Disk quotas are supported when this option is enabled. options QUOTA #enable disk quotas Modified: stable/11/sys/conf/options ============================================================================== --- stable/11/sys/conf/options Sat Jan 6 23:12:32 2018 (r327654) +++ stable/11/sys/conf/options Sat Jan 6 23:20:35 2018 (r327655) @@ -165,6 +165,7 @@ MAC_STUB opt_dontuse.h MAC_TEST opt_dontuse.h MD_ROOT opt_md.h MD_ROOT_FSTYPE opt_md.h +MD_ROOT_READONLY opt_md.h MD_ROOT_SIZE opt_md.h MFI_DEBUG opt_mfi.h MFI_DECODE_LOG opt_mfi.h Modified: stable/11/sys/dev/md/md.c ============================================================================== --- stable/11/sys/dev/md/md.c Sat Jan 6 23:12:32 2018 (r327654) +++ stable/11/sys/dev/md/md.c Sat Jan 6 23:20:35 2018 (r327655) @@ -1755,9 +1755,15 @@ md_preloaded(u_char *image, size_t length, const char sc->pl_ptr = image; sc->pl_len = length; sc->start = mdstart_preload; -#if defined(MD_ROOT) && !defined(ROOTDEVNAME) - if (sc->unit == 0) +#ifdef MD_ROOT + if (sc->unit == 0) { +#ifndef ROOTDEVNAME rootdevnames[0] = MD_ROOT_FSTYPE ":/dev/md0"; +#endif +#ifdef MD_ROOT_READONLY + sc->flags |= MD_READONLY; +#endif + } #endif mdinit(sc); if (name != NULL) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201801062320.w06NKZkl010357>