summaryrefslogtreecommitdiffstats
path: root/src/shutdown
diff options
context:
space:
mode:
Diffstat (limited to 'src/shutdown')
-rw-r--r--src/shutdown/detach-dm.c167
-rw-r--r--src/shutdown/detach-dm.h10
-rw-r--r--src/shutdown/detach-loopback.c225
-rw-r--r--src/shutdown/detach-loopback.h10
-rw-r--r--src/shutdown/detach-md.c188
-rw-r--r--src/shutdown/detach-md.h10
-rw-r--r--src/shutdown/detach-swap.c110
-rw-r--r--src/shutdown/detach-swap.h21
-rw-r--r--src/shutdown/meson.build39
-rw-r--r--src/shutdown/shutdown.c663
-rw-r--r--src/shutdown/test-umount.c68
-rw-r--r--src/shutdown/umount.c494
-rw-r--r--src/shutdown/umount.h26
13 files changed, 2031 insertions, 0 deletions
diff --git a/src/shutdown/detach-dm.c b/src/shutdown/detach-dm.c
new file mode 100644
index 0000000..8b8f72d
--- /dev/null
+++ b/src/shutdown/detach-dm.c
@@ -0,0 +1,167 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+/***
+ Copyright © 2010 ProFUSION embedded systems
+***/
+
+#include <linux/dm-ioctl.h>
+#include <sys/ioctl.h>
+
+#include "sd-device.h"
+
+#include "alloc-util.h"
+#include "blockdev-util.h"
+#include "detach-dm.h"
+#include "device-util.h"
+#include "devnum-util.h"
+#include "errno-util.h"
+#include "fd-util.h"
+#include "sync-util.h"
+
+typedef struct DeviceMapper {
+ char *path;
+ dev_t devnum;
+ LIST_FIELDS(struct DeviceMapper, device_mapper);
+} DeviceMapper;
+
+static void device_mapper_free(DeviceMapper **head, DeviceMapper *m) {
+ assert(head);
+ assert(m);
+
+ LIST_REMOVE(device_mapper, *head, m);
+
+ free(m->path);
+ free(m);
+}
+
+static void device_mapper_list_free(DeviceMapper **head) {
+ assert(head);
+
+ while (*head)
+ device_mapper_free(head, *head);
+}
+
+static int dm_list_get(DeviceMapper **head) {
+ _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL;
+ int r;
+
+ assert(head);
+
+ r = sd_device_enumerator_new(&e);
+ if (r < 0)
+ return r;
+
+ r = sd_device_enumerator_allow_uninitialized(e);
+ if (r < 0)
+ return r;
+
+ r = sd_device_enumerator_add_match_subsystem(e, "block", true);
+ if (r < 0)
+ return r;
+
+ r = sd_device_enumerator_add_match_sysname(e, "dm-*");
+ if (r < 0)
+ return r;
+
+ FOREACH_DEVICE(e, d) {
+ _cleanup_free_ char *p = NULL;
+ const char *dn;
+ DeviceMapper *m;
+ dev_t devnum;
+
+ if (sd_device_get_devnum(d, &devnum) < 0 ||
+ sd_device_get_devname(d, &dn) < 0)
+ continue;
+
+ p = strdup(dn);
+ if (!p)
+ return -ENOMEM;
+
+ m = new(DeviceMapper, 1);
+ if (!m)
+ return -ENOMEM;
+
+ *m = (DeviceMapper) {
+ .path = TAKE_PTR(p),
+ .devnum = devnum,
+ };
+
+ LIST_PREPEND(device_mapper, *head, m);
+ }
+
+ return 0;
+}
+
+static int delete_dm(DeviceMapper *m) {
+ _cleanup_close_ int fd = -EBADF;
+ int r;
+
+ assert(m);
+ assert(major(m->devnum) != 0);
+ assert(m->path);
+
+ fd = open("/dev/mapper/control", O_RDWR|O_CLOEXEC);
+ if (fd < 0)
+ return -errno;
+
+ r = fsync_path_at(AT_FDCWD, m->path);
+ if (r < 0)
+ log_debug_errno(r, "Failed to sync DM block device %s, ignoring: %m", m->path);
+
+ return RET_NERRNO(ioctl(fd, DM_DEV_REMOVE, &(struct dm_ioctl) {
+ .version = {
+ DM_VERSION_MAJOR,
+ DM_VERSION_MINOR,
+ DM_VERSION_PATCHLEVEL
+ },
+ .data_size = sizeof(struct dm_ioctl),
+ .dev = m->devnum,
+ }));
+}
+
+static int dm_points_list_detach(DeviceMapper **head, bool *changed, bool last_try) {
+ int n_failed = 0, r;
+ dev_t rootdev = 0, usrdev = 0;
+
+ assert(head);
+ assert(changed);
+
+ (void) get_block_device("/", &rootdev);
+ (void) get_block_device("/usr", &usrdev);
+
+ LIST_FOREACH(device_mapper, m, *head) {
+ if ((major(rootdev) != 0 && rootdev == m->devnum) ||
+ (major(usrdev) != 0 && usrdev == m->devnum)) {
+ log_debug("Not detaching DM %s that backs the OS itself, skipping.", m->path);
+ n_failed ++;
+ continue;
+ }
+
+ log_info("Detaching DM %s (" DEVNUM_FORMAT_STR ").", m->path, DEVNUM_FORMAT_VAL(m->devnum));
+ r = delete_dm(m);
+ if (r < 0) {
+ log_full_errno(last_try ? LOG_ERR : LOG_INFO, r, "Could not detach DM %s: %m", m->path);
+ n_failed++;
+ continue;
+ }
+
+ *changed = true;
+ device_mapper_free(head, m);
+ }
+
+ return n_failed;
+}
+
+int dm_detach_all(bool *changed, bool last_try) {
+ _cleanup_(device_mapper_list_free) LIST_HEAD(DeviceMapper, dm_list_head);
+ int r;
+
+ assert(changed);
+
+ LIST_HEAD_INIT(dm_list_head);
+
+ r = dm_list_get(&dm_list_head);
+ if (r < 0)
+ return r;
+
+ return dm_points_list_detach(&dm_list_head, changed, last_try);
+}
diff --git a/src/shutdown/detach-dm.h b/src/shutdown/detach-dm.h
new file mode 100644
index 0000000..b5f50a3
--- /dev/null
+++ b/src/shutdown/detach-dm.h
@@ -0,0 +1,10 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+/***
+ Copyright © 2010 ProFUSION embedded systems
+***/
+
+#include <stdbool.h>
+
+int dm_detach_all(bool *changed, bool last_try);
diff --git a/src/shutdown/detach-loopback.c b/src/shutdown/detach-loopback.c
new file mode 100644
index 0000000..267509f
--- /dev/null
+++ b/src/shutdown/detach-loopback.c
@@ -0,0 +1,225 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+/***
+ Copyright © 2010 ProFUSION embedded systems
+***/
+
+#include <linux/loop.h>
+#include <sys/ioctl.h>
+#include <unistd.h>
+
+#if HAVE_VALGRIND_MEMCHECK_H
+#include <valgrind/memcheck.h>
+#endif
+
+#include "sd-device.h"
+
+#include "alloc-util.h"
+#include "blockdev-util.h"
+#include "detach-loopback.h"
+#include "device-util.h"
+#include "fd-util.h"
+
+typedef struct LoopbackDevice {
+ char *path;
+ dev_t devnum;
+ LIST_FIELDS(struct LoopbackDevice, loopback_device);
+} LoopbackDevice;
+
+static void loopback_device_free(LoopbackDevice **head, LoopbackDevice *m) {
+ assert(head);
+ assert(m);
+
+ LIST_REMOVE(loopback_device, *head, m);
+
+ free(m->path);
+ free(m);
+}
+
+static void loopback_device_list_free(LoopbackDevice **head) {
+ assert(head);
+
+ while (*head)
+ loopback_device_free(head, *head);
+}
+
+static int loopback_list_get(LoopbackDevice **head) {
+ _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL;
+ int r;
+
+ assert(head);
+
+ r = sd_device_enumerator_new(&e);
+ if (r < 0)
+ return r;
+
+ r = sd_device_enumerator_allow_uninitialized(e);
+ if (r < 0)
+ return r;
+
+ r = sd_device_enumerator_add_match_subsystem(e, "block", true);
+ if (r < 0)
+ return r;
+
+ r = sd_device_enumerator_add_match_sysname(e, "loop*");
+ if (r < 0)
+ return r;
+
+ r = sd_device_enumerator_add_match_sysattr(e, "loop/backing_file", NULL, true);
+ if (r < 0)
+ return r;
+
+ FOREACH_DEVICE(e, d) {
+ _cleanup_free_ char *p = NULL;
+ const char *dn;
+ LoopbackDevice *lb;
+ dev_t devnum;
+
+ if (sd_device_get_devnum(d, &devnum) < 0 ||
+ sd_device_get_devname(d, &dn) < 0)
+ continue;
+
+ p = strdup(dn);
+ if (!p)
+ return -ENOMEM;
+
+ lb = new(LoopbackDevice, 1);
+ if (!lb)
+ return -ENOMEM;
+
+ *lb = (LoopbackDevice) {
+ .path = TAKE_PTR(p),
+ .devnum = devnum,
+ };
+
+ LIST_PREPEND(loopback_device, *head, lb);
+ }
+
+ return 0;
+}
+
+static int delete_loopback(const char *device) {
+ _cleanup_close_ int fd = -EBADF;
+ struct loop_info64 info;
+
+ assert(device);
+
+ fd = open(device, O_RDONLY|O_CLOEXEC);
+ if (fd < 0) {
+ log_debug_errno(errno, "Failed to open loopback device %s: %m", device);
+ return errno == ENOENT ? 0 : -errno;
+ }
+
+ /* Loopback block devices don't sync in-flight blocks when we clear the fd, hence sync explicitly
+ * first */
+ if (fsync(fd) < 0)
+ log_debug_errno(errno, "Failed to sync loop block device %s, ignoring: %m", device);
+
+ if (ioctl(fd, LOOP_CLR_FD, 0) < 0) {
+ if (errno == ENXIO) /* Nothing bound, didn't do anything */
+ return 0;
+
+ if (errno != EBUSY)
+ return log_debug_errno(errno, "Failed to clear loopback device %s: %m", device);
+
+ if (ioctl(fd, LOOP_GET_STATUS64, &info) < 0) {
+ if (errno == ENXIO) /* What? Suddenly detached after all? That's fine by us then. */
+ return 1;
+
+ log_debug_errno(errno, "Failed to invoke LOOP_GET_STATUS64 on loopback device %s, ignoring: %m", device);
+ return -EBUSY; /* propagate original error */
+ }
+
+#if HAVE_VALGRIND_MEMCHECK_H
+ VALGRIND_MAKE_MEM_DEFINED(&info, sizeof(info));
+#endif
+
+ if (FLAGS_SET(info.lo_flags, LO_FLAGS_AUTOCLEAR)) /* someone else already set LO_FLAGS_AUTOCLEAR for us? fine by us */
+ return -EBUSY; /* propagate original error */
+
+ info.lo_flags |= LO_FLAGS_AUTOCLEAR;
+ if (ioctl(fd, LOOP_SET_STATUS64, &info) < 0) {
+ if (errno == ENXIO) /* Suddenly detached after all? Fine by us */
+ return 1;
+
+ log_debug_errno(errno, "Failed to set LO_FLAGS_AUTOCLEAR flag for loop device %s, ignoring: %m", device);
+ } else
+ log_debug("Successfully set LO_FLAGS_AUTOCLEAR flag for loop device %s.", device);
+
+ return -EBUSY;
+ }
+
+ if (ioctl(fd, LOOP_GET_STATUS64, &info) < 0) {
+ /* If the LOOP_CLR_FD above succeeded we'll see ENXIO here. */
+ if (errno == ENXIO)
+ log_debug("Successfully detached loopback device %s.", device);
+ else
+ log_debug_errno(errno, "Failed to invoke LOOP_GET_STATUS64 on loopback device %s, ignoring: %m", device); /* the LOOP_CLR_FD at least worked, let's hope for the best */
+
+ return 1;
+ }
+
+#if HAVE_VALGRIND_MEMCHECK_H
+ VALGRIND_MAKE_MEM_DEFINED(&info, sizeof(info));
+#endif
+
+ /* Linux makes LOOP_CLR_FD succeed whenever LO_FLAGS_AUTOCLEAR is set without actually doing
+ * anything. Very confusing. Let's hence not claim we did anything in this case. */
+ if (FLAGS_SET(info.lo_flags, LO_FLAGS_AUTOCLEAR))
+ log_debug("Successfully called LOOP_CLR_FD on a loopback device %s with autoclear set, which is a NOP.", device);
+ else
+ log_debug("Weird, LOOP_CLR_FD succeeded but the device is still attached on %s.", device);
+
+ return -EBUSY; /* Nothing changed, the device is still attached, hence it apparently is still busy */
+}
+
+static int loopback_points_list_detach(LoopbackDevice **head, bool *changed, bool last_try) {
+ int n_failed = 0, r;
+ dev_t rootdev = 0, usrdev = 0;
+
+ assert(head);
+ assert(changed);
+
+ (void) get_block_device_harder("/", &rootdev);
+ (void) block_get_whole_disk(rootdev, &rootdev);
+
+ (void) get_block_device_harder("/usr", &usrdev);
+ (void) block_get_whole_disk(usrdev, &usrdev);
+
+ LIST_FOREACH(loopback_device, m, *head) {
+ if ((major(rootdev) != 0 && rootdev == m->devnum) ||
+ (major(usrdev) != 0 && usrdev == m->devnum)) {
+ log_debug("Not detaching loopback device %s that backs the OS itself, skipping.", m->path);
+ n_failed++;
+ continue;
+ }
+
+ log_info("Detaching loopback %s.", m->path);
+ r = delete_loopback(m->path);
+ if (r < 0) {
+ log_full_errno(last_try ? LOG_ERR : LOG_INFO, r, "Could not detach loopback %s: %m", m->path);
+ n_failed++;
+ continue;
+ }
+ if (r > 0)
+ *changed = true;
+
+ loopback_device_free(head, m);
+ }
+
+ return n_failed;
+}
+
+int loopback_detach_all(bool *changed, bool last_try) {
+ _cleanup_(loopback_device_list_free) LIST_HEAD(LoopbackDevice, loopback_list_head);
+ int r;
+
+ assert(changed);
+
+ LIST_HEAD_INIT(loopback_list_head);
+
+ r = loopback_list_get(&loopback_list_head);
+ if (r < 0)
+ return r;
+
+ return loopback_points_list_detach(&loopback_list_head, changed, last_try);
+}
diff --git a/src/shutdown/detach-loopback.h b/src/shutdown/detach-loopback.h
new file mode 100644
index 0000000..d6d73f3
--- /dev/null
+++ b/src/shutdown/detach-loopback.h
@@ -0,0 +1,10 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+/***
+ Copyright © 2010 ProFUSION embedded systems
+***/
+
+#include <stdbool.h>
+
+int loopback_detach_all(bool *changed, bool last_try);
diff --git a/src/shutdown/detach-md.c b/src/shutdown/detach-md.c
new file mode 100644
index 0000000..cf3130d
--- /dev/null
+++ b/src/shutdown/detach-md.c
@@ -0,0 +1,188 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+/***
+ Copyright © 2010 ProFUSION embedded systems
+***/
+
+#include <linux/major.h>
+#include <linux/raid/md_u.h>
+#include <sys/ioctl.h>
+#include <unistd.h>
+
+#include "sd-device.h"
+
+#include "alloc-util.h"
+#include "blockdev-util.h"
+#include "detach-md.h"
+#include "device-util.h"
+#include "devnum-util.h"
+#include "errno-util.h"
+#include "fd-util.h"
+#include "string-util.h"
+
+typedef struct RaidDevice {
+ char *path;
+ dev_t devnum;
+ LIST_FIELDS(struct RaidDevice, raid_device);
+} RaidDevice;
+
+static void raid_device_free(RaidDevice **head, RaidDevice *m) {
+ assert(head);
+ assert(m);
+
+ LIST_REMOVE(raid_device, *head, m);
+
+ free(m->path);
+ free(m);
+}
+
+static void raid_device_list_free(RaidDevice **head) {
+ assert(head);
+
+ while (*head)
+ raid_device_free(head, *head);
+}
+
+static int md_list_get(RaidDevice **head) {
+ _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL;
+ int r;
+
+ assert(head);
+
+ r = sd_device_enumerator_new(&e);
+ if (r < 0)
+ return r;
+
+ r = sd_device_enumerator_allow_uninitialized(e);
+ if (r < 0)
+ return r;
+
+ r = sd_device_enumerator_add_match_subsystem(e, "block", true);
+ if (r < 0)
+ return r;
+
+ r = sd_device_enumerator_add_match_sysname(e, "md*");
+ if (r < 0)
+ return r;
+
+ /* Filter out partitions. */
+ r = sd_device_enumerator_add_match_property(e, "DEVTYPE", "disk");
+ if (r < 0)
+ return r;
+
+ FOREACH_DEVICE(e, d) {
+ _cleanup_free_ char *p = NULL;
+ const char *dn, *md_level;
+ RaidDevice *m;
+ dev_t devnum;
+
+ r = sd_device_get_devname(d, &dn);
+ if (r < 0) {
+ log_device_warning_errno(d, r, "Failed to get name of enumerated device, ignoring: %m");
+ continue;
+ }
+
+ r = sd_device_get_devnum(d, &devnum);
+ if (r < 0) {
+ log_device_warning_errno(d, r, "Failed to get devno of enumerated device '%s', ignoring device: %m", dn);
+ continue;
+ }
+
+ /* MD "containers" are a special type of MD devices, used for external metadata. Since they
+ * don't provide RAID functionality in themselves we don't need to stop them. Note that the
+ * MD_LEVEL udev property is set by mdadm in userspace, which is an optional package. Hence
+ * let's handle gracefully if the property is missing. */
+
+ r = sd_device_get_property_value(d, "MD_LEVEL", &md_level);
+ if (r < 0)
+ log_device_full_errno(d,
+ r == -ENOENT ? LOG_DEBUG : LOG_WARNING,
+ r,
+ "Failed to get MD_LEVEL property for %s, assuming regular MD device, not a container: %m", dn);
+ else if (streq(md_level, "container")) {
+ log_device_debug(d, "Skipping MD device '%s' because it is a container MD device.", dn);
+ continue;
+ }
+
+ p = strdup(dn);
+ if (!p)
+ return -ENOMEM;
+
+ m = new(RaidDevice, 1);
+ if (!m)
+ return -ENOMEM;
+
+ *m = (RaidDevice) {
+ .path = TAKE_PTR(p),
+ .devnum = devnum,
+ };
+
+ LIST_PREPEND(raid_device, *head, m);
+ }
+
+ return 0;
+}
+
+static int delete_md(RaidDevice *m) {
+ _cleanup_close_ int fd = -EBADF;
+
+ assert(m);
+ assert(major(m->devnum) != 0);
+ assert(m->path);
+
+ fd = open(m->path, O_RDONLY|O_CLOEXEC|O_EXCL);
+ if (fd < 0)
+ return -errno;
+
+ if (fsync(fd) < 0)
+ log_debug_errno(errno, "Failed to sync MD block device %s, ignoring: %m", m->path);
+
+ return RET_NERRNO(ioctl(fd, STOP_ARRAY, NULL));
+}
+
+static int md_points_list_detach(RaidDevice **head, bool *changed, bool last_try) {
+ int n_failed = 0, r;
+ dev_t rootdev = 0, usrdev = 0;
+
+ assert(head);
+ assert(changed);
+
+ (void) get_block_device("/", &rootdev);
+ (void) get_block_device("/usr", &usrdev);
+
+ LIST_FOREACH(raid_device, m, *head) {
+ if ((major(rootdev) != 0 && rootdev == m->devnum) ||
+ (major(usrdev) != 0 && usrdev == m->devnum)) {
+ log_debug("Not detaching MD %s that backs the OS itself, skipping.", m->path);
+ n_failed ++;
+ continue;
+ }
+
+ log_info("Stopping MD %s (" DEVNUM_FORMAT_STR ").", m->path, DEVNUM_FORMAT_VAL(m->devnum));
+ r = delete_md(m);
+ if (r < 0) {
+ log_full_errno(last_try ? LOG_ERR : LOG_INFO, r, "Could not stop MD %s: %m", m->path);
+ n_failed++;
+ continue;
+ }
+
+ *changed = true;
+ raid_device_free(head, m);
+ }
+
+ return n_failed;
+}
+
+int md_detach_all(bool *changed, bool last_try) {
+ _cleanup_(raid_device_list_free) LIST_HEAD(RaidDevice, md_list_head);
+ int r;
+
+ assert(changed);
+
+ LIST_HEAD_INIT(md_list_head);
+
+ r = md_list_get(&md_list_head);
+ if (r < 0)
+ return r;
+
+ return md_points_list_detach(&md_list_head, changed, last_try);
+}
diff --git a/src/shutdown/detach-md.h b/src/shutdown/detach-md.h
new file mode 100644
index 0000000..3784598
--- /dev/null
+++ b/src/shutdown/detach-md.h
@@ -0,0 +1,10 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+/***
+ Copyright © 2010 ProFUSION embedded systems
+***/
+
+#include <stdbool.h>
+
+int md_detach_all(bool *changed, bool last_try);
diff --git a/src/shutdown/detach-swap.c b/src/shutdown/detach-swap.c
new file mode 100644
index 0000000..fd7dcdf
--- /dev/null
+++ b/src/shutdown/detach-swap.c
@@ -0,0 +1,110 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+/***
+ Copyright © 2010 ProFUSION embedded systems
+***/
+
+#include <sys/swap.h>
+
+#include "alloc-util.h"
+#include "detach-swap.h"
+#include "libmount-util.h"
+
+static void swap_device_free(SwapDevice **head, SwapDevice *m) {
+ assert(head);
+ assert(m);
+
+ LIST_REMOVE(swap_device, *head, m);
+
+ free(m->path);
+ free(m);
+}
+
+void swap_devices_list_free(SwapDevice **head) {
+ assert(head);
+
+ while (*head)
+ swap_device_free(head, *head);
+}
+
+int swap_list_get(const char *swaps, SwapDevice **head) {
+ _cleanup_(mnt_free_tablep) struct libmnt_table *t = NULL;
+ _cleanup_(mnt_free_iterp) struct libmnt_iter *i = NULL;
+ int r;
+
+ assert(head);
+
+ t = mnt_new_table();
+ i = mnt_new_iter(MNT_ITER_FORWARD);
+ if (!t || !i)
+ return log_oom();
+
+ r = mnt_table_parse_swaps(t, swaps);
+ if (r == -ENOENT) /* no /proc/swaps is fine */
+ return 0;
+ if (r < 0)
+ return log_error_errno(r, "Failed to parse %s: %m", swaps ?: "/proc/swaps");
+
+ for (;;) {
+ struct libmnt_fs *fs;
+ _cleanup_free_ SwapDevice *swap = NULL;
+ const char *source;
+
+ r = mnt_table_next_fs(t, i, &fs);
+ if (r == 1) /* EOF */
+ break;
+ if (r < 0)
+ return log_error_errno(r, "Failed to get next entry from %s: %m", swaps ?: "/proc/swaps");
+
+ source = mnt_fs_get_source(fs);
+ if (!source)
+ continue;
+
+ swap = new0(SwapDevice, 1);
+ if (!swap)
+ return log_oom();
+
+ swap->path = strdup(source);
+ if (!swap->path)
+ return log_oom();
+
+ LIST_PREPEND(swap_device, *head, TAKE_PTR(swap));
+ }
+
+ return 0;
+}
+
+static int swap_points_list_off(SwapDevice **head, bool *changed) {
+ int n_failed = 0;
+
+ assert(head);
+ assert(changed);
+
+ LIST_FOREACH(swap_device, m, *head) {
+ log_info("Deactivating swap %s.", m->path);
+ if (swapoff(m->path) < 0) {
+ log_warning_errno(errno, "Could not deactivate swap %s: %m", m->path);
+ n_failed++;
+ continue;
+ }
+
+ *changed = true;
+ swap_device_free(head, m);
+ }
+
+ return n_failed;
+}
+
+int swapoff_all(bool *changed) {
+ _cleanup_(swap_devices_list_free) LIST_HEAD(SwapDevice, swap_list_head);
+ int r;
+
+ assert(changed);
+
+ LIST_HEAD_INIT(swap_list_head);
+
+ r = swap_list_get(NULL, &swap_list_head);
+ if (r < 0)
+ return r;
+
+ return swap_points_list_off(&swap_list_head, changed);
+}
diff --git a/src/shutdown/detach-swap.h b/src/shutdown/detach-swap.h
new file mode 100644
index 0000000..1ebf5eb
--- /dev/null
+++ b/src/shutdown/detach-swap.h
@@ -0,0 +1,21 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+/***
+ Copyright © 2010 ProFUSION embedded systems
+***/
+
+#include <stdbool.h>
+
+#include "list.h"
+
+int swapoff_all(bool *changed);
+
+/* This is exported just for testing */
+typedef struct SwapDevice {
+ char *path;
+ LIST_FIELDS(struct SwapDevice, swap_device);
+} SwapDevice;
+
+int swap_list_get(const char *swaps, SwapDevice **head);
+void swap_devices_list_free(SwapDevice **head);
diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build
new file mode 100644
index 0000000..219f9fd
--- /dev/null
+++ b/src/shutdown/meson.build
@@ -0,0 +1,39 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+systemd_shutdown_sources = files(
+ 'detach-dm.c',
+ 'detach-loopback.c',
+ 'detach-md.c',
+ 'detach-swap.c',
+ 'shutdown.c',
+ 'umount.c',
+)
+
+executables += [
+ libexec_template + {
+ 'name' : 'systemd-shutdown',
+ 'sources' : systemd_shutdown_sources,
+ 'dependencies' : libmount,
+ },
+ libexec_template + {
+ 'name' : 'systemd-shutdown.standalone',
+ 'sources' : systemd_shutdown_sources,
+ 'c_args' : '-DSTANDALONE',
+ 'link_with' : [
+ libbasic,
+ libshared_static,
+ libsystemd_static,
+ ],
+ 'dependencies' : libmount,
+ 'build_by_default' : have_standalone_binaries,
+ 'install' : have_standalone_binaries,
+ },
+ test_template + {
+ 'sources' : files(
+ 'test-umount.c',
+ 'detach-swap.c',
+ 'umount.c',
+ ),
+ 'dependencies' : libmount,
+ },
+]
diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c
new file mode 100644
index 0000000..b709078
--- /dev/null
+++ b/src/shutdown/shutdown.c
@@ -0,0 +1,663 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+/***
+ Copyright © 2010 ProFUSION embedded systems
+***/
+
+#include <errno.h>
+#include <getopt.h>
+#include <linux/reboot.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <sys/mman.h>
+#include <sys/mount.h>
+#include <sys/reboot.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "sd-daemon.h"
+#include "sd-messages.h"
+
+#include "alloc-util.h"
+#include "async.h"
+#include "binfmt-util.h"
+#include "cgroup-setup.h"
+#include "cgroup-util.h"
+#include "constants.h"
+#include "coredump-util.h"
+#include "detach-dm.h"
+#include "detach-loopback.h"
+#include "detach-md.h"
+#include "detach-swap.h"
+#include "errno-util.h"
+#include "exec-util.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "getopt-defs.h"
+#include "initrd-util.h"
+#include "killall.h"
+#include "log.h"
+#include "parse-util.h"
+#include "process-util.h"
+#include "reboot-util.h"
+#include "rlimit-util.h"
+#include "signal-util.h"
+#include "string-util.h"
+#include "switch-root.h"
+#include "sysctl-util.h"
+#include "terminal-util.h"
+#include "umount.h"
+#include "virt.h"
+#include "watchdog.h"
+
+#define SYNC_PROGRESS_ATTEMPTS 3
+#define SYNC_TIMEOUT_USEC (10*USEC_PER_SEC)
+
+static char* arg_verb;
+static uint8_t arg_exit_code;
+static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC;
+
+static int parse_argv(int argc, char *argv[]) {
+ enum {
+ COMMON_GETOPT_ARGS,
+ SHUTDOWN_GETOPT_ARGS,
+ };
+
+ static const struct option options[] = {
+ COMMON_GETOPT_OPTIONS,
+ SHUTDOWN_GETOPT_OPTIONS,
+ {}
+ };
+
+ int c, r;
+
+ assert(argc >= 1);
+ assert(argv);
+
+ /* Resetting to 0 forces the invocation of an internal initialization routine of getopt_long()
+ * that checks for GNU extensions in optstring ('-' or '+' at the beginning). */
+ optind = 0;
+
+ /* "-" prevents getopt from permuting argv[] and moving the verb away
+ * from argv[1]. Our interface to initrd promises it'll be there. */
+ while ((c = getopt_long(argc, argv, "-", options, NULL)) >= 0)
+ switch (c) {
+
+ case ARG_LOG_LEVEL:
+ r = log_set_max_level_from_string(optarg);
+ if (r < 0)
+ log_error_errno(r, "Failed to parse log level %s, ignoring: %m", optarg);
+
+ break;
+
+ case ARG_LOG_TARGET:
+ r = log_set_target_from_string(optarg);
+ if (r < 0)
+ log_error_errno(r, "Failed to parse log target %s, ignoring: %m", optarg);
+
+ break;
+
+ case ARG_LOG_COLOR:
+
+ if (optarg) {
+ r = log_show_color_from_string(optarg);
+ if (r < 0)
+ log_error_errno(r, "Failed to parse log color setting %s, ignoring: %m", optarg);
+ } else
+ log_show_color(true);
+
+ break;
+
+ case ARG_LOG_LOCATION:
+ if (optarg) {
+ r = log_show_location_from_string(optarg);
+ if (r < 0)
+ log_error_errno(r, "Failed to parse log location setting %s, ignoring: %m", optarg);
+ } else
+ log_show_location(true);
+
+ break;
+
+ case ARG_LOG_TIME:
+
+ if (optarg) {
+ r = log_show_time_from_string(optarg);
+ if (r < 0)
+ log_error_errno(r, "Failed to parse log time setting %s, ignoring: %m", optarg);
+ } else
+ log_show_time(true);
+
+ break;
+
+ case ARG_EXIT_CODE:
+ r = safe_atou8(optarg, &arg_exit_code);
+ if (r < 0)
+ log_error_errno(r, "Failed to parse exit code %s, ignoring: %m", optarg);
+
+ break;
+
+ case ARG_TIMEOUT:
+ r = parse_sec(optarg, &arg_timeout);
+ if (r < 0)
+ log_error_errno(r, "Failed to parse shutdown timeout %s, ignoring: %m", optarg);
+
+ break;
+
+ case '\001':
+ if (!arg_verb)
+ arg_verb = optarg;
+ else
+ log_error("Excess arguments, ignoring");
+ break;
+
+ case '?':
+ return -EINVAL;
+
+ default:
+ assert_not_reached();
+ }
+
+ if (!arg_verb)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+ "Verb argument missing.");
+
+ return 0;
+}
+
+static int switch_root_initramfs(void) {
+ /* Do not detach the old root, because /run/initramfs/shutdown needs to access it.
+ *
+ * Disable sync() during switch-root, we after all sync'ed here plenty, and a dumb sync (as opposed
+ * to the "smart" sync() we did here that looks at progress parameters) would defeat much of our
+ * efforts here. As the new root will be /run/initramfs/, it is not necessary to mount /run/
+ * recursively. */
+ return switch_root(
+ /* new_root= */ "/run/initramfs",
+ /* old_root_after= */ "/oldroot",
+ /* flags= */ SWITCH_ROOT_DONT_SYNC);
+}
+
+/* Read the following fields from /proc/meminfo:
+ *
+ * NFS_Unstable
+ * Writeback
+ * Dirty
+ *
+ * Return true if the sum of these fields is greater than the previous
+ * value input. For all other issues, report the failure and indicate that
+ * the sync is not making progress.
+ */
+static int sync_making_progress(unsigned long long *prev_dirty) {
+ _cleanup_fclose_ FILE *f = NULL;
+ unsigned long long val = 0;
+ int ret;
+
+ f = fopen("/proc/meminfo", "re");
+ if (!f)
+ return log_warning_errno(errno, "Failed to open /proc/meminfo: %m");
+
+ for (;;) {
+ _cleanup_free_ char *line = NULL;
+ unsigned long long ull = 0;
+ int q;
+
+ q = read_line(f, LONG_LINE_MAX, &line);
+ if (q < 0)
+ return log_warning_errno(q, "Failed to parse /proc/meminfo: %m");
+ if (q == 0)
+ break;
+
+ if (!first_word(line, "NFS_Unstable:") && !first_word(line, "Writeback:") && !first_word(line, "Dirty:"))
+ continue;
+
+ errno = 0;
+ if (sscanf(line, "%*s %llu %*s", &ull) != 1) {
+ if (errno != 0)
+ log_warning_errno(errno, "Failed to parse /proc/meminfo: %m");
+ else
+ log_warning("Failed to parse /proc/meminfo");
+
+ return false;
+ }
+
+ val += ull;
+ }
+
+ ret = *prev_dirty > val;
+ *prev_dirty = val;
+ return ret;
+}
+
+static void sync_with_progress(void) {
+ unsigned long long dirty = ULLONG_MAX;
+ unsigned checks;
+ pid_t pid;
+ int r;
+
+ BLOCK_SIGNALS(SIGCHLD);
+
+ /* Due to the possibility of the sync operation hanging, we fork a child process and monitor
+ * the progress. If the timeout lapses, the assumption is that the particular sync stalled. */
+
+ r = asynchronous_sync(&pid);
+ if (r < 0) {
+ log_error_errno(r, "Failed to fork sync(): %m");
+ return;
+ }
+
+ log_info("Syncing filesystems and block devices.");
+
+ /* Start monitoring the sync operation. If more than
+ * SYNC_PROGRESS_ATTEMPTS lapse without progress being made,
+ * we assume that the sync is stalled */
+ for (checks = 0; checks < SYNC_PROGRESS_ATTEMPTS; checks++) {
+ r = wait_for_terminate_with_timeout(pid, SYNC_TIMEOUT_USEC);
+ if (r == 0)
+ /* Sync finished without error.
+ * (The sync itself does not return an error code) */
+ return;
+ else if (r == -ETIMEDOUT) {
+ /* Reset the check counter if the "Dirty" value is
+ * decreasing */
+ if (sync_making_progress(&dirty) > 0)
+ checks = 0;
+ } else {
+ log_error_errno(r, "Failed to sync filesystems and block devices: %m");
+ return;
+ }
+ }
+
+ /* Only reached in the event of a timeout. We should issue a kill
+ * to the stray process. */
+ log_error("Syncing filesystems and block devices - timed out, issuing SIGKILL to PID "PID_FMT".", pid);
+ (void) kill(pid, SIGKILL);
+}
+
+static int read_current_sysctl_printk_log_level(void) {
+ _cleanup_free_ char *sysctl_printk_vals = NULL, *sysctl_printk_curr = NULL;
+ int current_lvl;
+ const char *p;
+ int r;
+
+ r = sysctl_read("kernel/printk", &sysctl_printk_vals);
+ if (r < 0)
+ return log_debug_errno(r, "Cannot read sysctl kernel.printk: %m");
+
+ p = sysctl_printk_vals;
+ r = extract_first_word(&p, &sysctl_printk_curr, NULL, 0);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to split out kernel printk priority: %m");
+ if (r == 0)
+ return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Short read while reading kernel.printk sysctl");
+
+ r = safe_atoi(sysctl_printk_curr, &current_lvl);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to parse kernel.printk sysctl: %s", sysctl_printk_vals);
+
+ return current_lvl;
+}
+
+static void bump_sysctl_printk_log_level(int min_level) {
+ int current_lvl, r;
+
+ /* Set the logging level to be able to see messages with log level smaller or equal to min_level */
+
+ current_lvl = read_current_sysctl_printk_log_level();
+ if (current_lvl < 0 || current_lvl >= min_level + 1)
+ return;
+
+ r = sysctl_writef("kernel/printk", "%i", min_level + 1);
+ if (r < 0)
+ log_debug_errno(r, "Failed to bump kernel.printk to %i: %m", min_level + 1);
+}
+
+static void init_watchdog(void) {
+ const char *s;
+ int r;
+
+ s = getenv("WATCHDOG_DEVICE");
+ if (s) {
+ r = watchdog_set_device(s);
+ if (r < 0)
+ log_warning_errno(r, "Failed to set watchdog device to %s, ignoring: %m", s);
+ }
+
+ s = getenv("WATCHDOG_USEC");
+ if (s) {
+ usec_t usec;
+
+ r = safe_atou64(s, &usec);
+ if (r < 0)
+ log_warning_errno(r, "Failed to parse watchdog timeout '%s', ignoring: %m", s);
+ else
+ (void) watchdog_setup(usec);
+ }
+}
+
+int main(int argc, char *argv[]) {
+ static const char* const dirs[] = {
+ SYSTEM_SHUTDOWN_PATH,
+ NULL
+ };
+ _cleanup_free_ char *cgroup = NULL;
+ char *arguments[3];
+ int cmd, r;
+
+ /* Close random fds we might have get passed, just for paranoia, before we open any new fds, for
+ * example for logging. After all this tool's purpose is about detaching any pinned resources, and
+ * open file descriptors are the primary way to pin resources. Note that we don't really expect any
+ * fds to be passed here. */
+ (void) close_all_fds(NULL, 0);
+
+ /* The log target defaults to console, but the original systemd process will pass its log target in through a
+ * command line argument, which will override this default. Also, ensure we'll never log to the journal or
+ * syslog, as these logging daemons are either already dead or will die very soon. */
+
+ log_set_target(LOG_TARGET_CONSOLE);
+ log_set_prohibit_ipc(true);
+ log_parse_environment();
+
+ if (getpid_cached() == 1)
+ log_set_always_reopen_console(true);
+
+ r = parse_argv(argc, argv);
+ if (r < 0)
+ goto error;
+
+ log_open();
+
+ umask(0022);
+
+ if (getpid_cached() != 1) {
+ r = log_error_errno(SYNTHETIC_ERRNO(EPERM), "Not executed by init (PID 1).");
+ goto error;
+ }
+
+ if (streq(arg_verb, "reboot"))
+ cmd = RB_AUTOBOOT;
+ else if (streq(arg_verb, "poweroff"))
+ cmd = RB_POWER_OFF;
+ else if (streq(arg_verb, "halt"))
+ cmd = RB_HALT_SYSTEM;
+ else if (streq(arg_verb, "kexec"))
+ cmd = LINUX_REBOOT_CMD_KEXEC;
+ else if (streq(arg_verb, "exit"))
+ cmd = 0; /* ignored, just checking that arg_verb is valid */
+ else {
+ r = log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unknown action '%s'.", arg_verb);
+ goto error;
+ }
+
+ /* This is primarily useful when running systemd in a VM, as it provides the user running the VM with
+ * a mechanism to pick up systemd's exit status in the VM. Note that we execute this as early as
+ * possible since otherwise we might shut down the VM before the AF_VSOCK buffers have been flushed.
+ * While this doesn't guarantee the message will arrive, in practice we do enough work after this
+ * that the message should always arrive on the host */
+ (void) sd_notifyf(0, "EXIT_STATUS=%i", arg_exit_code);
+
+ (void) cg_get_root_path(&cgroup);
+ bool in_container = detect_container() > 0;
+
+ /* If the logging messages are going to KMSG, and if we are not running from a container, then try to
+ * update the sysctl kernel.printk current value in order to see "info" messages; This current log
+ * level is not updated if already big enough.
+ */
+ if (!in_container &&
+ IN_SET(log_get_target(),
+ LOG_TARGET_AUTO,
+ LOG_TARGET_JOURNAL_OR_KMSG,
+ LOG_TARGET_SYSLOG_OR_KMSG,
+ LOG_TARGET_KMSG))
+ bump_sysctl_printk_log_level(LOG_WARNING);
+
+ init_watchdog();
+
+ /* Lock us into memory */
+ (void) mlockall(MCL_CURRENT|MCL_FUTURE);
+
+ /* We need to make mounts private so that we can MS_MOVE in unmount_all(). Kernel does not allow
+ * MS_MOVE when parent mountpoints have shared propagation. */
+ if (mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) < 0)
+ log_warning_errno(errno, "Failed to make mounts private, ignoring: %m");
+
+ /* Synchronize everything that is not written to disk yet at this point already. This is a good idea so that
+ * slow IO is processed here already and the final process killing spree is not impacted by processes
+ * desperately trying to sync IO to disk within their timeout. Do not remove this sync, data corruption will
+ * result. */
+ if (!in_container)
+ sync_with_progress();
+
+ disable_coredumps();
+ disable_binfmt();
+
+ log_info("Sending SIGTERM to remaining processes...");
+ broadcast_signal(SIGTERM, true, true, arg_timeout);
+
+ log_info("Sending SIGKILL to remaining processes...");
+ broadcast_signal(SIGKILL, true, false, arg_timeout);
+
+ bool need_umount = !in_container, need_swapoff = !in_container, need_loop_detach = !in_container,
+ need_dm_detach = !in_container, need_md_detach = !in_container, can_initrd, last_try = false;
+ can_initrd = !in_container && !in_initrd() && access("/run/initramfs/shutdown", X_OK) == 0;
+
+ /* Unmount all mountpoints, swaps, and loopback devices */
+ for (;;) {
+ bool changed = false;
+
+ (void) watchdog_ping();
+
+ /* Let's trim the cgroup tree on each iteration so that we leave an empty cgroup tree around,
+ * so that container managers get a nice notify event when we are down */
+ if (cgroup)
+ (void) cg_trim(SYSTEMD_CGROUP_CONTROLLER, cgroup, false);
+
+ if (need_umount) {
+ log_info("Unmounting file systems.");
+ r = umount_all(&changed, last_try);
+ if (r == 0) {
+ need_umount = false;
+ log_info("All filesystems unmounted.");
+ } else if (r > 0)
+ log_info("Not all file systems unmounted, %d left.", r);
+ else
+ log_error_errno(r, "Unable to unmount file systems: %m");
+ }
+
+ if (need_swapoff) {
+ log_info("Deactivating swaps.");
+ r = swapoff_all(&changed);
+ if (r == 0) {
+ need_swapoff = false;
+ log_info("All swaps deactivated.");
+ } else if (r > 0)
+ log_info("Not all swaps deactivated, %d left.", r);
+ else
+ log_error_errno(r, "Unable to deactivate swaps: %m");
+ }
+
+ if (need_loop_detach) {
+ log_info("Detaching loop devices.");
+ r = loopback_detach_all(&changed, last_try);
+ if (r == 0) {
+ need_loop_detach = false;
+ log_info("All loop devices detached.");
+ } else if (r > 0)
+ log_info("Not all loop devices detached, %d left.", r);
+ else
+ log_error_errno(r, "Unable to detach loop devices: %m");
+ }
+
+ if (need_md_detach) {
+ log_info("Stopping MD devices.");
+ r = md_detach_all(&changed, last_try);
+ if (r == 0) {
+ need_md_detach = false;
+ log_info("All MD devices stopped.");
+ } else if (r > 0)
+ log_info("Not all MD devices stopped, %d left.", r);
+ else
+ log_error_errno(r, "Unable to stop MD devices: %m");
+ }
+
+ if (need_dm_detach) {
+ log_info("Detaching DM devices.");
+ r = dm_detach_all(&changed, last_try);
+ if (r == 0) {
+ need_dm_detach = false;
+ log_info("All DM devices detached.");
+ } else if (r > 0)
+ log_info("Not all DM devices detached, %d left.", r);
+ else
+ log_error_errno(r, "Unable to detach DM devices: %m");
+ }
+
+ if (!need_umount && !need_swapoff && !need_loop_detach && !need_dm_detach
+ && !need_md_detach) {
+ log_info("All filesystems, swaps, loop devices, MD devices and DM devices detached.");
+ /* Yay, done */
+ break;
+ }
+
+ if (!changed && !last_try && !can_initrd) {
+ /* There are things we cannot get rid of. Loop one more time in which we will log
+ * with higher priority to inform the user. Note that we don't need to do this if
+ * there is an initrd to switch to, because that one is likely to get rid of the
+ * remaining mounts. If not, it will log about them. */
+ last_try = true;
+ continue;
+ }
+
+ /* If in this iteration we didn't manage to unmount/deactivate anything, we simply give up */
+ if (!changed) {
+ log_info("Cannot finalize remaining%s%s%s%s%s continuing.",
+ need_umount ? " file systems," : "",
+ need_swapoff ? " swap devices," : "",
+ need_loop_detach ? " loop devices," : "",
+ need_dm_detach ? " DM devices," : "",
+ need_md_detach ? " MD devices," : "");
+ break;
+ }
+
+ log_debug("Couldn't finalize remaining %s%s%s%s%s trying again.",
+ need_umount ? " file systems," : "",
+ need_swapoff ? " swap devices," : "",
+ need_loop_detach ? " loop devices," : "",
+ need_dm_detach ? " DM devices," : "",
+ need_md_detach ? " MD devices," : "");
+ }
+
+ /* We're done with the watchdog. Note that the watchdog is explicitly not stopped here. It remains
+ * active to guard against any issues during the rest of the shutdown sequence. */
+ watchdog_free_device();
+
+ arguments[0] = NULL; /* Filled in by execute_directories(), when needed */
+ arguments[1] = arg_verb;
+ arguments[2] = NULL;
+ (void) execute_directories(dirs, DEFAULT_TIMEOUT_USEC, NULL, NULL, arguments, NULL, EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS);
+
+ (void) rlimit_nofile_safe();
+
+ if (can_initrd) {
+ r = switch_root_initramfs();
+ if (r >= 0) {
+ argv[0] = (char*) "/shutdown";
+
+ (void) setsid();
+ (void) make_console_stdio();
+
+ log_info("Successfully changed into root pivot.\n"
+ "Returning to initrd...");
+
+ execv("/shutdown", argv);
+ log_error_errno(errno, "Failed to execute shutdown binary: %m");
+ } else
+ log_error_errno(r, "Failed to switch root to \"/run/initramfs\": %m");
+ }
+
+ if (need_umount || need_swapoff || need_loop_detach || need_dm_detach || need_md_detach)
+ log_error("Unable to finalize remaining%s%s%s%s%s ignoring.",
+ need_umount ? " file systems," : "",
+ need_swapoff ? " swap devices," : "",
+ need_loop_detach ? " loop devices," : "",
+ need_dm_detach ? " DM devices," : "",
+ need_md_detach ? " MD devices," : "");
+
+ /* The kernel will automatically flush ATA disks and suchlike on reboot(), but the file systems need
+ * to be sync'ed explicitly in advance. So let's do this here, but not needlessly slow down
+ * containers. Note that we sync'ed things already once above, but we did some more work since then
+ * which might have caused IO, hence let's do it once more. Do not remove this sync, data corruption
+ * will result. */
+ if (!in_container)
+ sync_with_progress();
+
+ if (streq(arg_verb, "exit")) {
+ if (in_container) {
+ log_info("Exiting container.");
+ return arg_exit_code;
+ }
+
+ cmd = RB_POWER_OFF; /* We cannot exit() on the host, fallback on another method. */
+ }
+
+ switch (cmd) {
+
+ case LINUX_REBOOT_CMD_KEXEC:
+
+ if (!in_container) {
+ /* We cheat and exec kexec to avoid doing all its work */
+ log_info("Rebooting with kexec.");
+
+ r = safe_fork("(sd-kexec)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_WAIT, NULL);
+ if (r == 0) {
+ const char * const args[] = {
+ KEXEC, "-e", NULL
+ };
+
+ /* Child */
+
+ execv(args[0], (char * const *) args);
+ log_debug_errno(errno, "Failed to execute '" KEXEC "' binary, proceeding with reboot(RB_KEXEC): %m");
+
+ /* execv failed (kexec binary missing?), so try simply reboot(RB_KEXEC) */
+ (void) reboot(cmd);
+ _exit(EXIT_FAILURE);
+ }
+
+ /* If we are still running, then the kexec can't have worked, let's fall through */
+ }
+
+ cmd = RB_AUTOBOOT;
+ _fallthrough_;
+
+ case RB_AUTOBOOT:
+ (void) reboot_with_parameter(REBOOT_LOG);
+ log_info("Rebooting.");
+ break;
+
+ case RB_POWER_OFF:
+ log_info("Powering off.");
+ break;
+
+ case RB_HALT_SYSTEM:
+ log_info("Halting system.");
+ break;
+
+ default:
+ assert_not_reached();
+ }
+
+ (void) reboot(cmd);
+ if (ERRNO_IS_PRIVILEGE(errno) && in_container) {
+ /* If we are in a container, and we lacked CAP_SYS_BOOT just exit, this will kill our
+ * container for good. */
+ log_info("Exiting container.");
+ return EXIT_SUCCESS;
+ }
+
+ r = log_error_errno(errno, "Failed to invoke reboot(): %m");
+
+ error:
+ log_struct_errno(LOG_EMERG, r,
+ LOG_MESSAGE("Critical error while doing system shutdown: %m"),
+ "MESSAGE_ID=" SD_MESSAGE_SHUTDOWN_ERROR_STR);
+ freeze();
+}
diff --git a/src/shutdown/test-umount.c b/src/shutdown/test-umount.c
new file mode 100644
index 0000000..93da2e0
--- /dev/null
+++ b/src/shutdown/test-umount.c
@@ -0,0 +1,68 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include "alloc-util.h"
+#include "detach-swap.h"
+#include "errno-util.h"
+#include "log.h"
+#include "path-util.h"
+#include "string-util.h"
+#include "tests.h"
+#include "umount.h"
+
+static void test_mount_points_list_one(const char *fname) {
+ _cleanup_(mount_points_list_free) LIST_HEAD(MountPoint, mp_list_head);
+ _cleanup_free_ char *testdata_fname = NULL;
+
+ log_info("/* %s(\"%s\") */", __func__, fname ?: "/proc/self/mountinfo");
+
+ if (fname) {
+ assert_se(get_testdata_dir(fname, &testdata_fname) >= 0);
+ fname = testdata_fname;
+ }
+
+ LIST_HEAD_INIT(mp_list_head);
+ assert_se(mount_points_list_get(fname, &mp_list_head) >= 0);
+
+ LIST_FOREACH(mount_point, m, mp_list_head)
+ log_debug("path=%s o=%s f=0x%lx try-ro=%s",
+ m->path,
+ strempty(m->remount_options),
+ m->remount_flags,
+ yes_no(m->try_remount_ro));
+}
+
+TEST(mount_points_list) {
+ test_mount_points_list_one(NULL);
+ test_mount_points_list_one("/test-umount/empty.mountinfo");
+ test_mount_points_list_one("/test-umount/garbled.mountinfo");
+ test_mount_points_list_one("/test-umount/rhbug-1554943.mountinfo");
+}
+
+static void test_swap_list_one(const char *fname) {
+ _cleanup_(swap_devices_list_free) LIST_HEAD(SwapDevice, sd_list_head);
+ _cleanup_free_ char *testdata_fname = NULL;
+ int r;
+
+ log_info("/* %s(\"%s\") */", __func__, fname ?: "/proc/swaps");
+
+ if (fname) {
+ assert_se(get_testdata_dir(fname, &testdata_fname) >= 0);
+ fname = testdata_fname;
+ }
+
+ LIST_HEAD_INIT(sd_list_head);
+ r = swap_list_get(fname, &sd_list_head);
+ if (ERRNO_IS_PRIVILEGE(r))
+ return;
+ assert_se(r >= 0);
+
+ LIST_FOREACH(swap_device, m, sd_list_head)
+ log_debug("path=%s", m->path);
+}
+
+TEST(swap_list) {
+ test_swap_list_one(NULL);
+ test_swap_list_one("/test-umount/example.swaps");
+}
+
+DEFINE_TEST_MAIN(LOG_DEBUG);
diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c
new file mode 100644
index 0000000..1a9b99d
--- /dev/null
+++ b/src/shutdown/umount.c
@@ -0,0 +1,494 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+/***
+ Copyright © 2010 ProFUSION embedded systems
+***/
+
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/mount.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "alloc-util.h"
+#include "chase.h"
+#include "dirent-util.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "fs-util.h"
+#include "fstab-util.h"
+#include "libmount-util.h"
+#include "mkdir.h"
+#include "mount-setup.h"
+#include "mount-util.h"
+#include "mountpoint-util.h"
+#include "parse-util.h"
+#include "process-util.h"
+#include "random-util.h"
+#include "signal-util.h"
+#include "umount.h"
+#include "virt.h"
+
+static void mount_point_free(MountPoint **head, MountPoint *m) {
+ assert(head);
+ assert(m);
+
+ LIST_REMOVE(mount_point, *head, m);
+
+ free(m->path);
+ free(m->remount_options);
+ free(m);
+}
+
+void mount_points_list_free(MountPoint **head) {
+ assert(head);
+
+ while (*head)
+ mount_point_free(head, *head);
+}
+
+int mount_points_list_get(const char *mountinfo, MountPoint **head) {
+ _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
+ _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL;
+ int r;
+
+ assert(head);
+
+ r = libmount_parse(mountinfo, NULL, &table, &iter);
+ if (r < 0)
+ return log_error_errno(r, "Failed to parse %s: %m", mountinfo ?: "/proc/self/mountinfo");
+
+ for (;;) {
+ _cleanup_free_ char *options = NULL, *remount_options = NULL;
+ struct libmnt_fs *fs;
+ const char *path, *fstype;
+ unsigned long remount_flags = 0u;
+ bool try_remount_ro, is_api_vfs;
+ _cleanup_free_ MountPoint *m = NULL;
+
+ r = mnt_table_next_fs(table, iter, &fs);
+ if (r == 1) /* EOF */
+ break;
+ if (r < 0)
+ return log_error_errno(r, "Failed to get next entry from %s: %m", mountinfo ?: "/proc/self/mountinfo");
+
+ path = mnt_fs_get_target(fs);
+ if (!path)
+ continue;
+
+ fstype = mnt_fs_get_fstype(fs);
+
+ /* Combine the generic VFS options with the FS-specific options. Duplicates are not a problem
+ * here, because the only options that should come up twice are typically ro/rw, which are
+ * turned into MS_RDONLY or the inversion of it.
+ *
+ * Even if there are duplicates later in mount_option_mangle() they shouldn't hurt anyways as
+ * they override each other. */
+ if (!strextend_with_separator(&options, ",", mnt_fs_get_vfs_options(fs)))
+ return log_oom();
+ if (!strextend_with_separator(&options, ",", mnt_fs_get_fs_options(fs)))
+ return log_oom();
+
+ /* Ignore mount points we can't unmount because they are API or because we are keeping them
+ * open (like /dev/console). Also, ignore all mounts below API file systems, since they are
+ * likely virtual too, and hence not worth spending time on. Also, in unprivileged containers
+ * we might lack the rights to unmount these things, hence don't bother. */
+ if (mount_point_is_api(path) ||
+ mount_point_ignore(path) ||
+ PATH_STARTSWITH_SET(path, "/dev", "/sys", "/proc"))
+ continue;
+
+ is_api_vfs = fstype_is_api_vfs(fstype);
+
+ /* If we are in a container, don't attempt to read-only mount anything as that brings no real
+ * benefits, but might confuse the host, as we remount the superblock here, not the bind
+ * mount.
+ *
+ * If the filesystem is a network fs, also skip the remount. It brings no value (we cannot
+ * leave a "dirty fs") and could hang if the network is down. Note that umount2() is more
+ * careful and will not hang because of the network being down. */
+ try_remount_ro = detect_container() <= 0 &&
+ !fstype_is_network(fstype) &&
+ !is_api_vfs &&
+ !fstype_is_ro(fstype) &&
+ !fstab_test_yes_no_option(options, "ro\0rw\0");
+
+ if (try_remount_ro) {
+ /* mount(2) states that mount flags and options need to be exactly the same as they
+ * were when the filesystem was mounted, except for the desired changes. So we
+ * reconstruct both here and adjust them for the later remount call too. */
+
+ r = mnt_fs_get_propagation(fs, &remount_flags);
+ if (r < 0) {
+ log_warning_errno(r, "mnt_fs_get_propagation() failed for %s, ignoring: %m", path);
+ continue;
+ }
+
+ r = mount_option_mangle(options, remount_flags, &remount_flags, &remount_options);
+ if (r < 0) {
+ log_warning_errno(r, "mount_option_mangle failed for %s, ignoring: %m", path);
+ continue;
+ }
+
+ /* MS_BIND is special. If it is provided it will only make the mount-point
+ * read-only. If left out, the super block itself is remounted, which we want. */
+ remount_flags = (remount_flags|MS_REMOUNT|MS_RDONLY) & ~MS_BIND;
+ }
+
+ m = new(MountPoint, 1);
+ if (!m)
+ return log_oom();
+
+ r = libmount_is_leaf(table, fs);
+ if (r < 0)
+ return log_error_errno(r, "Failed to get children mounts for %s from %s: %m", path, mountinfo ?: "/proc/self/mountinfo");
+ bool leaf = r;
+
+ *m = (MountPoint) {
+ .remount_options = remount_options,
+ .remount_flags = remount_flags,
+ .try_remount_ro = try_remount_ro,
+
+ /* Unmount sysfs/procfs/… lazily, since syncing doesn't matter there, and it's OK if
+ * something keeps an fd open to it. */
+ .umount_lazily = is_api_vfs,
+ .leaf = leaf,
+ };
+
+ m->path = strdup(path);
+ if (!m->path)
+ return log_oom();
+
+ TAKE_PTR(remount_options);
+
+ LIST_PREPEND(mount_point, *head, TAKE_PTR(m));
+ }
+
+ return 0;
+}
+
+static bool nonunmountable_path(const char *path) {
+ assert(path);
+
+ return PATH_IN_SET(path, "/", "/usr") ||
+ path_startswith(path, "/run/initramfs");
+}
+
+static void log_umount_blockers(const char *mnt) {
+ _cleanup_free_ char *blockers = NULL;
+ int r;
+
+ _cleanup_closedir_ DIR *dir = opendir("/proc");
+ if (!dir)
+ return (void) log_warning_errno(errno, "Failed to open /proc/: %m");
+
+ FOREACH_DIRENT_ALL(de, dir, break) {
+ if (!IN_SET(de->d_type, DT_DIR, DT_UNKNOWN))
+ continue;
+
+ pid_t pid;
+ if (parse_pid(de->d_name, &pid) < 0)
+ continue;
+
+ _cleanup_free_ char *fdp = path_join(de->d_name, "fd");
+ if (!fdp)
+ return (void) log_oom();
+
+ _cleanup_closedir_ DIR *fd_dir = xopendirat(dirfd(dir), fdp, 0);
+ if (!fd_dir) {
+ if (errno != ENOENT) /* process gone by now? */
+ log_debug_errno(errno, "Failed to open /proc/%s/, ignoring: %m",fdp);
+ continue;
+ }
+
+ bool culprit = false;
+ FOREACH_DIRENT(fd_de, fd_dir, break) {
+ _cleanup_free_ char *open_file = NULL;
+
+ r = readlinkat_malloc(dirfd(fd_dir), fd_de->d_name, &open_file);
+ if (r < 0) {
+ if (r != -ENOENT) /* fd closed by now */
+ log_debug_errno(r, "Failed to read link /proc/%s/%s, ignoring: %m", fdp, fd_de->d_name);
+ continue;
+ }
+
+ if (path_startswith(open_file, mnt)) {
+ culprit = true;
+ break;
+ }
+ }
+
+ if (!culprit)
+ continue;
+
+ _cleanup_free_ char *comm = NULL;
+ r = pid_get_comm(pid, &comm);
+ if (r < 0) {
+ if (r != -ESRCH) /* process gone by now */
+ log_debug_errno(r, "Failed to read process name of PID " PID_FMT ": %m", pid);
+ continue;
+ }
+
+ if (!strextend_with_separator(&blockers, ", ", comm))
+ return (void) log_oom();
+
+ if (!strextend(&blockers, "(", de->d_name, ")"))
+ return (void) log_oom();
+ }
+
+ if (blockers)
+ log_warning("Unmounting '%s' blocked by: %s", mnt, blockers);
+}
+
+static int remount_with_timeout(MountPoint *m, bool last_try) {
+ _cleanup_close_pair_ int pfd[2] = EBADF_PAIR;
+ _cleanup_(sigkill_nowaitp) pid_t pid = 0;
+ int r;
+
+ BLOCK_SIGNALS(SIGCHLD);
+
+ assert(m);
+
+ r = pipe2(pfd, O_CLOEXEC|O_NONBLOCK);
+ if (r < 0)
+ return r;
+
+ /* Due to the possibility of a remount operation hanging, we fork a child process and set a
+ * timeout. If the timeout lapses, the assumption is that the particular remount failed. */
+ r = safe_fork_full("(sd-remount)",
+ NULL,
+ pfd, ELEMENTSOF(pfd),
+ FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_REOPEN_LOG, &pid);
+ if (r < 0)
+ return r;
+ if (r == 0) {
+ pfd[0] = safe_close(pfd[0]);
+
+ log_info("Remounting '%s' read-only with options '%s'.", m->path, strempty(m->remount_options));
+
+ /* Start the mount operation here in the child */
+ r = mount(NULL, m->path, NULL, m->remount_flags, m->remount_options);
+ if (r < 0)
+ log_full_errno(last_try ? LOG_ERR : LOG_INFO,
+ errno,
+ "Failed to remount '%s' read-only: %m",
+ m->path);
+
+ (void) write(pfd[1], &r, sizeof(r)); /* try to send errno up */
+ _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
+ }
+
+ pfd[1] = safe_close(pfd[1]);
+
+ r = wait_for_terminate_with_timeout(pid, DEFAULT_TIMEOUT_USEC);
+ if (r == -ETIMEDOUT)
+ log_error_errno(r, "Remounting '%s' timed out, issuing SIGKILL to PID " PID_FMT ".", m->path, pid);
+ else if (r == -EPROTO) {
+ /* Try to read error code from child */
+ if (read(pfd[0], &r, sizeof(r)) == sizeof(r))
+ log_debug_errno(r, "Remounting '%s' failed abnormally, child process " PID_FMT " failed: %m", m->path, pid);
+ else
+ r = log_debug_errno(EPROTO, "Remounting '%s' failed abnormally, child process " PID_FMT " aborted or exited non-zero.", m->path, pid);
+ TAKE_PID(pid); /* child exited (just not as we expected) hence don't kill anymore */
+ } else if (r < 0)
+ log_error_errno(r, "Remounting '%s' failed unexpectedly, couldn't wait for child process " PID_FMT ": %m", m->path, pid);
+
+ return r;
+}
+
+static int umount_with_timeout(MountPoint *m, bool last_try) {
+ _cleanup_close_pair_ int pfd[2] = EBADF_PAIR;
+ _cleanup_(sigkill_nowaitp) pid_t pid = 0;
+ int r;
+
+ BLOCK_SIGNALS(SIGCHLD);
+
+ assert(m);
+
+ r = pipe2(pfd, O_CLOEXEC|O_NONBLOCK);
+ if (r < 0)
+ return r;
+
+ /* Due to the possibility of a umount operation hanging, we fork a child process and set a
+ * timeout. If the timeout lapses, the assumption is that the particular umount failed. */
+ r = safe_fork_full("(sd-umount)",
+ NULL,
+ pfd, ELEMENTSOF(pfd),
+ FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_REOPEN_LOG, &pid);
+ if (r < 0)
+ return r;
+ if (r == 0) {
+ pfd[0] = safe_close(pfd[0]);
+
+ log_info("Unmounting '%s'.", m->path);
+
+ /* Start the mount operation here in the child Using MNT_FORCE causes some filesystems
+ * (e.g. FUSE and NFS and other network filesystems) to abort any pending requests and return
+ * -EIO rather than blocking indefinitely. If the filesysten is "busy", this may allow
+ * processes to die, thus making the filesystem less busy so the unmount might succeed
+ * (rather than return EBUSY). */
+ r = RET_NERRNO(umount2(m->path,
+ UMOUNT_NOFOLLOW | /* Don't follow symlinks: this should never happen unless our mount list was wrong */
+ (m->umount_lazily ? MNT_DETACH : MNT_FORCE)));
+ if (r < 0) {
+ log_full_errno(last_try ? LOG_ERR : LOG_INFO, r, "Failed to unmount %s: %m", m->path);
+
+ if (r == -EBUSY && last_try)
+ log_umount_blockers(m->path);
+ }
+
+ (void) write(pfd[1], &r, sizeof(r)); /* try to send errno up */
+ _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
+ }
+
+ pfd[1] = safe_close(pfd[1]);
+
+ r = wait_for_terminate_with_timeout(pid, DEFAULT_TIMEOUT_USEC);
+ if (r == -ETIMEDOUT)
+ log_error_errno(r, "Unmounting '%s' timed out, issuing SIGKILL to PID " PID_FMT ".", m->path, pid);
+ else if (r == -EPROTO) {
+ /* Try to read error code from child */
+ if (read(pfd[0], &r, sizeof(r)) == sizeof(r))
+ log_debug_errno(r, "Unmounting '%s' failed abnormally, child process " PID_FMT " failed: %m", m->path, pid);
+ else
+ r = log_debug_errno(EPROTO, "Unmounting '%s' failed abnormally, child process " PID_FMT " aborted or exited non-zero.", m->path, pid);
+ TAKE_PID(pid); /* It died, but abnormally, no purpose in killing */
+ } else if (r < 0)
+ log_error_errno(r, "Unmounting '%s' failed unexpectedly, couldn't wait for child process " PID_FMT ": %m", m->path, pid);
+
+ return r;
+}
+
+/* This includes remounting readonly, which changes the kernel mount options. Therefore the list passed to
+ * this function is invalidated, and should not be reused. */
+static int mount_points_list_umount(MountPoint **head, bool *changed, bool last_try) {
+ int n_failed = 0, r;
+ _cleanup_free_ char *resolved_mounts_path = NULL;
+
+ assert(head);
+ assert(changed);
+
+ LIST_FOREACH(mount_point, m, *head) {
+ if (m->try_remount_ro) {
+ /* We always try to remount directories read-only first, before we go on and umount
+ * them.
+ *
+ * Mount points can be stacked. If a mount point is stacked below / or /usr, we
+ * cannot umount or remount it directly, since there is no way to refer to the
+ * underlying mount. There's nothing we can do about it for the general case, but we
+ * can do something about it if it is aliased somewhere else via a bind mount. If we
+ * explicitly remount the super block of that alias read-only we hence should be
+ * relatively safe regarding keeping a dirty fs we cannot otherwise see.
+ *
+ * Since the remount can hang in the instance of remote filesystems, we remount
+ * asynchronously and skip the subsequent umount if it fails. */
+ if (remount_with_timeout(m, last_try) < 0) {
+ /* Remount failed, but try unmounting anyway,
+ * unless this is a mount point we want to skip. */
+ if (nonunmountable_path(m->path)) {
+ n_failed++;
+ continue;
+ }
+ }
+ }
+
+ /* Skip / and /usr since we cannot unmount that anyway, since we are running from it. They
+ * have already been remounted ro. */
+ if (nonunmountable_path(m->path))
+ continue;
+
+ /* Trying to umount */
+ r = umount_with_timeout(m, last_try);
+ if (r < 0)
+ n_failed++;
+ else
+ *changed = true;
+
+ /* If a mount is busy, we move it to not keep parent mount points busy.
+ * If a mount point is not a leaf, moving it would invalidate our mount table.
+ * More moving will occur in next iteration with a fresh mount table.
+ */
+ if (r != -EBUSY || !m->leaf)
+ continue;
+
+ _cleanup_free_ char *dirname = NULL;
+
+ r = path_extract_directory(m->path, &dirname);
+ if (r < 0) {
+ n_failed++;
+ log_full_errno(last_try ? LOG_ERR : LOG_INFO, r, "Cannot find directory for %s: %m", m->path);
+ continue;
+ }
+
+ /* We need to canonicalize /run/shutdown/mounts. We cannot compare inodes, since /run
+ * might be bind mounted somewhere we want to unmount. And we need to move all mounts in
+ * /run/shutdown/mounts from there.
+ */
+ if (!resolved_mounts_path)
+ (void) chase("/run/shutdown/mounts", NULL, 0, &resolved_mounts_path, NULL);
+ if (!path_equal(dirname, resolved_mounts_path)) {
+ char newpath[STRLEN("/run/shutdown/mounts/") + 16 + 1];
+
+ xsprintf(newpath, "/run/shutdown/mounts/%016" PRIx64, random_u64());
+
+ /* on error of is_dir, assume directory */
+ if (is_dir(m->path, true) != 0) {
+ r = mkdir_p(newpath, 0000);
+ if (r < 0) {
+ log_full_errno(last_try ? LOG_ERR : LOG_INFO, r, "Could not create directory %s: %m", newpath);
+ continue;
+ }
+ } else {
+ r = touch_file(newpath, /* parents= */ true, USEC_INFINITY, UID_INVALID, GID_INVALID, 0700);
+ if (r < 0) {
+ log_full_errno(last_try ? LOG_ERR : LOG_INFO, r, "Could not create file %s: %m", newpath);
+ continue;
+ }
+ }
+
+ log_info("Moving mount %s to %s.", m->path, newpath);
+
+ r = RET_NERRNO(mount(m->path, newpath, NULL, MS_MOVE, NULL));
+ if (r < 0) {
+ n_failed++;
+ log_full_errno(last_try ? LOG_ERR : LOG_INFO, r, "Could not move %s to %s: %m", m->path, newpath);
+ } else
+ *changed = true;
+ }
+ }
+
+ return n_failed;
+}
+
+static int umount_all_once(bool *changed, bool last_try) {
+ _cleanup_(mount_points_list_free) LIST_HEAD(MountPoint, mp_list_head);
+ int r;
+
+ assert(changed);
+
+ LIST_HEAD_INIT(mp_list_head);
+ r = mount_points_list_get(NULL, &mp_list_head);
+ if (r < 0)
+ return r;
+
+ return mount_points_list_umount(&mp_list_head, changed, last_try);
+}
+
+int umount_all(bool *changed, bool last_try) {
+ bool umount_changed;
+ int r;
+
+ assert(changed);
+
+ /* Retry umount, until nothing can be umounted anymore. Mounts are processed in order, newest
+ * first. The retries are needed when an old mount has been moved, to a path inside a newer mount. */
+ do {
+ umount_changed = false;
+
+ r = umount_all_once(&umount_changed, last_try);
+ if (umount_changed)
+ *changed = true;
+ } while (umount_changed);
+
+ return r;
+}
diff --git a/src/shutdown/umount.h b/src/shutdown/umount.h
new file mode 100644
index 0000000..f8f9ae8
--- /dev/null
+++ b/src/shutdown/umount.h
@@ -0,0 +1,26 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+/***
+ Copyright © 2010 ProFUSION embedded systems
+***/
+
+#include <stdbool.h>
+
+#include "list.h"
+
+int umount_all(bool *changed, bool last_try);
+
+/* This is exported just for testing */
+typedef struct MountPoint {
+ char *path;
+ char *remount_options;
+ unsigned long remount_flags;
+ bool try_remount_ro;
+ bool umount_lazily;
+ bool leaf;
+ LIST_FIELDS(struct MountPoint, mount_point);
+} MountPoint;
+
+int mount_points_list_get(const char *mountinfo, MountPoint **head);
+void mount_points_list_free(MountPoint **head);