From b750101eb236130cf056c675997decbac904cc49 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 17:35:18 +0200 Subject: Adding upstream version 252.22. Signed-off-by: Daniel Baumann --- src/shutdown/meson.build | 15 + src/shutdown/shutdown.c | 645 +++++++++++++++++++++++++++++++ src/shutdown/test-umount.c | 74 ++++ src/shutdown/umount.c | 932 +++++++++++++++++++++++++++++++++++++++++++++ src/shutdown/umount.h | 29 ++ 5 files changed, 1695 insertions(+) create mode 100644 src/shutdown/meson.build create mode 100644 src/shutdown/shutdown.c create mode 100644 src/shutdown/test-umount.c create mode 100644 src/shutdown/umount.c create mode 100644 src/shutdown/umount.h (limited to 'src/shutdown') diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build new file mode 100644 index 0000000..0bd09fd --- /dev/null +++ b/src/shutdown/meson.build @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +systemd_shutdown_sources = files( + 'shutdown.c', + 'umount.c', + 'umount.h', +) + +tests += [ + [files('test-umount.c', + 'umount.c', + 'umount.h'), + [], + [libmount]], +] diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c new file mode 100644 index 0000000..f9c798a --- /dev/null +++ b/src/shutdown/shutdown.c @@ -0,0 +1,645 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ +/*** + Copyright © 2010 ProFUSION embedded systems +***/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "alloc-util.h" +#include "async.h" +#include "binfmt-util.h" +#include "cgroup-setup.h" +#include "cgroup-util.h" +#include "def.h" +#include "errno-util.h" +#include "exec-util.h" +#include "fd-util.h" +#include "fileio.h" +#include "killall.h" +#include "log.h" +#include "parse-util.h" +#include "process-util.h" +#include "reboot-util.h" +#include "rlimit-util.h" +#include "signal-util.h" +#include "string-util.h" +#include "switch-root.h" +#include "sysctl-util.h" +#include "terminal-util.h" +#include "umount.h" +#include "util.h" +#include "virt.h" +#include "watchdog.h" + +#define SYNC_PROGRESS_ATTEMPTS 3 +#define SYNC_TIMEOUT_USEC (10*USEC_PER_SEC) + +static char* arg_verb; +static uint8_t arg_exit_code; +static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC; + +static int parse_argv(int argc, char *argv[]) { + enum { + ARG_LOG_LEVEL = 0x100, + ARG_LOG_TARGET, + ARG_LOG_COLOR, + ARG_LOG_LOCATION, + ARG_LOG_TIME, + ARG_EXIT_CODE, + ARG_TIMEOUT, + }; + + static const struct option options[] = { + { "log-level", required_argument, NULL, ARG_LOG_LEVEL }, + { "log-target", required_argument, NULL, ARG_LOG_TARGET }, + { "log-color", optional_argument, NULL, ARG_LOG_COLOR }, + { "log-location", optional_argument, NULL, ARG_LOG_LOCATION }, + { "log-time", optional_argument, NULL, ARG_LOG_TIME }, + { "exit-code", required_argument, NULL, ARG_EXIT_CODE }, + { "timeout", required_argument, NULL, ARG_TIMEOUT }, + {} + }; + + int c, r; + + assert(argc >= 1); + assert(argv); + + /* Resetting to 0 forces the invocation of an internal initialization routine of getopt_long() + * that checks for GNU extensions in optstring ('-' or '+' at the beginning). */ + optind = 0; + + /* "-" prevents getopt from permuting argv[] and moving the verb away + * from argv[1]. Our interface to initrd promises it'll be there. */ + while ((c = getopt_long(argc, argv, "-", options, NULL)) >= 0) + switch (c) { + + case ARG_LOG_LEVEL: + r = log_set_max_level_from_string(optarg); + if (r < 0) + log_error_errno(r, "Failed to parse log level %s, ignoring: %m", optarg); + + break; + + case ARG_LOG_TARGET: + r = log_set_target_from_string(optarg); + if (r < 0) + log_error_errno(r, "Failed to parse log target %s, ignoring: %m", optarg); + + break; + + case ARG_LOG_COLOR: + + if (optarg) { + r = log_show_color_from_string(optarg); + if (r < 0) + log_error_errno(r, "Failed to parse log color setting %s, ignoring: %m", optarg); + } else + log_show_color(true); + + break; + + case ARG_LOG_LOCATION: + if (optarg) { + r = log_show_location_from_string(optarg); + if (r < 0) + log_error_errno(r, "Failed to parse log location setting %s, ignoring: %m", optarg); + } else + log_show_location(true); + + break; + + case ARG_LOG_TIME: + + if (optarg) { + r = log_show_time_from_string(optarg); + if (r < 0) + log_error_errno(r, "Failed to parse log time setting %s, ignoring: %m", optarg); + } else + log_show_time(true); + + break; + + case ARG_EXIT_CODE: + r = safe_atou8(optarg, &arg_exit_code); + if (r < 0) + log_error_errno(r, "Failed to parse exit code %s, ignoring: %m", optarg); + + break; + + case ARG_TIMEOUT: + r = parse_sec(optarg, &arg_timeout); + if (r < 0) + log_error_errno(r, "Failed to parse shutdown timeout %s, ignoring: %m", optarg); + + break; + + case '\001': + if (!arg_verb) + arg_verb = optarg; + else + log_error("Excess arguments, ignoring"); + break; + + case '?': + return -EINVAL; + + default: + assert_not_reached(); + } + + if (!arg_verb) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Verb argument missing."); + + return 0; +} + +static int switch_root_initramfs(void) { + if (mount("/run/initramfs", "/run/initramfs", NULL, MS_BIND, NULL) < 0) + return log_error_errno(errno, "Failed to mount bind /run/initramfs on /run/initramfs: %m"); + + if (mount(NULL, "/run/initramfs", NULL, MS_PRIVATE, NULL) < 0) + return log_error_errno(errno, "Failed to make /run/initramfs private mount: %m"); + + /* switch_root with MS_BIND, because there might still be processes lurking around, which have open file descriptors. + * /run/initramfs/shutdown will take care of these. + * Also do not detach the old root, because /run/initramfs/shutdown needs to access it. + */ + return switch_root("/run/initramfs", "/oldroot", false, MS_BIND); +} + +/* Read the following fields from /proc/meminfo: + * + * NFS_Unstable + * Writeback + * Dirty + * + * Return true if the sum of these fields is greater than the previous + * value input. For all other issues, report the failure and indicate that + * the sync is not making progress. + */ +static int sync_making_progress(unsigned long long *prev_dirty) { + _cleanup_fclose_ FILE *f = NULL; + unsigned long long val = 0; + int ret; + + f = fopen("/proc/meminfo", "re"); + if (!f) + return log_warning_errno(errno, "Failed to open /proc/meminfo: %m"); + + for (;;) { + _cleanup_free_ char *line = NULL; + unsigned long long ull = 0; + int q; + + q = read_line(f, LONG_LINE_MAX, &line); + if (q < 0) + return log_warning_errno(q, "Failed to parse /proc/meminfo: %m"); + if (q == 0) + break; + + if (!first_word(line, "NFS_Unstable:") && !first_word(line, "Writeback:") && !first_word(line, "Dirty:")) + continue; + + errno = 0; + if (sscanf(line, "%*s %llu %*s", &ull) != 1) { + if (errno != 0) + log_warning_errno(errno, "Failed to parse /proc/meminfo: %m"); + else + log_warning("Failed to parse /proc/meminfo"); + + return false; + } + + val += ull; + } + + ret = *prev_dirty > val; + *prev_dirty = val; + return ret; +} + +static void sync_with_progress(void) { + unsigned long long dirty = ULLONG_MAX; + unsigned checks; + pid_t pid; + int r; + + BLOCK_SIGNALS(SIGCHLD); + + /* Due to the possibility of the sync operation hanging, we fork a child process and monitor + * the progress. If the timeout lapses, the assumption is that the particular sync stalled. */ + + r = asynchronous_sync(&pid); + if (r < 0) { + log_error_errno(r, "Failed to fork sync(): %m"); + return; + } + + log_info("Syncing filesystems and block devices."); + + /* Start monitoring the sync operation. If more than + * SYNC_PROGRESS_ATTEMPTS lapse without progress being made, + * we assume that the sync is stalled */ + for (checks = 0; checks < SYNC_PROGRESS_ATTEMPTS; checks++) { + r = wait_for_terminate_with_timeout(pid, SYNC_TIMEOUT_USEC); + if (r == 0) + /* Sync finished without error. + * (The sync itself does not return an error code) */ + return; + else if (r == -ETIMEDOUT) { + /* Reset the check counter if the "Dirty" value is + * decreasing */ + if (sync_making_progress(&dirty) > 0) + checks = 0; + } else { + log_error_errno(r, "Failed to sync filesystems and block devices: %m"); + return; + } + } + + /* Only reached in the event of a timeout. We should issue a kill + * to the stray process. */ + log_error("Syncing filesystems and block devices - timed out, issuing SIGKILL to PID "PID_FMT".", pid); + (void) kill(pid, SIGKILL); +} + +static int read_current_sysctl_printk_log_level(void) { + _cleanup_free_ char *sysctl_printk_vals = NULL, *sysctl_printk_curr = NULL; + int current_lvl; + const char *p; + int r; + + r = sysctl_read("kernel/printk", &sysctl_printk_vals); + if (r < 0) + return log_debug_errno(r, "Cannot read sysctl kernel.printk: %m"); + + p = sysctl_printk_vals; + r = extract_first_word(&p, &sysctl_printk_curr, NULL, 0); + if (r < 0) + return log_debug_errno(r, "Failed to split out kernel printk priority: %m"); + if (r == 0) + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Short read while reading kernel.printk sysctl"); + + r = safe_atoi(sysctl_printk_curr, ¤t_lvl); + if (r < 0) + return log_debug_errno(r, "Failed to parse kernel.printk sysctl: %s", sysctl_printk_vals); + + return current_lvl; +} + +static void bump_sysctl_printk_log_level(int min_level) { + int current_lvl, r; + + /* Set the logging level to be able to see messages with log level smaller or equal to min_level */ + + current_lvl = read_current_sysctl_printk_log_level(); + if (current_lvl < 0 || current_lvl >= min_level + 1) + return; + + r = sysctl_writef("kernel/printk", "%i", min_level + 1); + if (r < 0) + log_debug_errno(r, "Failed to bump kernel.printk to %i: %m", min_level + 1); +} + +static void init_watchdog(void) { + const char *s; + int r; + + s = getenv("WATCHDOG_DEVICE"); + if (s) { + r = watchdog_set_device(s); + if (r < 0) + log_warning_errno(r, "Failed to set watchdog device to %s, ignoring: %m", s); + } + + s = getenv("WATCHDOG_USEC"); + if (s) { + usec_t usec; + + r = safe_atou64(s, &usec); + if (r < 0) + log_warning_errno(r, "Failed to parse watchdog timeout '%s', ignoring: %m", s); + else + (void) watchdog_setup(usec); + } +} + +int main(int argc, char *argv[]) { + static const char* const dirs[] = { + SYSTEM_SHUTDOWN_PATH, + NULL + }; + _cleanup_free_ char *cgroup = NULL; + char *arguments[3]; + int cmd, r; + + /* The log target defaults to console, but the original systemd process will pass its log target in through a + * command line argument, which will override this default. Also, ensure we'll never log to the journal or + * syslog, as these logging daemons are either already dead or will die very soon. */ + + log_set_target(LOG_TARGET_CONSOLE); + log_set_prohibit_ipc(true); + log_parse_environment(); + + if (getpid_cached() == 1) + log_set_always_reopen_console(true); + + r = parse_argv(argc, argv); + if (r < 0) + goto error; + + log_open(); + + umask(0022); + + if (getpid_cached() != 1) { + r = log_error_errno(SYNTHETIC_ERRNO(EPERM), "Not executed by init (PID 1)."); + goto error; + } + + if (streq(arg_verb, "reboot")) + cmd = RB_AUTOBOOT; + else if (streq(arg_verb, "poweroff")) + cmd = RB_POWER_OFF; + else if (streq(arg_verb, "halt")) + cmd = RB_HALT_SYSTEM; + else if (streq(arg_verb, "kexec")) + cmd = LINUX_REBOOT_CMD_KEXEC; + else if (streq(arg_verb, "exit")) + cmd = 0; /* ignored, just checking that arg_verb is valid */ + else { + r = log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unknown action '%s'.", arg_verb); + goto error; + } + + (void) cg_get_root_path(&cgroup); + bool in_container = detect_container() > 0; + + /* If the logging messages are going to KMSG, and if we are not running from a container, then try to + * update the sysctl kernel.printk current value in order to see "info" messages; This current log + * level is not updated if already big enough. + */ + if (!in_container && + IN_SET(log_get_target(), + LOG_TARGET_AUTO, + LOG_TARGET_JOURNAL_OR_KMSG, + LOG_TARGET_SYSLOG_OR_KMSG, + LOG_TARGET_KMSG)) + bump_sysctl_printk_log_level(LOG_WARNING); + + init_watchdog(); + + /* Lock us into memory */ + (void) mlockall(MCL_CURRENT|MCL_FUTURE); + + /* Synchronize everything that is not written to disk yet at this point already. This is a good idea so that + * slow IO is processed here already and the final process killing spree is not impacted by processes + * desperately trying to sync IO to disk within their timeout. Do not remove this sync, data corruption will + * result. */ + if (!in_container) + sync_with_progress(); + + disable_coredumps(); + disable_binfmt(); + + log_info("Sending SIGTERM to remaining processes..."); + broadcast_signal(SIGTERM, true, true, arg_timeout); + + log_info("Sending SIGKILL to remaining processes..."); + broadcast_signal(SIGKILL, true, false, arg_timeout); + + bool need_umount = !in_container, need_swapoff = !in_container, need_loop_detach = !in_container, + need_dm_detach = !in_container, need_md_detach = !in_container, can_initrd, last_try = false; + can_initrd = !in_container && !in_initrd() && access("/run/initramfs/shutdown", X_OK) == 0; + + /* Unmount all mountpoints, swaps, and loopback devices */ + for (;;) { + bool changed = false; + + (void) watchdog_ping(); + + /* Let's trim the cgroup tree on each iteration so that we leave an empty cgroup tree around, + * so that container managers get a nice notify event when we are down */ + if (cgroup) + (void) cg_trim(SYSTEMD_CGROUP_CONTROLLER, cgroup, false); + + if (need_umount) { + log_info("Unmounting file systems."); + r = umount_all(&changed, last_try); + if (r == 0) { + need_umount = false; + log_info("All filesystems unmounted."); + } else if (r > 0) + log_info("Not all file systems unmounted, %d left.", r); + else + log_error_errno(r, "Failed to unmount file systems: %m"); + } + + if (need_swapoff) { + log_info("Deactivating swaps."); + r = swapoff_all(&changed); + if (r == 0) { + need_swapoff = false; + log_info("All swaps deactivated."); + } else if (r > 0) + log_info("Not all swaps deactivated, %d left.", r); + else + log_error_errno(r, "Failed to deactivate swaps: %m"); + } + + if (need_loop_detach) { + log_info("Detaching loop devices."); + r = loopback_detach_all(&changed, last_try); + if (r == 0) { + need_loop_detach = false; + log_info("All loop devices detached."); + } else if (r > 0) + log_info("Not all loop devices detached, %d left.", r); + else + log_error_errno(r, "Failed to detach loop devices: %m"); + } + + if (need_md_detach) { + log_info("Stopping MD devices."); + r = md_detach_all(&changed, last_try); + if (r == 0) { + need_md_detach = false; + log_info("All MD devices stopped."); + } else if (r > 0) + log_info("Not all MD devices stopped, %d left.", r); + else + log_error_errno(r, "Failed to stop MD devices: %m"); + } + + if (need_dm_detach) { + log_info("Detaching DM devices."); + r = dm_detach_all(&changed, last_try); + if (r == 0) { + need_dm_detach = false; + log_info("All DM devices detached."); + } else if (r > 0) + log_info("Not all DM devices detached, %d left.", r); + else + log_error_errno(r, "Failed to detach DM devices: %m"); + } + + if (!need_umount && !need_swapoff && !need_loop_detach && !need_dm_detach + && !need_md_detach) { + log_info("All filesystems, swaps, loop devices, MD devices and DM devices detached."); + /* Yay, done */ + break; + } + + if (!changed && !last_try && !can_initrd) { + /* There are things we cannot get rid of. Loop one more time in which we will log + * with higher priority to inform the user. Note that we don't need to do this if + * there is an initrd to switch to, because that one is likely to get rid of the + * remaining mounts. If not, it will log about them. */ + last_try = true; + continue; + } + + /* If in this iteration we didn't manage to unmount/deactivate anything, we simply give up */ + if (!changed) { + log_info("Cannot finalize remaining%s%s%s%s%s continuing.", + need_umount ? " file systems," : "", + need_swapoff ? " swap devices," : "", + need_loop_detach ? " loop devices," : "", + need_dm_detach ? " DM devices," : "", + need_md_detach ? " MD devices," : ""); + break; + } + + log_debug("Couldn't finalize remaining %s%s%s%s%s trying again.", + need_umount ? " file systems," : "", + need_swapoff ? " swap devices," : "", + need_loop_detach ? " loop devices," : "", + need_dm_detach ? " DM devices," : "", + need_md_detach ? " MD devices," : ""); + } + + /* We're done with the watchdog. Note that the watchdog is explicitly not stopped here. It remains + * active to guard against any issues during the rest of the shutdown sequence. */ + watchdog_free_device(); + + arguments[0] = NULL; /* Filled in by execute_directories(), when needed */ + arguments[1] = arg_verb; + arguments[2] = NULL; + (void) execute_directories(dirs, DEFAULT_TIMEOUT_USEC, NULL, NULL, arguments, NULL, EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS); + + (void) rlimit_nofile_safe(); + + if (can_initrd) { + r = switch_root_initramfs(); + if (r >= 0) { + argv[0] = (char*) "/shutdown"; + + (void) setsid(); + (void) make_console_stdio(); + + log_info("Successfully changed into root pivot.\n" + "Returning to initrd..."); + + execv("/shutdown", argv); + log_error_errno(errno, "Failed to execute shutdown binary: %m"); + } else + log_error_errno(r, "Failed to switch root to \"/run/initramfs\": %m"); + } + + if (need_umount || need_swapoff || need_loop_detach || need_dm_detach || need_md_detach) + log_error("Failed to finalize%s%s%s%s%s ignoring.", + need_umount ? " file systems," : "", + need_swapoff ? " swap devices," : "", + need_loop_detach ? " loop devices," : "", + need_dm_detach ? " DM devices," : "", + need_md_detach ? " MD devices," : ""); + + /* The kernel will automatically flush ATA disks and suchlike on reboot(), but the file systems need + * to be sync'ed explicitly in advance. So let's do this here, but not needlessly slow down + * containers. Note that we sync'ed things already once above, but we did some more work since then + * which might have caused IO, hence let's do it once more. Do not remove this sync, data corruption + * will result. */ + if (!in_container) + sync_with_progress(); + + if (streq(arg_verb, "exit")) { + if (in_container) { + log_info("Exiting container."); + return arg_exit_code; + } + + cmd = RB_POWER_OFF; /* We cannot exit() on the host, fallback on another method. */ + } + + switch (cmd) { + + case LINUX_REBOOT_CMD_KEXEC: + + if (!in_container) { + /* We cheat and exec kexec to avoid doing all its work */ + log_info("Rebooting with kexec."); + + r = safe_fork("(sd-kexec)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_WAIT, NULL); + if (r == 0) { + const char * const args[] = { + KEXEC, "-e", NULL + }; + + /* Child */ + + execv(args[0], (char * const *) args); + log_debug_errno(errno, "Failed to execute '" KEXEC "' binary, proceeding with reboot(RB_KEXEC): %m"); + + /* execv failed (kexec binary missing?), so try simply reboot(RB_KEXEC) */ + (void) reboot(cmd); + _exit(EXIT_FAILURE); + } + + /* If we are still running, then the kexec can't have worked, let's fall through */ + } + + cmd = RB_AUTOBOOT; + _fallthrough_; + + case RB_AUTOBOOT: + (void) reboot_with_parameter(REBOOT_LOG); + log_info("Rebooting."); + break; + + case RB_POWER_OFF: + log_info("Powering off."); + break; + + case RB_HALT_SYSTEM: + log_info("Halting system."); + break; + + default: + assert_not_reached(); + } + + (void) reboot(cmd); + if (ERRNO_IS_PRIVILEGE(errno) && in_container) { + /* If we are in a container, and we lacked CAP_SYS_BOOT just exit, this will kill our + * container for good. */ + log_info("Exiting container."); + return EXIT_SUCCESS; + } + + r = log_error_errno(errno, "Failed to invoke reboot(): %m"); + + error: + log_emergency_errno(r, "Critical error while doing system shutdown: %m"); + freeze(); +} diff --git a/src/shutdown/test-umount.c b/src/shutdown/test-umount.c new file mode 100644 index 0000000..c92105b --- /dev/null +++ b/src/shutdown/test-umount.c @@ -0,0 +1,74 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include "alloc-util.h" +#include "errno-util.h" +#include "log.h" +#include "path-util.h" +#include "string-util.h" +#include "tests.h" +#include "umount.h" +#include "util.h" + +static void test_mount_points_list_one(const char *fname) { + _cleanup_(mount_points_list_free) LIST_HEAD(MountPoint, mp_list_head); + _cleanup_free_ char *testdata_fname = NULL; + + log_info("/* %s(\"%s\") */", __func__, fname ?: "/proc/self/mountinfo"); + + if (fname) { + assert_se(get_testdata_dir(fname, &testdata_fname) >= 0); + fname = testdata_fname; + } + + LIST_HEAD_INIT(mp_list_head); + assert_se(mount_points_list_get(fname, &mp_list_head) >= 0); + + LIST_FOREACH(mount_point, m, mp_list_head) + log_debug("path=%s o=%s f=0x%lx try-ro=%s dev=%u:%u", + m->path, + strempty(m->remount_options), + m->remount_flags, + yes_no(m->try_remount_ro), + major(m->devnum), minor(m->devnum)); +} + +TEST(mount_points_list) { + test_mount_points_list_one(NULL); + test_mount_points_list_one("/test-umount/empty.mountinfo"); + test_mount_points_list_one("/test-umount/garbled.mountinfo"); + test_mount_points_list_one("/test-umount/rhbug-1554943.mountinfo"); +} + +static void test_swap_list_one(const char *fname) { + _cleanup_(mount_points_list_free) LIST_HEAD(MountPoint, mp_list_head); + _cleanup_free_ char *testdata_fname = NULL; + int r; + + log_info("/* %s(\"%s\") */", __func__, fname ?: "/proc/swaps"); + + if (fname) { + assert_se(get_testdata_dir(fname, &testdata_fname) >= 0); + fname = testdata_fname; + } + + LIST_HEAD_INIT(mp_list_head); + r = swap_list_get(fname, &mp_list_head); + if (ERRNO_IS_PRIVILEGE(r)) + return; + assert_se(r >= 0); + + LIST_FOREACH(mount_point, m, mp_list_head) + log_debug("path=%s o=%s f=0x%lx try-ro=%s dev=%u:%u", + m->path, + strempty(m->remount_options), + m->remount_flags, + yes_no(m->try_remount_ro), + major(m->devnum), minor(m->devnum)); +} + +TEST(swap_list) { + test_swap_list_one(NULL); + test_swap_list_one("/test-umount/example.swaps"); +} + +DEFINE_TEST_MAIN(LOG_DEBUG); diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c new file mode 100644 index 0000000..e650b82 --- /dev/null +++ b/src/shutdown/umount.c @@ -0,0 +1,932 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ +/*** + Copyright © 2010 ProFUSION embedded systems +***/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if HAVE_VALGRIND_MEMCHECK_H +#include +#endif + +#include "sd-device.h" + +#include "alloc-util.h" +#include "blockdev-util.h" +#include "def.h" +#include "device-util.h" +#include "dirent-util.h" +#include "escape.h" +#include "fd-util.h" +#include "fileio.h" +#include "fs-util.h" +#include "fstab-util.h" +#include "libmount-util.h" +#include "mount-setup.h" +#include "mount-util.h" +#include "mountpoint-util.h" +#include "parse-util.h" +#include "path-util.h" +#include "process-util.h" +#include "signal-util.h" +#include "string-util.h" +#include "strv.h" +#include "sync-util.h" +#include "umount.h" +#include "util.h" +#include "virt.h" + +static void mount_point_free(MountPoint **head, MountPoint *m) { + assert(head); + assert(m); + + LIST_REMOVE(mount_point, *head, m); + + free(m->path); + free(m->remount_options); + free(m); +} + +void mount_points_list_free(MountPoint **head) { + assert(head); + + while (*head) + mount_point_free(head, *head); +} + +int mount_points_list_get(const char *mountinfo, MountPoint **head) { + _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL; + _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL; + int r; + + assert(head); + + r = libmount_parse(mountinfo, NULL, &table, &iter); + if (r < 0) + return log_error_errno(r, "Failed to parse %s: %m", mountinfo ?: "/proc/self/mountinfo"); + + for (;;) { + _cleanup_free_ char *options = NULL, *remount_options = NULL; + struct libmnt_fs *fs; + const char *path, *fstype; + unsigned long remount_flags = 0u; + bool try_remount_ro, is_api_vfs; + _cleanup_free_ MountPoint *m = NULL; + + r = mnt_table_next_fs(table, iter, &fs); + if (r == 1) /* EOF */ + break; + if (r < 0) + return log_error_errno(r, "Failed to get next entry from %s: %m", mountinfo ?: "/proc/self/mountinfo"); + + path = mnt_fs_get_target(fs); + if (!path) + continue; + + fstype = mnt_fs_get_fstype(fs); + + /* Combine the generic VFS options with the FS-specific options. Duplicates are not a problem + * here, because the only options that should come up twice are typically ro/rw, which are + * turned into MS_RDONLY or the inversion of it. + * + * Even if there are duplicates later in mount_option_mangle() they shouldn't hurt anyways as + * they override each other. */ + if (!strextend_with_separator(&options, ",", mnt_fs_get_vfs_options(fs))) + return log_oom(); + if (!strextend_with_separator(&options, ",", mnt_fs_get_fs_options(fs))) + return log_oom(); + + /* Ignore mount points we can't unmount because they are API or because we are keeping them + * open (like /dev/console). Also, ignore all mounts below API file systems, since they are + * likely virtual too, and hence not worth spending time on. Also, in unprivileged containers + * we might lack the rights to unmount these things, hence don't bother. */ + if (mount_point_is_api(path) || + mount_point_ignore(path) || + PATH_STARTSWITH_SET(path, "/dev", "/sys", "/proc")) + continue; + + is_api_vfs = fstype_is_api_vfs(fstype); + + /* If we are in a container, don't attempt to read-only mount anything as that brings no real + * benefits, but might confuse the host, as we remount the superblock here, not the bind + * mount. + * + * If the filesystem is a network fs, also skip the remount. It brings no value (we cannot + * leave a "dirty fs") and could hang if the network is down. Note that umount2() is more + * careful and will not hang because of the network being down. */ + try_remount_ro = detect_container() <= 0 && + !fstype_is_network(fstype) && + !is_api_vfs && + !fstype_is_ro(fstype) && + !fstab_test_yes_no_option(options, "ro\0rw\0"); + + if (try_remount_ro) { + /* mount(2) states that mount flags and options need to be exactly the same as they + * were when the filesystem was mounted, except for the desired changes. So we + * reconstruct both here and adjust them for the later remount call too. */ + + r = mnt_fs_get_propagation(fs, &remount_flags); + if (r < 0) { + log_warning_errno(r, "mnt_fs_get_propagation() failed for %s, ignoring: %m", path); + continue; + } + + r = mount_option_mangle(options, remount_flags, &remount_flags, &remount_options); + if (r < 0) { + log_warning_errno(r, "mount_option_mangle failed for %s, ignoring: %m", path); + continue; + } + + /* MS_BIND is special. If it is provided it will only make the mount-point + * read-only. If left out, the super block itself is remounted, which we want. */ + remount_flags = (remount_flags|MS_REMOUNT|MS_RDONLY) & ~MS_BIND; + } + + m = new(MountPoint, 1); + if (!m) + return log_oom(); + + *m = (MountPoint) { + .remount_options = remount_options, + .remount_flags = remount_flags, + .try_remount_ro = try_remount_ro, + + /* Unmount sysfs/procfs/… lazily, since syncing doesn't matter there, and it's OK if + * something keeps an fd open to it. */ + .umount_lazily = is_api_vfs, + }; + + m->path = strdup(path); + if (!m->path) + return log_oom(); + + TAKE_PTR(remount_options); + + LIST_PREPEND(mount_point, *head, TAKE_PTR(m)); + } + + return 0; +} + +int swap_list_get(const char *swaps, MountPoint **head) { + _cleanup_(mnt_free_tablep) struct libmnt_table *t = NULL; + _cleanup_(mnt_free_iterp) struct libmnt_iter *i = NULL; + int r; + + assert(head); + + t = mnt_new_table(); + i = mnt_new_iter(MNT_ITER_FORWARD); + if (!t || !i) + return log_oom(); + + r = mnt_table_parse_swaps(t, swaps); + if (r == -ENOENT) /* no /proc/swaps is fine */ + return 0; + if (r < 0) + return log_error_errno(r, "Failed to parse %s: %m", swaps ?: "/proc/swaps"); + + for (;;) { + struct libmnt_fs *fs; + _cleanup_free_ MountPoint *swap = NULL; + const char *source; + + r = mnt_table_next_fs(t, i, &fs); + if (r == 1) /* EOF */ + break; + if (r < 0) + return log_error_errno(r, "Failed to get next entry from %s: %m", swaps ?: "/proc/swaps"); + + source = mnt_fs_get_source(fs); + if (!source) + continue; + + swap = new0(MountPoint, 1); + if (!swap) + return log_oom(); + + swap->path = strdup(source); + if (!swap->path) + return log_oom(); + + LIST_PREPEND(mount_point, *head, TAKE_PTR(swap)); + } + + return 0; +} + +static int loopback_list_get(MountPoint **head) { + _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; + sd_device *d; + int r; + + assert(head); + + r = sd_device_enumerator_new(&e); + if (r < 0) + return r; + + r = sd_device_enumerator_allow_uninitialized(e); + if (r < 0) + return r; + + r = sd_device_enumerator_add_match_subsystem(e, "block", true); + if (r < 0) + return r; + + r = sd_device_enumerator_add_match_sysname(e, "loop*"); + if (r < 0) + return r; + + r = sd_device_enumerator_add_match_sysattr(e, "loop/backing_file", NULL, true); + if (r < 0) + return r; + + FOREACH_DEVICE(e, d) { + _cleanup_free_ char *p = NULL; + const char *dn; + MountPoint *lb; + dev_t devnum; + + if (sd_device_get_devnum(d, &devnum) < 0 || + sd_device_get_devname(d, &dn) < 0) + continue; + + p = strdup(dn); + if (!p) + return -ENOMEM; + + lb = new(MountPoint, 1); + if (!lb) + return -ENOMEM; + + *lb = (MountPoint) { + .path = TAKE_PTR(p), + .devnum = devnum, + }; + + LIST_PREPEND(mount_point, *head, lb); + } + + return 0; +} + +static int dm_list_get(MountPoint **head) { + _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; + sd_device *d; + int r; + + assert(head); + + r = sd_device_enumerator_new(&e); + if (r < 0) + return r; + + r = sd_device_enumerator_allow_uninitialized(e); + if (r < 0) + return r; + + r = sd_device_enumerator_add_match_subsystem(e, "block", true); + if (r < 0) + return r; + + r = sd_device_enumerator_add_match_sysname(e, "dm-*"); + if (r < 0) + return r; + + FOREACH_DEVICE(e, d) { + _cleanup_free_ char *p = NULL; + const char *dn; + MountPoint *m; + dev_t devnum; + + if (sd_device_get_devnum(d, &devnum) < 0 || + sd_device_get_devname(d, &dn) < 0) + continue; + + p = strdup(dn); + if (!p) + return -ENOMEM; + + m = new(MountPoint, 1); + if (!m) + return -ENOMEM; + + *m = (MountPoint) { + .path = TAKE_PTR(p), + .devnum = devnum, + }; + + LIST_PREPEND(mount_point, *head, m); + } + + return 0; +} + +static int md_list_get(MountPoint **head) { + _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; + sd_device *d; + int r; + + assert(head); + + r = sd_device_enumerator_new(&e); + if (r < 0) + return r; + + r = sd_device_enumerator_allow_uninitialized(e); + if (r < 0) + return r; + + r = sd_device_enumerator_add_match_subsystem(e, "block", true); + if (r < 0) + return r; + + r = sd_device_enumerator_add_match_sysname(e, "md*"); + if (r < 0) + return r; + + /* Filter out partitions. */ + r = sd_device_enumerator_add_match_property(e, "DEVTYPE", "disk"); + if (r < 0) + return r; + + FOREACH_DEVICE(e, d) { + _cleanup_free_ char *p = NULL; + const char *dn, *md_level; + MountPoint *m; + dev_t devnum; + + if (sd_device_get_devnum(d, &devnum) < 0 || + sd_device_get_devname(d, &dn) < 0) + continue; + + r = sd_device_get_property_value(d, "MD_LEVEL", &md_level); + if (r < 0) { + log_warning_errno(r, "Failed to get MD_LEVEL property for %s, ignoring: %m", dn); + continue; + } + + /* MD "containers" are a special type of MD devices, used for external metadata. Since it + * doesn't provide RAID functionality in itself we don't need to stop it. */ + if (streq(md_level, "container")) + continue; + + p = strdup(dn); + if (!p) + return -ENOMEM; + + m = new(MountPoint, 1); + if (!m) + return -ENOMEM; + + *m = (MountPoint) { + .path = TAKE_PTR(p), + .devnum = devnum, + }; + + LIST_PREPEND(mount_point, *head, m); + } + + return 0; +} + +static int delete_loopback(const char *device) { + _cleanup_close_ int fd = -1; + struct loop_info64 info; + + assert(device); + + fd = open(device, O_RDONLY|O_CLOEXEC); + if (fd < 0) { + log_debug_errno(errno, "Failed to open loopback device %s: %m", device); + return errno == ENOENT ? 0 : -errno; + } + + /* Loopback block devices don't sync in-flight blocks when we clear the fd, hence sync explicitly + * first */ + if (fsync(fd) < 0) + log_debug_errno(errno, "Failed to sync loop block device %s, ignoring: %m", device); + + if (ioctl(fd, LOOP_CLR_FD, 0) < 0) { + if (errno == ENXIO) /* Nothing bound, didn't do anything */ + return 0; + + if (errno != EBUSY) + return log_debug_errno(errno, "Failed to clear loopback device %s: %m", device); + + if (ioctl(fd, LOOP_GET_STATUS64, &info) < 0) { + if (errno == ENXIO) /* What? Suddenly detached after all? That's fine by us then. */ + return 1; + + log_debug_errno(errno, "Failed to invoke LOOP_GET_STATUS64 on loopback device %s, ignoring: %m", device); + return -EBUSY; /* propagate original error */ + } + +#if HAVE_VALGRIND_MEMCHECK_H + VALGRIND_MAKE_MEM_DEFINED(&info, sizeof(info)); +#endif + + if (FLAGS_SET(info.lo_flags, LO_FLAGS_AUTOCLEAR)) /* someone else already set LO_FLAGS_AUTOCLEAR for us? fine by us */ + return -EBUSY; /* propagate original error */ + + info.lo_flags |= LO_FLAGS_AUTOCLEAR; + if (ioctl(fd, LOOP_SET_STATUS64, &info) < 0) { + if (errno == ENXIO) /* Suddenly detached after all? Fine by us */ + return 1; + + log_debug_errno(errno, "Failed to set LO_FLAGS_AUTOCLEAR flag for loop device %s, ignoring: %m", device); + } else + log_debug("Successfully set LO_FLAGS_AUTOCLEAR flag for loop device %s.", device); + + return -EBUSY; + } + + if (ioctl(fd, LOOP_GET_STATUS64, &info) < 0) { + /* If the LOOP_CLR_FD above succeeded we'll see ENXIO here. */ + if (errno == ENXIO) + log_debug("Successfully detached loopback device %s.", device); + else + log_debug_errno(errno, "Failed to invoke LOOP_GET_STATUS64 on loopback device %s, ignoring: %m", device); /* the LOOP_CLR_FD at least worked, let's hope for the best */ + + return 1; + } + +#if HAVE_VALGRIND_MEMCHECK_H + VALGRIND_MAKE_MEM_DEFINED(&info, sizeof(info)); +#endif + + /* Linux makes LOOP_CLR_FD succeed whenever LO_FLAGS_AUTOCLEAR is set without actually doing + * anything. Very confusing. Let's hence not claim we did anything in this case. */ + if (FLAGS_SET(info.lo_flags, LO_FLAGS_AUTOCLEAR)) + log_debug("Successfully called LOOP_CLR_FD on a loopback device %s with autoclear set, which is a NOP.", device); + else + log_debug("Weird, LOOP_CLR_FD succeeded but the device is still attached on %s.", device); + + return -EBUSY; /* Nothing changed, the device is still attached, hence it apparently is still busy */ +} + +static int delete_dm(MountPoint *m) { + _cleanup_close_ int fd = -1; + int r; + + assert(m); + assert(major(m->devnum) != 0); + assert(m->path); + + fd = open("/dev/mapper/control", O_RDWR|O_CLOEXEC); + if (fd < 0) + return -errno; + + r = fsync_path_at(AT_FDCWD, m->path); + if (r < 0) + log_debug_errno(r, "Failed to sync DM block device %s, ignoring: %m", m->path); + + return RET_NERRNO(ioctl(fd, DM_DEV_REMOVE, &(struct dm_ioctl) { + .version = { + DM_VERSION_MAJOR, + DM_VERSION_MINOR, + DM_VERSION_PATCHLEVEL + }, + .data_size = sizeof(struct dm_ioctl), + .dev = m->devnum, + })); +} + +static int delete_md(MountPoint *m) { + _cleanup_close_ int fd = -1; + + assert(m); + assert(major(m->devnum) != 0); + assert(m->path); + + fd = open(m->path, O_RDONLY|O_CLOEXEC|O_EXCL); + if (fd < 0) + return -errno; + + if (fsync(fd) < 0) + log_debug_errno(errno, "Failed to sync MD block device %s, ignoring: %m", m->path); + + return RET_NERRNO(ioctl(fd, STOP_ARRAY, NULL)); +} + +static bool nonunmountable_path(const char *path) { + return path_equal(path, "/") +#if ! HAVE_SPLIT_USR + || path_equal(path, "/usr") +#endif + || path_startswith(path, "/run/initramfs"); +} + +static void log_umount_blockers(const char *mnt) { + _cleanup_free_ char *blockers = NULL; + int r; + + _cleanup_closedir_ DIR *dir = opendir("/proc"); + if (!dir) + return (void) log_warning_errno(errno, "Failed to open /proc/: %m"); + + FOREACH_DIRENT_ALL(de, dir, break) { + if (!IN_SET(de->d_type, DT_DIR, DT_UNKNOWN)) + continue; + + pid_t pid; + if (parse_pid(de->d_name, &pid) < 0) + continue; + + _cleanup_free_ char *fdp = path_join(de->d_name, "fd"); + if (!fdp) + return (void) log_oom(); + + _cleanup_closedir_ DIR *fd_dir = xopendirat(dirfd(dir), fdp, 0); + if (!fd_dir) { + if (errno != ENOENT) /* process gone by now? */ + log_debug_errno(errno, "Failed to open /proc/%s/, ignoring: %m",fdp); + continue; + } + + bool culprit = false; + FOREACH_DIRENT(fd_de, fd_dir, break) { + _cleanup_free_ char *open_file = NULL; + + r = readlinkat_malloc(dirfd(fd_dir), fd_de->d_name, &open_file); + if (r < 0) { + if (r != -ENOENT) /* fd closed by now */ + log_debug_errno(r, "Failed to read link /proc/%s/%s, ignoring: %m", fdp, fd_de->d_name); + continue; + } + + if (path_startswith(open_file, mnt)) { + culprit = true; + break; + } + } + + if (!culprit) + continue; + + _cleanup_free_ char *comm = NULL; + r = get_process_comm(pid, &comm); + if (r < 0) { + if (r != -ESRCH) /* process gone by now */ + log_debug_errno(r, "Failed to read process name of PID " PID_FMT ": %m", pid); + continue; + } + + if (!strextend_with_separator(&blockers, ", ", comm)) + return (void) log_oom(); + + if (!strextend(&blockers, "(", de->d_name, ")")) + return (void) log_oom(); + } + + if (blockers) + log_warning("Unmounting '%s' blocked by: %s", mnt, blockers); +} + +static int remount_with_timeout(MountPoint *m, bool last_try) { + pid_t pid; + int r; + + BLOCK_SIGNALS(SIGCHLD); + + assert(m); + + /* Due to the possibility of a remount operation hanging, we fork a child process and set a + * timeout. If the timeout lapses, the assumption is that the particular remount failed. */ + r = safe_fork("(sd-remount)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_REOPEN_LOG, &pid); + if (r < 0) + return r; + if (r == 0) { + log_info("Remounting '%s' read-only with options '%s'.", m->path, strempty(m->remount_options)); + + /* Start the mount operation here in the child */ + r = mount(NULL, m->path, NULL, m->remount_flags, m->remount_options); + if (r < 0) + log_full_errno(last_try ? LOG_ERR : LOG_INFO, + errno, + "Failed to remount '%s' read-only: %m", + m->path); + + _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS); + } + + r = wait_for_terminate_with_timeout(pid, DEFAULT_TIMEOUT_USEC); + if (r == -ETIMEDOUT) { + log_error_errno(r, "Remounting '%s' timed out, issuing SIGKILL to PID " PID_FMT ".", m->path, pid); + (void) kill(pid, SIGKILL); + } else if (r == -EPROTO) + log_debug_errno(r, "Remounting '%s' failed abnormally, child process " PID_FMT " aborted or exited non-zero.", m->path, pid); + else if (r < 0) + log_error_errno(r, "Remounting '%s' failed unexpectedly, couldn't wait for child process " PID_FMT ": %m", m->path, pid); + + return r; +} + +static int umount_with_timeout(MountPoint *m, bool last_try) { + pid_t pid; + int r; + + BLOCK_SIGNALS(SIGCHLD); + + assert(m); + + /* Due to the possibility of a umount operation hanging, we fork a child process and set a + * timeout. If the timeout lapses, the assumption is that the particular umount failed. */ + r = safe_fork("(sd-umount)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_REOPEN_LOG, &pid); + if (r < 0) + return r; + if (r == 0) { + log_info("Unmounting '%s'.", m->path); + + /* Start the mount operation here in the child Using MNT_FORCE causes some filesystems + * (e.g. FUSE and NFS and other network filesystems) to abort any pending requests and return + * -EIO rather than blocking indefinitely. If the filesysten is "busy", this may allow + * processes to die, thus making the filesystem less busy so the unmount might succeed + * (rather than return EBUSY). */ + r = RET_NERRNO(umount2(m->path, + UMOUNT_NOFOLLOW | /* Don't follow symlinks: this should never happen unless our mount list was wrong */ + (m->umount_lazily ? MNT_DETACH : MNT_FORCE))); + if (r < 0) { + log_full_errno(last_try ? LOG_ERR : LOG_INFO, r, "Failed to unmount %s: %m", m->path); + + if (r == -EBUSY && last_try) + log_umount_blockers(m->path); + } + + _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS); + } + + r = wait_for_terminate_with_timeout(pid, DEFAULT_TIMEOUT_USEC); + if (r == -ETIMEDOUT) { + log_error_errno(r, "Unmounting '%s' timed out, issuing SIGKILL to PID " PID_FMT ".", m->path, pid); + (void) kill(pid, SIGKILL); + } else if (r == -EPROTO) + log_debug_errno(r, "Unmounting '%s' failed abnormally, child process " PID_FMT " aborted or exited non-zero.", m->path, pid); + else if (r < 0) + log_error_errno(r, "Unmounting '%s' failed unexpectedly, couldn't wait for child process " PID_FMT ": %m", m->path, pid); + + return r; +} + +/* This includes remounting readonly, which changes the kernel mount options. Therefore the list passed to + * this function is invalidated, and should not be reused. */ +static int mount_points_list_umount(MountPoint **head, bool *changed, bool last_try) { + int n_failed = 0; + + assert(head); + assert(changed); + + LIST_FOREACH(mount_point, m, *head) { + if (m->try_remount_ro) { + /* We always try to remount directories read-only first, before we go on and umount + * them. + * + * Mount points can be stacked. If a mount point is stacked below / or /usr, we + * cannot umount or remount it directly, since there is no way to refer to the + * underlying mount. There's nothing we can do about it for the general case, but we + * can do something about it if it is aliased somewhere else via a bind mount. If we + * explicitly remount the super block of that alias read-only we hence should be + * relatively safe regarding keeping a dirty fs we cannot otherwise see. + * + * Since the remount can hang in the instance of remote filesystems, we remount + * asynchronously and skip the subsequent umount if it fails. */ + if (remount_with_timeout(m, last_try) < 0) { + /* Remount failed, but try unmounting anyway, + * unless this is a mount point we want to skip. */ + if (nonunmountable_path(m->path)) { + n_failed++; + continue; + } + } + } + + /* Skip / and /usr since we cannot unmount that anyway, since we are running from it. They + * have already been remounted ro. */ + if (nonunmountable_path(m->path)) + continue; + + /* Trying to umount */ + if (umount_with_timeout(m, last_try) < 0) + n_failed++; + else + *changed = true; + } + + return n_failed; +} + +static int swap_points_list_off(MountPoint **head, bool *changed) { + int n_failed = 0; + + assert(head); + assert(changed); + + LIST_FOREACH(mount_point, m, *head) { + log_info("Deactivating swap %s.", m->path); + if (swapoff(m->path) < 0) { + log_warning_errno(errno, "Could not deactivate swap %s: %m", m->path); + n_failed++; + continue; + } + + *changed = true; + mount_point_free(head, m); + } + + return n_failed; +} + +static int loopback_points_list_detach(MountPoint **head, bool *changed, bool last_try) { + int n_failed = 0, r; + dev_t rootdev = 0; + + assert(head); + assert(changed); + + (void) get_block_device("/", &rootdev); + + LIST_FOREACH(mount_point, m, *head) { + if (major(rootdev) != 0 && rootdev == m->devnum) { + n_failed++; + continue; + } + + log_info("Detaching loopback %s.", m->path); + r = delete_loopback(m->path); + if (r < 0) { + log_full_errno(last_try ? LOG_ERR : LOG_INFO, r, "Could not detach loopback %s: %m", m->path); + n_failed++; + continue; + } + if (r > 0) + *changed = true; + + mount_point_free(head, m); + } + + return n_failed; +} + +static int dm_points_list_detach(MountPoint **head, bool *changed, bool last_try) { + int n_failed = 0, r; + dev_t rootdev = 0; + + assert(head); + assert(changed); + + (void) get_block_device("/", &rootdev); + + LIST_FOREACH(mount_point, m, *head) { + if (major(rootdev) != 0 && rootdev == m->devnum) { + n_failed ++; + continue; + } + + log_info("Detaching DM %s (%u:%u).", m->path, major(m->devnum), minor(m->devnum)); + r = delete_dm(m); + if (r < 0) { + log_full_errno(last_try ? LOG_ERR : LOG_INFO, r, "Could not detach DM %s: %m", m->path); + n_failed++; + continue; + } + + *changed = true; + mount_point_free(head, m); + } + + return n_failed; +} + +static int md_points_list_detach(MountPoint **head, bool *changed, bool last_try) { + int n_failed = 0, r; + dev_t rootdev = 0; + + assert(head); + assert(changed); + + (void) get_block_device("/", &rootdev); + + LIST_FOREACH(mount_point, m, *head) { + if (major(rootdev) != 0 && rootdev == m->devnum) { + n_failed ++; + continue; + } + + log_info("Stopping MD %s (%u:%u).", m->path, major(m->devnum), minor(m->devnum)); + r = delete_md(m); + if (r < 0) { + log_full_errno(last_try ? LOG_ERR : LOG_INFO, r, "Could not stop MD %s: %m", m->path); + n_failed++; + continue; + } + + *changed = true; + mount_point_free(head, m); + } + + return n_failed; +} + +static int umount_all_once(bool *changed, bool last_try) { + _cleanup_(mount_points_list_free) LIST_HEAD(MountPoint, mp_list_head); + int r; + + assert(changed); + + LIST_HEAD_INIT(mp_list_head); + r = mount_points_list_get(NULL, &mp_list_head); + if (r < 0) + return r; + + return mount_points_list_umount(&mp_list_head, changed, last_try); +} + +int umount_all(bool *changed, bool last_try) { + bool umount_changed; + int r; + + assert(changed); + + /* Retry umount, until nothing can be umounted anymore. Mounts are processed in order, newest + * first. The retries are needed when an old mount has been moved, to a path inside a newer mount. */ + do { + umount_changed = false; + + r = umount_all_once(&umount_changed, last_try); + if (umount_changed) + *changed = true; + } while (umount_changed); + + return r; +} + +int swapoff_all(bool *changed) { + _cleanup_(mount_points_list_free) LIST_HEAD(MountPoint, swap_list_head); + int r; + + assert(changed); + + LIST_HEAD_INIT(swap_list_head); + + r = swap_list_get(NULL, &swap_list_head); + if (r < 0) + return r; + + return swap_points_list_off(&swap_list_head, changed); +} + +int loopback_detach_all(bool *changed, bool last_try) { + _cleanup_(mount_points_list_free) LIST_HEAD(MountPoint, loopback_list_head); + int r; + + assert(changed); + + LIST_HEAD_INIT(loopback_list_head); + + r = loopback_list_get(&loopback_list_head); + if (r < 0) + return r; + + return loopback_points_list_detach(&loopback_list_head, changed, last_try); +} + +int dm_detach_all(bool *changed, bool last_try) { + _cleanup_(mount_points_list_free) LIST_HEAD(MountPoint, dm_list_head); + int r; + + assert(changed); + + LIST_HEAD_INIT(dm_list_head); + + r = dm_list_get(&dm_list_head); + if (r < 0) + return r; + + return dm_points_list_detach(&dm_list_head, changed, last_try); +} + +int md_detach_all(bool *changed, bool last_try) { + _cleanup_(mount_points_list_free) LIST_HEAD(MountPoint, md_list_head); + int r; + + assert(changed); + + LIST_HEAD_INIT(md_list_head); + + r = md_list_get(&md_list_head); + if (r < 0) + return r; + + return md_points_list_detach(&md_list_head, changed, last_try); +} diff --git a/src/shutdown/umount.h b/src/shutdown/umount.h new file mode 100644 index 0000000..a4154c9 --- /dev/null +++ b/src/shutdown/umount.h @@ -0,0 +1,29 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ +#pragma once + +/*** + Copyright © 2010 ProFUSION embedded systems +***/ + +#include "list.h" + +int umount_all(bool *changed, bool last_try); +int swapoff_all(bool *changed); +int loopback_detach_all(bool *changed, bool last_try); +int dm_detach_all(bool *changed, bool last_try); +int md_detach_all(bool *changed, bool last_try); + +/* This is exported just for testing */ +typedef struct MountPoint { + char *path; + char *remount_options; + unsigned long remount_flags; + bool try_remount_ro:1; + bool umount_lazily:1; + dev_t devnum; + LIST_FIELDS(struct MountPoint, mount_point); +} MountPoint; + +int mount_points_list_get(const char *mountinfo, MountPoint **head); +void mount_points_list_free(MountPoint **head); +int swap_list_get(const char *swaps, MountPoint **head); -- cgit v1.2.3