Make using msdosfs as the root file system sort of work:

o Initialize ownerships and permissions.  They were garbage (0) for
  root mounts since vfs_mountroot_try() doesn't ask for them to be set
  and msdosfs's old incomplete code to set them was removed.  The
  garbage happened to give the correct ownerships root:wheel, but it
  gave permissions 000 so init could not be execed.  Use the macros
  for root: wheel and 0755.  (The removed code gave 0:0 and 0777.  0755
  is more normal and secure, thought wrong for /tmp.)

o Check the readonly flag for initial (non-MNT_UPDATE) mounts in the
  correct place, as in ffs.  For root mounts, it is only passed in
  mp->mnt_flags, since vfs_mountroot_try() only passes it as a flag
  and nothing translates the flag to the "ro" option string.  msdosfs
  only looked for it in the string, so it gave a rw mount for root
  mounts without even clearing the flag in mp->mnt_flags, so the final
  state was inconsistent.  Checking the flag only in mp->mnt_flags
  works for initial userland mounts too.  The MNT_UPDATE case is
  messier.

The main point that should work but doesn't is fsck of msdosfs root
while it is mounted ro.  This needs mainly MNT_RELOAD support to work.
It should be possible to run fsck -p and succeed provided the fs is
consistent, not just for msdosfs, but this fails because fsck -p always
tries to open the device rw.  The hack that allows open for writing
in ffs is not implemented in msdosfs, since without MNT_RELOAD support
writing could only be harmful.  So fsck must be turned off to use
msdosfs as root.  This is quite dangerous, since msdosfs is still missing
actually using its fs-dirty flag internally, so it is happy to mount
dirty fileystems rw.

Unrelated changes:
- Fix missing error handling for MNT_UPDATE from rw to ro.
- Catch up with renaming msdos to msdosfs in a string.

Approved by:	re (kensmith)

1 files changed, 15 insertions, 3 deletions

diff --git a/sys/fs/msdosfs/msdosfs_vfsops.c b/sys/fs/msdosfs/msdosfs_vfsops.c
index ee09185..b495edb 100644
--- a/sys/fs/msdosfs/msdosfs_vfsops.c
+++ b/sys/fs/msdosfs/msdosfs_vfsops.c
@@ -279,9 +279,12 @@ msdosfs_mount(struct mount *mp, struct thread *td)
 				return (error);
 			DROP_GIANT();
 			g_topology_lock();
-			g_access(pmp->pm_cp, 0, -1, 0);
+			error = g_access(pmp->pm_cp, 0, -1, 0);
 			g_topology_unlock();
 			PICKUP_GIANT();
+			if (error)
+				return (error);
+
 			/* Now the volume is clean. Mark it. */
 			error = markvoldirty(pmp, 0);
 			if (error && (flags & FORCECLOSE) == 0)
@@ -402,11 +405,11 @@ mountmsdosfs(struct vnode *devvp, struct mount *mp, struct thread *td)
 	struct g_consumer *cp;
 	struct bufobj *bo;
 
-	ronly = !vfs_getopt(mp->mnt_optnew, "ro", NULL, NULL);
+	ronly = (mp->mnt_flag & MNT_RDONLY) != 0;
 	/* XXX: use VOP_ACCESS to check FS perms */
 	DROP_GIANT();
 	g_topology_lock();
-	error = g_vfs_open(devvp, &cp, "msdos", ronly ? 0 : 1);
+	error = g_vfs_open(devvp, &cp, "msdosfs", ronly ? 0 : 1);
 	g_topology_unlock();
 	PICKUP_GIANT();
 	VOP_UNLOCK(devvp, 0, td);
@@ -446,6 +449,15 @@ mountmsdosfs(struct vnode *devvp, struct mount *mp, struct thread *td)
 	pmp->pm_bo = bo;
 
 	/*
+	 * Initialize ownerships and permissions, since nothing else will
+	 * initialize them iff we are mounting root.
+	 */
+	pmp->pm_uid = UID_ROOT;
+	pmp->pm_gid = GID_WHEEL;
+	pmp->pm_mask = pmp->pm_dirmask = S_IXUSR | S_IXGRP | S_IXOTH |
+	    S_IRUSR | S_IRGRP | S_IROTH | S_IWUSR;
+
+	/*
 	 * Experimental support for large MS-DOS filesystems.
 	 * WARNING: This uses at least 32 bytes of kernel memory (which is not
 	 * reclaimed until the FS is unmounted) for each file on disk to map