Home | History | Annotate | Download | only in rootdev
      1 /* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
      2  * Use of this source code is governed by a BSD-style license that can be
      3  * found in the LICENSE file.
      4  *
      5  * Implements root device discovery via sysfs with optional bells and whistles.
      6  */
      7 
      8 #include "rootdev.h"
      9 
     10 #include <ctype.h>
     11 #include <dirent.h>
     12 #include <err.h>
     13 #include <errno.h>
     14 #include <fcntl.h>
     15 #include <stdbool.h>
     16 #include <stddef.h>
     17 #include <stdio.h>
     18 #include <stdlib.h>
     19 #include <string.h>
     20 #include <sys/stat.h>
     21 #include <sys/types.h>
     22 #include <unistd.h>
     23 
     24 /*
     25  * Limit prevents endless looping to find slave.
     26  * We currently have at most 2 levels, this allows
     27  * for future growth.
     28  */
     29 #define MAX_SLAVE_DEPTH 8
     30 
     31 static const char *kDefaultSearchPath = "/sys/block";
     32 static const char *kDefaultDevPath = "/dev/block";
     33 
     34 /* Encode the root device structuring here for Chromium OS */
     35 static const char kActiveRoot[] = "/dev/ACTIVE_ROOT";
     36 static const char kRootDev[] = "/dev/ROOT";
     37 static const char kRootA[] = "/dev/ROOT0";
     38 static const char kRootB[] = "/dev/ROOT1";
     39 
     40 struct part_config {
     41   const char *name;
     42   int offset;
     43 };
     44 
     45 #define CHROMEOS_PRIMARY_PARTITION 3
     46 static const struct part_config kPrimaryPart[] = { { kRootA,    0 },
     47                                                    { kRootDev, -3 },
     48                                                    { kRootB,    2 } };
     49 #define CHROMEOS_SECONDARY_PARTITION 5
     50 static const struct part_config kSecondaryPart[] = { { kRootB,    0 },
     51                                                      { kRootDev, -5 },
     52                                                      { kRootA,   -2 } };
     53 
     54 /* The number of entries in a part_config so we could add RootC easily. */
     55 static const int kPartitionEntries = 3;
     56 
     57 /* Converts a file of %u:%u -> dev_t. */
     58 static dev_t devt_from_file(const char *file) {
     59   char candidate[10];  /* TODO(wad) system-provided constant? */
     60   ssize_t bytes = 0;
     61   unsigned int major_num = 0;
     62   unsigned int minor_num = 0;
     63   dev_t dev = 0;
     64   int fd = -1;
     65 
     66   /* Never hang. Either get the data or return 0. */
     67   fd = open(file, O_NONBLOCK | O_RDONLY);
     68   if (fd < 0)
     69     return 0;
     70   bytes = read(fd, candidate, sizeof(candidate));
     71   close(fd);
     72 
     73   /* 0:0 should be considered the minimum size. */
     74   if (bytes < 3)
     75     return 0;
     76   candidate[bytes] = 0;
     77   if (sscanf(candidate, "%u:%u", &major_num, &minor_num) == 2) {
     78     /* candidate's size artificially limits the size of the converted
     79      * %u to safely convert to a signed int. */
     80     dev = makedev(major_num, minor_num);
     81   }
     82   return dev;
     83 }
     84 
     85 /* Walks sysfs and recurses into any directory/link that represents
     86  * a block device to find sub-devices (partitions) for dev.
     87  * If dev == 0, the name fo the first device in the directory will be returned.
     88  * Returns the device's name in "name" */
     89 static int match_sysfs_device(char *name, size_t name_len,
     90                               const char *basedir, dev_t *dev, int depth) {
     91   int found = -1;
     92   size_t basedir_len;
     93   DIR *dirp = NULL;
     94   struct dirent *entry = NULL;
     95   struct dirent *next = NULL;
     96   char *working_path = NULL;
     97   long working_path_size = 0;
     98 
     99   if (!name || !name_len || !basedir || !dev) {
    100     warnx("match_sysfs_device: invalid arguments supplied");
    101     return -1;
    102   }
    103   basedir_len = strlen(basedir);
    104   if (!basedir_len) {
    105     warnx("match_sysfs_device: basedir must not be empty");
    106     return -1;
    107   }
    108 
    109   errno = 0;
    110   dirp = opendir(basedir);
    111   if (!dirp) {
    112      /* Don't complain if the directory doesn't exist. */
    113      if (errno != ENOENT)
    114        warn("match_sysfs_device:opendir(%s)", basedir);
    115      return found;
    116   }
    117 
    118   /* Grab a platform appropriate path to work with.
    119    * Ideally, this won't vary under sys/block. */
    120   working_path_size = pathconf(basedir, _PC_NAME_MAX) + 1;
    121   /* Fallback to PATH_MAX on any pathconf error. */
    122   if (working_path_size < 0)
    123     working_path_size = PATH_MAX;
    124 
    125   working_path = malloc(working_path_size);
    126   if (!working_path) {
    127     warn("malloc(dirent)");
    128     closedir(dirp);
    129     return found;
    130   }
    131 
    132   /* Allocate a properly sized entry. */
    133   entry = malloc(offsetof(struct dirent, d_name) + working_path_size);
    134   if (!entry) {
    135     warn("malloc(dirent)");
    136     free(working_path);
    137     closedir(dirp);
    138     return found;
    139   }
    140 
    141   while (readdir_r(dirp, entry, &next) == 0 && next) {
    142     size_t candidate_len = strlen(entry->d_name);
    143     size_t path_len = 0;
    144     dev_t found_devt = 0;
    145     /* Ignore the usual */
    146     if (!strcmp(entry->d_name, ".") || !strcmp(entry->d_name, ".."))
    147       continue;
    148     /* TODO(wad) determine how to best bubble up this case. */
    149     if (candidate_len > name_len)
    150       continue;
    151     /* Only traverse directories or symlinks (to directories ideally) */
    152     switch (entry->d_type) {
    153     case DT_UNKNOWN:
    154     case DT_DIR:
    155     case DT_LNK:
    156       break;
    157     default:
    158       continue;
    159     }
    160     /* Determine path to block device number */
    161     path_len = snprintf(working_path, working_path_size, "%s/%s/dev",
    162                         basedir, entry->d_name);
    163     /* Ignore if truncation occurs. */
    164     if (path_len != candidate_len + basedir_len + 5)
    165       continue;
    166 
    167     found_devt = devt_from_file(working_path);
    168     /* *dev == 0 is a wildcard. */
    169     if (!*dev || found_devt == *dev) {
    170       snprintf(name, name_len, "%s", entry->d_name);
    171       *dev = found_devt;
    172       found = 1;
    173       break;
    174     }
    175 
    176     /* Prevent infinite recursion on symlink loops by limiting depth. */
    177     if (depth > 5)
    178       break;
    179 
    180     /* Recurse one level for devices that may have a matching partition. */
    181     if (major(found_devt) == major(*dev) && minor(*dev) > minor(found_devt)) {
    182       sprintf(working_path, "%s/%s", basedir, entry->d_name);
    183       found = match_sysfs_device(name, name_len, working_path, dev, depth + 1);
    184       if (found > 0)
    185         break;
    186     }
    187   }
    188 
    189   free(working_path);
    190   free(entry);
    191   closedir(dirp);
    192   return found;
    193 }
    194 
    195 const char *rootdev_get_partition(const char *dst, size_t len) {
    196   const char *end = dst + strnlen(dst, len);
    197   const char *part = end - 1;
    198   if (!len)
    199     return NULL;
    200 
    201   if (!isdigit(*part--))
    202     return NULL;
    203 
    204   while (part > dst && isdigit(*part)) part--;
    205   part++;
    206 
    207   if (part >= end)
    208     return NULL;
    209 
    210   return part;
    211 }
    212 
    213 void rootdev_strip_partition(char *dst, size_t len) {
    214   char *part = (char *)rootdev_get_partition(dst, len);
    215   if (!part)
    216     return;
    217   /* For devices that end with a digit, the kernel uses a 'p'
    218    * as a separator. E.g., mmcblk1p2. */
    219   if (*(part - 1) == 'p')
    220     part--;
    221   *part = '\0';
    222 }
    223 
    224 int rootdev_symlink_active(const char *path) {
    225   int ret = 0;
    226   /* Don't overwrite an existing link. */
    227   errno = 0;
    228   if ((symlink(path, kActiveRoot)) && errno != EEXIST) {
    229     warn("failed to symlink %s -> %s", kActiveRoot, path);
    230     ret = -1;
    231   }
    232   return ret;
    233 }
    234 
    235 int rootdev_get_device(char *dst, size_t size, dev_t dev,
    236                        const char *search) {
    237   struct stat active_root_statbuf;
    238 
    239   if (search == NULL)
    240     search = kDefaultSearchPath;
    241 
    242   /* Check if the -s symlink exists. */
    243   if ((stat(kActiveRoot, &active_root_statbuf) == 0) &&
    244       active_root_statbuf.st_rdev == dev) {
    245     /* Note, if the link is not fully qualified, this won't be
    246      * either. */
    247     ssize_t len = readlink(kActiveRoot, dst, PATH_MAX);
    248     if (len > 0) {
    249       dst[len] = 0;
    250       return 0;
    251     }
    252     /* If readlink fails or is empty, fall through */
    253   }
    254 
    255   snprintf(dst, size, "%s", search);
    256   if (match_sysfs_device(dst, size, dst, &dev, 0) <= 0) {
    257     fprintf (stderr, "unable to find match\n");
    258     return 1;
    259   }
    260 
    261   return 0;
    262 }
    263 
    264 /*
    265  * rootdev_get_device_slave returns results in slave which
    266  * may be the original device or the name of the slave.
    267  *
    268  * Because slave and device may point to the same data,
    269  * must be careful how they are handled because slave
    270  * is modified (can't use snprintf).
    271  */
    272 void rootdev_get_device_slave(char *slave, size_t size, dev_t *dev,
    273                               const char *device, const char *search) {
    274   char dst[PATH_MAX];
    275   int len = 0;
    276   int i;
    277 
    278   if (search == NULL)
    279     search = kDefaultSearchPath;
    280 
    281   /*
    282    * With stacked device mappers, we have to chain through all the levels
    283    * and find the last device. For example, verity can be stacked on bootcache
    284    * that is stacked on a disk partition.
    285    */
    286   if (slave != device)
    287     strncpy(slave, device, size);
    288   slave[size - 1] = '\0';
    289   for (i = 0; i < MAX_SLAVE_DEPTH; i++) {
    290     len = snprintf(dst, sizeof(dst), "%s/%s/slaves", search, slave);
    291     if (len != strlen(device) + strlen(search) + 8) {
    292       warnx("rootdev_get_device_slave: device name too long");
    293       return;
    294     }
    295     *dev = 0;
    296     if (match_sysfs_device(slave, size, dst, dev, 0) <= 0) {
    297       return;
    298     }
    299   }
    300   warnx("slave depth greater than %d at %s", i, slave);
    301 }
    302 
    303 int rootdev_create_devices(const char *name, dev_t dev, bool symlink) {
    304   int ret = 0;
    305   unsigned int major_num = major(dev);
    306   unsigned int minor_num = minor(dev);
    307   int i;
    308   const struct part_config *config;
    309   const char *part_s = rootdev_get_partition(name, strlen(name));
    310 
    311   if (part_s == NULL) {
    312     warnx("create_devices: unable to determine partition");
    313     return -1;
    314   }
    315 
    316   switch (atoi(part_s)) {
    317   case CHROMEOS_PRIMARY_PARTITION:
    318     config = kPrimaryPart;
    319     break;
    320   case CHROMEOS_SECONDARY_PARTITION:
    321     config = kSecondaryPart;
    322     break;
    323   default:
    324     warnx("create_devices: unable to determine partition: %s",
    325           part_s);
    326     return -1;
    327   }
    328 
    329   for (i = 0; i < kPartitionEntries; ++i) {
    330     dev = makedev(major_num, minor_num + config[i].offset);
    331     errno = 0;
    332     if (mknod(config[i].name,
    333               S_IFBLK | S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH,
    334               dev) && errno != EEXIST) {
    335       warn("failed to create %s", config[i].name);
    336       return -1;
    337     }
    338   }
    339 
    340   if (symlink)
    341     ret = rootdev_symlink_active(config[0].name);
    342   return ret;
    343 }
    344 
    345 int rootdev_get_path(char *path, size_t size, const char *device,
    346                      const char *dev_path) {
    347   int path_len;
    348 
    349   if (!dev_path)
    350     dev_path = kDefaultDevPath;
    351 
    352   if (!path || !size || !device)
    353     return -1;
    354 
    355   path_len = snprintf(path, size, "%s/%s", dev_path, device);
    356   if (path_len != strlen(dev_path) + 1 + strlen(device))
    357     return -1;
    358 
    359   // TODO(bsimonnet): We should check that |path| exists and is the right
    360   // device. We don't do this currently as OEMs can add custom SELinux rules
    361   // which may prevent us from accessing this.
    362   // See b/24267261.
    363 
    364   return 0;
    365 }
    366 
    367 int rootdev_wrapper(char *path, size_t size,
    368                     bool full, bool strip,
    369                     dev_t *dev,
    370                     const char *search, const char *dev_path) {
    371   int res = 0;
    372   char devname[PATH_MAX];
    373   if (!search)
    374     search = kDefaultSearchPath;
    375   if (!dev_path)
    376    dev_path = kDefaultDevPath;
    377   if (!dev)
    378     return -1;
    379 
    380   res = rootdev_get_device(devname, sizeof(devname), *dev, search);
    381   if (res != 0)
    382     return res;
    383 
    384   if (full)
    385     rootdev_get_device_slave(devname, sizeof(devname), dev, devname,
    386                              search);
    387 
    388   /* TODO(wad) we should really just track the block dev, partition number, and
    389    *           dev path.  When we rewrite this, we can track all the sysfs info
    390    *           in the class. */
    391   if (strip) {
    392     /* When we strip the partition, we don't want get_path to return non-zero
    393      * because of dev mismatch.  Passing in 0 tells it to not test. */
    394     *dev = 0;
    395     rootdev_strip_partition(devname, size);
    396   }
    397 
    398   res = rootdev_get_path(path, size, devname, dev_path);
    399 
    400   return res;
    401 }
    402 
    403 int rootdev(char *path, size_t size, bool full, bool strip) {
    404   struct stat root_statbuf;
    405   dev_t _root_dev, *root_dev = &_root_dev;
    406 
    407   /* Yields the containing dev_t in st_dev. */
    408   if (stat("/data", &root_statbuf) != 0)
    409     return -1;
    410 
    411   /* Some ABIs (like mips o32) are broken and the st_dev field isn't actually
    412    * a dev_t.  In that case, pass a pointer to a local dev_t who we took care
    413    * of truncating the value into.  On sane arches, gcc can optimize this to
    414    * the same code, so should only be a penalty when the ABI is broken. */
    415   if (sizeof(root_statbuf.st_dev) == sizeof(*root_dev)) {
    416     /* Cast is OK since we verified size here. */
    417     root_dev = (dev_t *)&root_statbuf.st_dev;
    418   } else {
    419     *root_dev = root_statbuf.st_dev;
    420   }
    421 
    422   return rootdev_wrapper(path,
    423                          size,
    424                          full,
    425                          strip,
    426                          root_dev,
    427                          NULL,  /* default /sys dir */
    428                          NULL);  /* default /dev dir */
    429 }
    430