1 /* Copyright (c) 2012 The Chromium OS Authors. All rights reserved. 2 * Use of this source code is governed by a BSD-style license that can be 3 * found in the LICENSE file. 4 * 5 * Implements root device discovery via sysfs with optional bells and whistles. 6 */ 7 8 #include "rootdev.h" 9 10 #include <ctype.h> 11 #include <dirent.h> 12 #include <err.h> 13 #include <errno.h> 14 #include <fcntl.h> 15 #include <stdbool.h> 16 #include <stddef.h> 17 #include <stdio.h> 18 #include <stdlib.h> 19 #include <string.h> 20 #include <sys/stat.h> 21 #include <sys/types.h> 22 #include <unistd.h> 23 24 /* 25 * Limit prevents endless looping to find slave. 26 * We currently have at most 2 levels, this allows 27 * for future growth. 28 */ 29 #define MAX_SLAVE_DEPTH 8 30 31 static const char *kDefaultSearchPath = "/sys/block"; 32 static const char *kDefaultDevPath = "/dev/block"; 33 34 /* Encode the root device structuring here for Chromium OS */ 35 static const char kActiveRoot[] = "/dev/ACTIVE_ROOT"; 36 static const char kRootDev[] = "/dev/ROOT"; 37 static const char kRootA[] = "/dev/ROOT0"; 38 static const char kRootB[] = "/dev/ROOT1"; 39 40 struct part_config { 41 const char *name; 42 int offset; 43 }; 44 45 #define CHROMEOS_PRIMARY_PARTITION 3 46 static const struct part_config kPrimaryPart[] = { { kRootA, 0 }, 47 { kRootDev, -3 }, 48 { kRootB, 2 } }; 49 #define CHROMEOS_SECONDARY_PARTITION 5 50 static const struct part_config kSecondaryPart[] = { { kRootB, 0 }, 51 { kRootDev, -5 }, 52 { kRootA, -2 } }; 53 54 /* The number of entries in a part_config so we could add RootC easily. */ 55 static const int kPartitionEntries = 3; 56 57 /* Converts a file of %u:%u -> dev_t. */ devt_from_file(const char * file)58 static dev_t devt_from_file(const char *file) { 59 char candidate[10]; /* TODO(wad) system-provided constant? */ 60 ssize_t bytes = 0; 61 unsigned int major_num = 0; 62 unsigned int minor_num = 0; 63 dev_t dev = 0; 64 int fd = -1; 65 66 /* Never hang. Either get the data or return 0. */ 67 fd = open(file, O_NONBLOCK | O_RDONLY); 68 if (fd < 0) 69 return 0; 70 bytes = read(fd, candidate, sizeof(candidate)); 71 close(fd); 72 73 /* 0:0 should be considered the minimum size. */ 74 if (bytes < 3) 75 return 0; 76 candidate[bytes] = 0; 77 if (sscanf(candidate, "%u:%u", &major_num, &minor_num) == 2) { 78 /* candidate's size artificially limits the size of the converted 79 * %u to safely convert to a signed int. */ 80 dev = makedev(major_num, minor_num); 81 } 82 return dev; 83 } 84 85 /* Walks sysfs and recurses into any directory/link that represents 86 * a block device to find sub-devices (partitions) for dev. 87 * If dev == 0, the name fo the first device in the directory will be returned. 88 * Returns the device's name in "name" */ match_sysfs_device(char * name,size_t name_len,const char * basedir,dev_t * dev,int depth)89 static int match_sysfs_device(char *name, size_t name_len, 90 const char *basedir, dev_t *dev, int depth) { 91 int found = -1; 92 size_t basedir_len; 93 DIR *dirp = NULL; 94 struct dirent *entry = NULL; 95 struct dirent *next = NULL; 96 char *working_path = NULL; 97 long working_path_size = 0; 98 99 if (!name || !name_len || !basedir || !dev) { 100 warnx("match_sysfs_device: invalid arguments supplied"); 101 return -1; 102 } 103 basedir_len = strlen(basedir); 104 if (!basedir_len) { 105 warnx("match_sysfs_device: basedir must not be empty"); 106 return -1; 107 } 108 109 errno = 0; 110 dirp = opendir(basedir); 111 if (!dirp) { 112 /* Don't complain if the directory doesn't exist. */ 113 if (errno != ENOENT) 114 warn("match_sysfs_device:opendir(%s)", basedir); 115 return found; 116 } 117 118 /* Grab a platform appropriate path to work with. 119 * Ideally, this won't vary under sys/block. */ 120 working_path_size = pathconf(basedir, _PC_NAME_MAX) + 1; 121 /* Fallback to PATH_MAX on any pathconf error. */ 122 if (working_path_size < 0) 123 working_path_size = PATH_MAX; 124 125 working_path = malloc(working_path_size); 126 if (!working_path) { 127 warn("malloc(dirent)"); 128 closedir(dirp); 129 return found; 130 } 131 132 /* Allocate a properly sized entry. */ 133 entry = malloc(offsetof(struct dirent, d_name) + working_path_size); 134 if (!entry) { 135 warn("malloc(dirent)"); 136 free(working_path); 137 closedir(dirp); 138 return found; 139 } 140 141 while (readdir_r(dirp, entry, &next) == 0 && next) { 142 size_t candidate_len = strlen(entry->d_name); 143 size_t path_len = 0; 144 dev_t found_devt = 0; 145 /* Ignore the usual */ 146 if (!strcmp(entry->d_name, ".") || !strcmp(entry->d_name, "..")) 147 continue; 148 /* TODO(wad) determine how to best bubble up this case. */ 149 if (candidate_len > name_len) 150 continue; 151 /* Only traverse directories or symlinks (to directories ideally) */ 152 switch (entry->d_type) { 153 case DT_UNKNOWN: 154 case DT_DIR: 155 case DT_LNK: 156 break; 157 default: 158 continue; 159 } 160 /* Determine path to block device number */ 161 path_len = snprintf(working_path, working_path_size, "%s/%s/dev", 162 basedir, entry->d_name); 163 /* Ignore if truncation occurs. */ 164 if (path_len != candidate_len + basedir_len + 5) 165 continue; 166 167 found_devt = devt_from_file(working_path); 168 /* *dev == 0 is a wildcard. */ 169 if (!*dev || found_devt == *dev) { 170 snprintf(name, name_len, "%s", entry->d_name); 171 *dev = found_devt; 172 found = 1; 173 break; 174 } 175 176 /* Prevent infinite recursion on symlink loops by limiting depth. */ 177 if (depth > 5) 178 break; 179 180 /* Recurse one level for devices that may have a matching partition. */ 181 if (major(found_devt) == major(*dev) && minor(*dev) > minor(found_devt)) { 182 sprintf(working_path, "%s/%s", basedir, entry->d_name); 183 found = match_sysfs_device(name, name_len, working_path, dev, depth + 1); 184 if (found > 0) 185 break; 186 } 187 } 188 189 free(working_path); 190 free(entry); 191 closedir(dirp); 192 return found; 193 } 194 rootdev_get_partition(const char * dst,size_t len)195 const char *rootdev_get_partition(const char *dst, size_t len) { 196 const char *end = dst + strnlen(dst, len); 197 const char *part = end - 1; 198 if (!len) 199 return NULL; 200 201 if (!isdigit(*part--)) 202 return NULL; 203 204 while (part > dst && isdigit(*part)) part--; 205 part++; 206 207 if (part >= end) 208 return NULL; 209 210 return part; 211 } 212 rootdev_strip_partition(char * dst,size_t len)213 void rootdev_strip_partition(char *dst, size_t len) { 214 char *part = (char *)rootdev_get_partition(dst, len); 215 if (!part) 216 return; 217 /* For devices that end with a digit, the kernel uses a 'p' 218 * as a separator. E.g., mmcblk1p2. */ 219 if (*(part - 1) == 'p') 220 part--; 221 *part = '\0'; 222 } 223 rootdev_symlink_active(const char * path)224 int rootdev_symlink_active(const char *path) { 225 int ret = 0; 226 /* Don't overwrite an existing link. */ 227 errno = 0; 228 if ((symlink(path, kActiveRoot)) && errno != EEXIST) { 229 warn("failed to symlink %s -> %s", kActiveRoot, path); 230 ret = -1; 231 } 232 return ret; 233 } 234 rootdev_get_device(char * dst,size_t size,dev_t dev,const char * search)235 int rootdev_get_device(char *dst, size_t size, dev_t dev, 236 const char *search) { 237 struct stat active_root_statbuf; 238 239 if (search == NULL) 240 search = kDefaultSearchPath; 241 242 /* Check if the -s symlink exists. */ 243 if ((stat(kActiveRoot, &active_root_statbuf) == 0) && 244 active_root_statbuf.st_rdev == dev) { 245 /* Note, if the link is not fully qualified, this won't be 246 * either. */ 247 ssize_t len = readlink(kActiveRoot, dst, PATH_MAX); 248 if (len > 0) { 249 dst[len] = 0; 250 return 0; 251 } 252 /* If readlink fails or is empty, fall through */ 253 } 254 255 snprintf(dst, size, "%s", search); 256 if (match_sysfs_device(dst, size, dst, &dev, 0) <= 0) { 257 fprintf (stderr, "unable to find match\n"); 258 return 1; 259 } 260 261 return 0; 262 } 263 264 /* 265 * rootdev_get_device_slave returns results in slave which 266 * may be the original device or the name of the slave. 267 * 268 * Because slave and device may point to the same data, 269 * must be careful how they are handled because slave 270 * is modified (can't use snprintf). 271 */ rootdev_get_device_slave(char * slave,size_t size,dev_t * dev,const char * device,const char * search)272 void rootdev_get_device_slave(char *slave, size_t size, dev_t *dev, 273 const char *device, const char *search) { 274 char dst[PATH_MAX]; 275 int len = 0; 276 int i; 277 278 if (search == NULL) 279 search = kDefaultSearchPath; 280 281 /* 282 * With stacked device mappers, we have to chain through all the levels 283 * and find the last device. For example, verity can be stacked on bootcache 284 * that is stacked on a disk partition. 285 */ 286 if (slave != device) 287 strncpy(slave, device, size); 288 slave[size - 1] = '\0'; 289 for (i = 0; i < MAX_SLAVE_DEPTH; i++) { 290 len = snprintf(dst, sizeof(dst), "%s/%s/slaves", search, slave); 291 if (len != strlen(device) + strlen(search) + 8) { 292 warnx("rootdev_get_device_slave: device name too long"); 293 return; 294 } 295 *dev = 0; 296 if (match_sysfs_device(slave, size, dst, dev, 0) <= 0) { 297 return; 298 } 299 } 300 warnx("slave depth greater than %d at %s", i, slave); 301 } 302 rootdev_create_devices(const char * name,dev_t dev,bool symlink)303 int rootdev_create_devices(const char *name, dev_t dev, bool symlink) { 304 int ret = 0; 305 unsigned int major_num = major(dev); 306 unsigned int minor_num = minor(dev); 307 int i; 308 const struct part_config *config; 309 const char *part_s = rootdev_get_partition(name, strlen(name)); 310 311 if (part_s == NULL) { 312 warnx("create_devices: unable to determine partition"); 313 return -1; 314 } 315 316 switch (atoi(part_s)) { 317 case CHROMEOS_PRIMARY_PARTITION: 318 config = kPrimaryPart; 319 break; 320 case CHROMEOS_SECONDARY_PARTITION: 321 config = kSecondaryPart; 322 break; 323 default: 324 warnx("create_devices: unable to determine partition: %s", 325 part_s); 326 return -1; 327 } 328 329 for (i = 0; i < kPartitionEntries; ++i) { 330 dev = makedev(major_num, minor_num + config[i].offset); 331 errno = 0; 332 if (mknod(config[i].name, 333 S_IFBLK | S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH, 334 dev) && errno != EEXIST) { 335 warn("failed to create %s", config[i].name); 336 return -1; 337 } 338 } 339 340 if (symlink) 341 ret = rootdev_symlink_active(config[0].name); 342 return ret; 343 } 344 rootdev_get_path(char * path,size_t size,const char * device,const char * dev_path)345 int rootdev_get_path(char *path, size_t size, const char *device, 346 const char *dev_path) { 347 int path_len; 348 349 if (!dev_path) 350 dev_path = kDefaultDevPath; 351 352 if (!path || !size || !device) 353 return -1; 354 355 path_len = snprintf(path, size, "%s/%s", dev_path, device); 356 if (path_len != strlen(dev_path) + 1 + strlen(device)) 357 return -1; 358 359 // TODO(bsimonnet): We should check that |path| exists and is the right 360 // device. We don't do this currently as OEMs can add custom SELinux rules 361 // which may prevent us from accessing this. 362 // See b/24267261. 363 364 return 0; 365 } 366 rootdev_wrapper(char * path,size_t size,bool full,bool strip,dev_t * dev,const char * search,const char * dev_path)367 int rootdev_wrapper(char *path, size_t size, 368 bool full, bool strip, 369 dev_t *dev, 370 const char *search, const char *dev_path) { 371 int res = 0; 372 char devname[PATH_MAX]; 373 if (!search) 374 search = kDefaultSearchPath; 375 if (!dev_path) 376 dev_path = kDefaultDevPath; 377 if (!dev) 378 return -1; 379 380 res = rootdev_get_device(devname, sizeof(devname), *dev, search); 381 if (res != 0) 382 return res; 383 384 if (full) 385 rootdev_get_device_slave(devname, sizeof(devname), dev, devname, 386 search); 387 388 /* TODO(wad) we should really just track the block dev, partition number, and 389 * dev path. When we rewrite this, we can track all the sysfs info 390 * in the class. */ 391 if (strip) { 392 /* When we strip the partition, we don't want get_path to return non-zero 393 * because of dev mismatch. Passing in 0 tells it to not test. */ 394 *dev = 0; 395 rootdev_strip_partition(devname, size); 396 } 397 398 res = rootdev_get_path(path, size, devname, dev_path); 399 400 return res; 401 } 402 rootdev(char * path,size_t size,bool full,bool strip)403 int rootdev(char *path, size_t size, bool full, bool strip) { 404 struct stat root_statbuf; 405 dev_t _root_dev, *root_dev = &_root_dev; 406 407 /* Yields the containing dev_t in st_dev. */ 408 if (stat("/data", &root_statbuf) != 0) 409 return -1; 410 411 /* Some ABIs (like mips o32) are broken and the st_dev field isn't actually 412 * a dev_t. In that case, pass a pointer to a local dev_t who we took care 413 * of truncating the value into. On sane arches, gcc can optimize this to 414 * the same code, so should only be a penalty when the ABI is broken. */ 415 if (sizeof(root_statbuf.st_dev) == sizeof(*root_dev)) { 416 /* Cast is OK since we verified size here. */ 417 root_dev = (dev_t *)&root_statbuf.st_dev; 418 } else { 419 *root_dev = root_statbuf.st_dev; 420 } 421 422 return rootdev_wrapper(path, 423 size, 424 full, 425 strip, 426 root_dev, 427 NULL, /* default /sys dir */ 428 NULL); /* default /dev dir */ 429 } 430