From owner-svn-src-stable@freebsd.org Sat Jan 6 23:20:36 2018 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C51B4DF9309; Sat, 6 Jan 2018 23:20:36 +0000 (UTC) (envelope-from ian@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9F44F6398E; Sat, 6 Jan 2018 23:20:36 +0000 (UTC) (envelope-from ian@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D48CE18F23; Sat, 6 Jan 2018 23:20:35 +0000 (UTC) (envelope-from ian@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w06NKZMA010362; Sat, 6 Jan 2018 23:20:35 GMT (envelope-from ian@FreeBSD.org) Received: (from ian@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w06NKZkl010357; Sat, 6 Jan 2018 23:20:35 GMT (envelope-from ian@FreeBSD.org) Message-Id: <201801062320.w06NKZkl010357@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ian set sender to ian@FreeBSD.org using -f From: Ian Lepore Date: Sat, 6 Jan 2018 23:20:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r327655 - in stable/11: share/man/man4 sys/conf sys/dev/md X-SVN-Group: stable-11 X-SVN-Commit-Author: ian X-SVN-Commit-Paths: in stable/11: share/man/man4 sys/conf sys/dev/md X-SVN-Commit-Revision: 327655 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jan 2018 23:20:36 -0000 Author: ian Date: Sat Jan 6 23:20:35 2018 New Revision: 327655 URL: https://svnweb.freebsd.org/changeset/base/327655 Log: MFC r327032: Add a new kernel config option, MD_ROOT_READONLY, which forces on the MD_READONLY flag for the md device automatically instantiated during kernel init for an mdroot filesystem. Note that there is specifically and by design no tunable or sysctl control over this feature. Without this option, you already have control over whether the mdroot fs is writeable using vfs.root.mountfrom.options from loader(8), the root_rw_mount rcvar, and by using "mount -u[rw] /" or equivelent on the fly. This option is being added to provide a way to make the mdroot fs truly immutable before userland code begins running. Differential Revision: https://reviews.freebsd.org/D13411 Modified: stable/11/share/man/man4/md.4 stable/11/sys/conf/NOTES stable/11/sys/conf/options stable/11/sys/dev/md/md.c Directory Properties: stable/11/ (props changed) Modified: stable/11/share/man/man4/md.4 ============================================================================== --- stable/11/share/man/man4/md.4 Sat Jan 6 23:12:32 2018 (r327654) +++ stable/11/share/man/man4/md.4 Sat Jan 6 23:20:35 2018 (r327655) @@ -7,7 +7,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 5, 2017 +.Dd December 7, 2017 .Dt MD 4 .Os .Sh NAME @@ -79,7 +79,8 @@ To create a kernel with a ramdisk or MD file system, y needs the following options: .Bd -literal -offset indent options MD_ROOT # MD is a potential root device -options MD_ROOT_SIZE=8192 # 8MB ram disk +options MD_ROOT_READONLY # disallow mounting root writeable +options MD_ROOT_SIZE=8192 # 8MB ram disk makeoptions MFS_IMAGE=/h/foo/ARM-MD options ROOTDEVNAME=\\"ufs:md0\\" .Ed Modified: stable/11/sys/conf/NOTES ============================================================================== --- stable/11/sys/conf/NOTES Sat Jan 6 23:12:32 2018 (r327654) +++ stable/11/sys/conf/NOTES Sat Jan 6 23:20:35 2018 (r327655) @@ -1102,6 +1102,9 @@ options MD_ROOT_SIZE=10 # images of type mfs_root or md_root. options MD_ROOT +# Write-protect the md root device so that it may not be mounted writeable. +options MD_ROOT_READONLY + # Disk quotas are supported when this option is enabled. options QUOTA #enable disk quotas Modified: stable/11/sys/conf/options ============================================================================== --- stable/11/sys/conf/options Sat Jan 6 23:12:32 2018 (r327654) +++ stable/11/sys/conf/options Sat Jan 6 23:20:35 2018 (r327655) @@ -165,6 +165,7 @@ MAC_STUB opt_dontuse.h MAC_TEST opt_dontuse.h MD_ROOT opt_md.h MD_ROOT_FSTYPE opt_md.h +MD_ROOT_READONLY opt_md.h MD_ROOT_SIZE opt_md.h MFI_DEBUG opt_mfi.h MFI_DECODE_LOG opt_mfi.h Modified: stable/11/sys/dev/md/md.c ============================================================================== --- stable/11/sys/dev/md/md.c Sat Jan 6 23:12:32 2018 (r327654) +++ stable/11/sys/dev/md/md.c Sat Jan 6 23:20:35 2018 (r327655) @@ -1755,9 +1755,15 @@ md_preloaded(u_char *image, size_t length, const char sc->pl_ptr = image; sc->pl_len = length; sc->start = mdstart_preload; -#if defined(MD_ROOT) && !defined(ROOTDEVNAME) - if (sc->unit == 0) +#ifdef MD_ROOT + if (sc->unit == 0) { +#ifndef ROOTDEVNAME rootdevnames[0] = MD_ROOT_FSTYPE ":/dev/md0"; +#endif +#ifdef MD_ROOT_READONLY + sc->flags |= MD_READONLY; +#endif + } #endif mdinit(sc); if (name != NULL) {