1/* $NetBSD: mtab_linux.c,v 1.1.1.2 2009/03/20 20:26:50 christos Exp $ */ 2 3/* 4 * Copyright (c) 1997-2009 Erez Zadok 5 * Copyright (c) 1990 Jan-Simon Pendry 6 * Copyright (c) 1990 Imperial College of Science, Technology & Medicine 7 * Copyright (c) 1990 The Regents of the University of California. 8 * All rights reserved. 9 * 10 * This code is derived from software contributed to Berkeley by 11 * Jan-Simon Pendry at Imperial College, London. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. All advertising materials mentioning features or use of this software 22 * must display the following acknowledgment: 23 * This product includes software developed by the University of 24 * California, Berkeley and its contributors. 25 * 4. Neither the name of the University nor the names of its contributors 26 * may be used to endorse or promote products derived from this software 27 * without specific prior written permission. 28 * 29 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 30 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 31 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 32 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 33 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 34 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 35 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 36 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 37 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 38 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 39 * SUCH DAMAGE. 40 * 41 * 42 * File: am-utils/conf/mtab/mtab_linux.c 43 * 44 */ 45 46/* This file was adapted by Red Hat for Linux from mtab_file.c */ 47 48/* 49 * The locking code must be kept in sync with that used 50 * by the mount command in util-linux, otherwise you'll 51 * end with with race conditions leading to a corrupt 52 * /etc/mtab, particularly when AutoFS is used on same 53 * machine as AMD. 54 */ 55 56#ifdef HAVE_CONFIG_H 57# include <config.h> 58#endif /* HAVE_CONFIG_H */ 59#include <am_defs.h> 60#include <amu.h> 61 62#define NFILE_RETRIES 10 /* number of retries (seconds) */ 63#define LOCK_TIMEOUT 10 64 65#ifdef MOUNT_TABLE_ON_FILE 66 67# define PROC_MOUNTS "/proc/mounts" 68 69static FILE *mnt_file = NULL; 70/* Information about mtab. ------------------------------------*/ 71static int have_mtab_info = 0; 72static int var_mtab_does_not_exist = 0; 73static int var_mtab_is_a_symlink = 0; 74/* Flag for already existing lock file. */ 75static int we_created_lockfile = 0; 76static int lockfile_fd = -1; 77 78 79static void 80get_mtab_info(void) 81{ 82 struct stat mtab_stat; 83 84 if (!have_mtab_info) { 85 if (lstat(MOUNTED, &mtab_stat)) 86 var_mtab_does_not_exist = 1; 87 else if (S_ISLNK(mtab_stat.st_mode)) 88 var_mtab_is_a_symlink = 1; 89 have_mtab_info = 1; 90 } 91} 92 93 94static int 95mtab_is_a_symlink(void) 96{ 97 get_mtab_info(); 98 return var_mtab_is_a_symlink; 99} 100 101 102static int 103mtab_is_writable() 104{ 105 static int ret = -1; 106 107 /* 108 * Should we write to /etc/mtab upon an update? Probably not if it is a 109 * symlink to /proc/mounts, since that would create a file /proc/mounts in 110 * case the proc filesystem is not mounted. 111 */ 112 if (mtab_is_a_symlink()) 113 return 0; 114 115 if (ret == -1) { 116 int fd = open(MOUNTED, O_RDWR | O_CREAT, 0644); 117 if (fd >= 0) { 118 close(fd); 119 ret = 1; 120 } else 121 ret = 0; 122 } 123 return ret; 124} 125 126 127static void 128setlkw_timeout(int sig) 129{ 130 /* nothing, fcntl will fail anyway */ 131} 132 133 134/* 135 * Create the lock file. 136 * The lock file will be removed if we catch a signal or when we exit. 137 * 138 * The old code here used flock on a lock file /etc/mtab~ and deleted 139 * this lock file afterwards. However, as rgooch remarks, that has a 140 * race: a second mount may be waiting on the lock and proceed as 141 * soon as the lock file is deleted by the first mount, and immediately 142 * afterwards a third mount comes, creates a new /etc/mtab~, applies 143 * flock to that, and also proceeds, so that the second and third mount 144 * now both are scribbling in /etc/mtab. 145 * The new code uses a link() instead of a creat(), where we proceed 146 * only if it was us that created the lock, and hence we always have 147 * to delete the lock afterwards. Now the use of flock() is in principle 148 * superfluous, but avoids an arbitrary sleep(). 149 */ 150 151/* 152 * Where does the link point to? Obvious choices are mtab and mtab~~. 153 * HJLu points out that the latter leads to races. Right now we use 154 * mtab~.<pid> instead. 155 */ 156#define MOUNTED_LOCK "/etc/mtab~" 157#define MOUNTLOCK_LINKTARGET MOUNTED_LOCK "%d" 158 159int 160lock_mtab(void) 161{ 162 int tries = 100000, i; 163 char *linktargetfile; 164 size_t l; 165 166 /* 167 * Redhat's original code set a signal handler called "handler()" for all 168 * non-ALRM signals. The handler called unlock_mntlist(), plog'ed the 169 * signal name, and then exit(1)! Never, ever, exit() from inside a 170 * utility function. This messed up Amd's careful signal-handling code, 171 * and caused Amd to abort uncleanly only any other "innocent" signal 172 * (even simple SIGUSR1), leaving behind a hung Amd mnt point. That code 173 * should have at least restored the signal handlers' states upon a 174 * successful mtab unlocking. Anyway, that handler was unnecessary, 175 * because will call unlock_mntlist() properly anyway on exit. 176 */ 177 setup_sighandler(SIGALRM, setlkw_timeout); 178 179 /* somewhat clumsy, but some ancient systems do not have snprintf() */ 180 /* use 20 as upper bound for the length of %d output */ 181 l = strlen(MOUNTLOCK_LINKTARGET) + 20; 182 linktargetfile = xmalloc(l); 183 xsnprintf(linktargetfile, l, MOUNTLOCK_LINKTARGET, getpid()); 184 185 i = open(linktargetfile, O_WRONLY|O_CREAT, 0); 186 if (i < 0) { 187 int errsv = errno; 188 /* 189 * linktargetfile does not exist (as a file) and we cannot create 190 * it. Read-only filesystem? Too many files open in the system? 191 * Filesystem full? 192 */ 193 plog(XLOG_ERROR, "can't create lock file %s: %s (use -n flag to override)", 194 linktargetfile, strerror(errsv)); 195 } 196 close(i); 197 198 199 /* Repeat until it was us who made the link */ 200 while (!we_created_lockfile) { 201 struct flock flock; 202 int errsv, j; 203 204 j = link(linktargetfile, MOUNTED_LOCK); 205 errsv = errno; 206 207 if (j < 0 && errsv != EEXIST) { 208 (void) unlink(linktargetfile); 209 plog(XLOG_ERROR, "can't link lock file %s: %s ", 210 MOUNTED_LOCK, strerror(errsv)); 211 return 0; 212 } 213 214 lockfile_fd = open(MOUNTED_LOCK, O_WRONLY); 215 if (lockfile_fd < 0) { 216 int errsv = errno; 217 /* Strange... Maybe the file was just deleted? */ 218 if (errno == ENOENT && tries-- > 0) { 219 if (tries % 200 == 0) 220 usleep(30); 221 continue; 222 } 223 (void) unlink(linktargetfile); 224 plog(XLOG_ERROR,"can't open lock file %s: %s ", 225 MOUNTED_LOCK, strerror(errsv)); 226 return 0; 227 } 228 229 flock.l_type = F_WRLCK; 230 flock.l_whence = SEEK_SET; 231 flock.l_start = 0; 232 flock.l_len = 0; 233 234 if (j == 0) { 235 /* We made the link. Now claim the lock. */ 236 if (fcntl(lockfile_fd, F_SETLK, &flock) == -1) { 237 int errsv = errno; 238 plog(XLOG_ERROR, "Can't lock lock file %s: %s", 239 MOUNTED_LOCK, strerror(errsv)); 240 /* proceed, since it was us who created the lockfile anyway */ 241 } 242 we_created_lockfile = 1; 243 (void) unlink(linktargetfile); 244 } else { 245 static int tries = 0; 246 247 /* Someone else made the link. Wait. */ 248 alarm(LOCK_TIMEOUT); 249 250 if (fcntl(lockfile_fd, F_SETLKW, &flock) == -1) { 251 int errsv = errno; 252 (void) unlink(linktargetfile); 253 plog(XLOG_ERROR, "can't lock lock file %s: %s", 254 MOUNTED_LOCK, (errno == EINTR) ? 255 "timed out" : strerror(errsv)); 256 return 0; 257 } 258 alarm(0); 259 /* 260 * Limit the number of iterations - maybe there 261 * still is some old /etc/mtab~ 262 */ 263 ++tries; 264 if (tries % 200 == 0) 265 usleep(30); 266 if (tries > 100000) { 267 (void) unlink(linktargetfile); 268 close(lockfile_fd); 269 plog(XLOG_ERROR, 270 "Cannot create link %s; Perhaps there is a stale lock file?", 271 MOUNTED_LOCK); 272 } 273 close(lockfile_fd); 274 } 275 } 276 return 1; 277} 278 279 280static FILE * 281open_locked_mtab(const char *mnttabname, char *mode, char *fs) 282{ 283 FILE *mfp = NULL; 284 285 if (mnt_file) { 286 dlog("Forced close on %s in read_mtab", mnttabname); 287 endmntent(mnt_file); 288 mnt_file = NULL; 289 } 290 291 if (!mtab_is_a_symlink() && 292 !lock_mtab()) { 293 plog(XLOG_ERROR, "Couldn't lock mtab"); 294 return 0; 295 } 296 297 mfp = setmntent((char *)mnttabname, mode); 298 if (!mfp) { 299 plog(XLOG_ERROR, "setmntent(\"%s\", \"%s\"): %m", mnttabname, mode); 300 return 0; 301 } 302 return mfp; 303} 304 305 306/* 307 * Unlock the mount table 308 */ 309void 310unlock_mntlist(void) 311{ 312 if (mnt_file || we_created_lockfile) 313 dlog("unlock_mntlist: releasing"); 314 if (mnt_file) { 315 endmntent(mnt_file); 316 mnt_file = NULL; 317 } 318 if (we_created_lockfile) { 319 close(lockfile_fd); 320 lockfile_fd = -1; 321 unlink(MOUNTED_LOCK); 322 we_created_lockfile = 0; 323 } 324} 325 326 327/* 328 * Write out a mount list 329 */ 330void 331rewrite_mtab(mntlist *mp, const char *mnttabname) 332{ 333 FILE *mfp; 334 int error = 0; 335 char tmpname[64]; 336 int retries; 337 int tmpfd; 338 char *cp; 339 char mcp[128]; 340 341 if (!mtab_is_writable()) { 342 return; 343 } 344 345 /* 346 * Concoct a temporary name in the same directory as the target mount 347 * table so that rename() will work. 348 */ 349 xstrlcpy(mcp, mnttabname, sizeof(mcp)); 350 cp = strrchr(mcp, '/'); 351 if (cp) { 352 memmove(tmpname, mcp, cp - mcp); 353 tmpname[cp - mcp] = '\0'; 354 } else { 355 plog(XLOG_WARNING, "No '/' in mtab (%s), using \".\" as tmp directory", mnttabname); 356 tmpname[0] = '.'; 357 tmpname[1] = '\0'; 358 } 359 xstrlcat(tmpname, "/mtabXXXXXX", sizeof(tmpname)); 360 retries = 0; 361 enfile1: 362#ifdef HAVE_MKSTEMP 363 tmpfd = mkstemp(tmpname); 364 fchmod(tmpfd, 0644); 365#else /* not HAVE_MKSTEMP */ 366 mktemp(tmpname); 367 tmpfd = open(tmpname, O_RDWR | O_CREAT | O_TRUNC, 0644); 368#endif /* not HAVE_MKSTEMP */ 369 if (tmpfd < 0) { 370 if (errno == ENFILE && retries++ < NFILE_RETRIES) { 371 sleep(1); 372 goto enfile1; 373 } 374 plog(XLOG_ERROR, "%s: open: %m", tmpname); 375 return; 376 } 377 if (close(tmpfd) < 0) 378 plog(XLOG_ERROR, "Couldn't close tmp file descriptor: %m"); 379 380 retries = 0; 381 enfile2: 382 mfp = setmntent(tmpname, "w"); 383 if (!mfp) { 384 if (errno == ENFILE && retries++ < NFILE_RETRIES) { 385 sleep(1); 386 goto enfile2; 387 } 388 plog(XLOG_ERROR, "setmntent(\"%s\", \"w\"): %m", tmpname); 389 error = 1; 390 goto out; 391 } 392 while (mp) { 393 if (mp->mnt) { 394 if (addmntent(mfp, mp->mnt)) { 395 plog(XLOG_ERROR, "Can't write entry to %s", tmpname); 396 error = 1; 397 goto out; 398 } 399 } 400 mp = mp->mnext; 401 } 402 403 /* 404 * SunOS 4.1 manuals say that the return code from entmntent() 405 * is always 1 and to treat as a void. That means we need to 406 * call fflush() to make sure the new mtab file got written. 407 */ 408 if (fflush(mfp)) { 409 plog(XLOG_ERROR, "flush new mtab file: %m"); 410 error = 1; 411 goto out; 412 } 413 (void) endmntent(mfp); 414 415 /* 416 * Rename temporary mtab to real mtab 417 */ 418 if (rename(tmpname, mnttabname) < 0) { 419 plog(XLOG_ERROR, "rename %s to %s: %m", tmpname, mnttabname); 420 error = 1; 421 goto out; 422 } 423 out: 424 if (error) 425 (void) unlink(tmpname); 426} 427 428 429static void 430mtab_stripnl(char *s) 431{ 432 do { 433 s = strchr(s, '\n'); 434 if (s) 435 *s++ = ' '; 436 } while (s); 437} 438 439 440/* 441 * Append a mntent structure to the 442 * current mount table. 443 */ 444void 445write_mntent(mntent_t *mp, const char *mnttabname) 446{ 447 int retries = 0; 448 FILE *mfp; 449 450 if (!mtab_is_writable()) { 451 return; 452 } 453 454 enfile: 455 mfp = open_locked_mtab(mnttabname, "a", mp->mnt_dir); 456 if (mfp) { 457 mtab_stripnl(mp->mnt_opts); 458 if (addmntent(mfp, mp)) 459 plog(XLOG_ERROR, "Couldn't write %s: %m", mnttabname); 460 if (fflush(mfp)) 461 plog(XLOG_ERROR, "Couldn't flush %s: %m", mnttabname); 462 (void) endmntent(mfp); 463 } else { 464 if (errno == ENFILE && retries < NFILE_RETRIES) { 465 sleep(1); 466 goto enfile; 467 } 468 plog(XLOG_ERROR, "setmntent(\"%s\", \"a\"): %m", mnttabname); 469 } 470 471 unlock_mntlist(); 472} 473 474#endif /* MOUNT_TABLE_ON_FILE */ 475 476 477static mntent_t * 478mnt_dup(mntent_t *mp) 479{ 480 mntent_t *new_mp = ALLOC(mntent_t); 481 482 new_mp->mnt_fsname = strdup(mp->mnt_fsname); 483 new_mp->mnt_dir = strdup(mp->mnt_dir); 484 new_mp->mnt_type = strdup(mp->mnt_type); 485 new_mp->mnt_opts = strdup(mp->mnt_opts); 486 487 new_mp->mnt_freq = mp->mnt_freq; 488 new_mp->mnt_passno = mp->mnt_passno; 489 490#ifdef HAVE_MNTENT_T_MNT_TIME 491# ifdef HAVE_MNTENT_T_MNT_TIME_STRING 492 new_mp->mnt_time = strdup(mp->mnt_time); 493# else /* not HAVE_MNTENT_T_MNT_TIME_STRING */ 494 new_mp->mnt_time = mp->mnt_time; 495# endif /* not HAVE_MNTENT_T_MNT_TIME_STRING */ 496#endif /* HAVE_MNTENT_T_MNT_TIME */ 497 498#ifdef HAVE_MNTENT_T_MNT_CNODE 499 new_mp->mnt_cnode = mp->mnt_cnode; 500#endif /* HAVE_MNTENT_T_MNT_CNODE */ 501 502 return new_mp; 503} 504 505 506/* 507 * Read a mount table into memory 508 */ 509mntlist * 510read_mtab(char *fs, const char *mnttabname) 511{ 512 mntlist **mpp, *mhp; 513 514 mntent_t *mep; 515 516 FILE *mfp = open_locked_mtab(mnttabname, "r+", fs); 517 518 if (!mfp) 519 return 0; 520 521 mpp = &mhp; 522 523 /* 524 * XXX - In SunOS 4 there is (yet another) memory leak 525 * which loses 1K the first time getmntent is called. 526 * (jsp) 527 */ 528 while ((mep = getmntent(mfp))) { 529 /* 530 * Allocate a new slot 531 */ 532 *mpp = ALLOC(struct mntlist); 533 534 /* 535 * Copy the data returned by getmntent 536 */ 537 (*mpp)->mnt = mnt_dup(mep); 538 539 /* 540 * Move to next pointer 541 */ 542 mpp = &(*mpp)->mnext; 543 } 544 *mpp = NULL; 545 546#ifdef MOUNT_TABLE_ON_FILE 547 /* 548 * If we are not updating the mount table then we 549 * can free the resources held here, otherwise they 550 * must be held until the mount table update is complete 551 */ 552 mnt_file = mfp; 553#else /* not MOUNT_TABLE_ON_FILE */ 554 endmntent(mfp); 555#endif /* not MOUNT_TABLE_ON_FILE */ 556 557 return mhp; 558} 559