1 /* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2  * Use of this source code is governed by a BSD-style license that can be
3  * found in the LICENSE file.
4  *
5  * Implements root device discovery via sysfs with optional bells and whistles.
6  */
7 
8 #include "rootdev.h"
9 
10 #include <ctype.h>
11 #include <dirent.h>
12 #include <err.h>
13 #include <errno.h>
14 #include <fcntl.h>
15 #include <stdbool.h>
16 #include <stddef.h>
17 #include <stdio.h>
18 #include <stdlib.h>
19 #include <string.h>
20 #include <sys/stat.h>
21 #include <sys/types.h>
22 #include <unistd.h>
23 
24 /*
25  * Limit prevents endless looping to find slave.
26  * We currently have at most 2 levels, this allows
27  * for future growth.
28  */
29 #define MAX_SLAVE_DEPTH 8
30 
31 static const char *kDefaultSearchPath = "/sys/block";
32 static const char *kDefaultDevPath = "/dev/block";
33 
34 /* Encode the root device structuring here for Chromium OS */
35 static const char kActiveRoot[] = "/dev/ACTIVE_ROOT";
36 static const char kRootDev[] = "/dev/ROOT";
37 static const char kRootA[] = "/dev/ROOT0";
38 static const char kRootB[] = "/dev/ROOT1";
39 
40 struct part_config {
41   const char *name;
42   int offset;
43 };
44 
45 #define CHROMEOS_PRIMARY_PARTITION 3
46 static const struct part_config kPrimaryPart[] = { { kRootA,    0 },
47                                                    { kRootDev, -3 },
48                                                    { kRootB,    2 } };
49 #define CHROMEOS_SECONDARY_PARTITION 5
50 static const struct part_config kSecondaryPart[] = { { kRootB,    0 },
51                                                      { kRootDev, -5 },
52                                                      { kRootA,   -2 } };
53 
54 /* The number of entries in a part_config so we could add RootC easily. */
55 static const int kPartitionEntries = 3;
56 
57 /* Converts a file of %u:%u -> dev_t. */
devt_from_file(const char * file)58 static dev_t devt_from_file(const char *file) {
59   char candidate[10];  /* TODO(wad) system-provided constant? */
60   ssize_t bytes = 0;
61   unsigned int major_num = 0;
62   unsigned int minor_num = 0;
63   dev_t dev = 0;
64   int fd = -1;
65 
66   /* Never hang. Either get the data or return 0. */
67   fd = open(file, O_NONBLOCK | O_RDONLY);
68   if (fd < 0)
69     return 0;
70   bytes = read(fd, candidate, sizeof(candidate));
71   close(fd);
72 
73   /* 0:0 should be considered the minimum size. */
74   if (bytes < 3)
75     return 0;
76   candidate[bytes] = 0;
77   if (sscanf(candidate, "%u:%u", &major_num, &minor_num) == 2) {
78     /* candidate's size artificially limits the size of the converted
79      * %u to safely convert to a signed int. */
80     dev = makedev(major_num, minor_num);
81   }
82   return dev;
83 }
84 
85 /* Walks sysfs and recurses into any directory/link that represents
86  * a block device to find sub-devices (partitions) for dev.
87  * If dev == 0, the name fo the first device in the directory will be returned.
88  * Returns the device's name in "name" */
match_sysfs_device(char * name,size_t name_len,const char * basedir,dev_t * dev,int depth)89 static int match_sysfs_device(char *name, size_t name_len,
90                               const char *basedir, dev_t *dev, int depth) {
91   int found = -1;
92   size_t basedir_len;
93   DIR *dirp = NULL;
94   struct dirent *entry = NULL;
95   struct dirent *next = NULL;
96   char *working_path = NULL;
97   long working_path_size = 0;
98 
99   if (!name || !name_len || !basedir || !dev) {
100     warnx("match_sysfs_device: invalid arguments supplied");
101     return -1;
102   }
103   basedir_len = strlen(basedir);
104   if (!basedir_len) {
105     warnx("match_sysfs_device: basedir must not be empty");
106     return -1;
107   }
108 
109   errno = 0;
110   dirp = opendir(basedir);
111   if (!dirp) {
112      /* Don't complain if the directory doesn't exist. */
113      if (errno != ENOENT)
114        warn("match_sysfs_device:opendir(%s)", basedir);
115      return found;
116   }
117 
118   /* Grab a platform appropriate path to work with.
119    * Ideally, this won't vary under sys/block. */
120   working_path_size = pathconf(basedir, _PC_NAME_MAX) + 1;
121   /* Fallback to PATH_MAX on any pathconf error. */
122   if (working_path_size < 0)
123     working_path_size = PATH_MAX;
124 
125   working_path = malloc(working_path_size);
126   if (!working_path) {
127     warn("malloc(dirent)");
128     closedir(dirp);
129     return found;
130   }
131 
132   /* Allocate a properly sized entry. */
133   entry = malloc(offsetof(struct dirent, d_name) + working_path_size);
134   if (!entry) {
135     warn("malloc(dirent)");
136     free(working_path);
137     closedir(dirp);
138     return found;
139   }
140 
141   while (readdir_r(dirp, entry, &next) == 0 && next) {
142     size_t candidate_len = strlen(entry->d_name);
143     size_t path_len = 0;
144     dev_t found_devt = 0;
145     /* Ignore the usual */
146     if (!strcmp(entry->d_name, ".") || !strcmp(entry->d_name, ".."))
147       continue;
148     /* TODO(wad) determine how to best bubble up this case. */
149     if (candidate_len > name_len)
150       continue;
151     /* Only traverse directories or symlinks (to directories ideally) */
152     switch (entry->d_type) {
153     case DT_UNKNOWN:
154     case DT_DIR:
155     case DT_LNK:
156       break;
157     default:
158       continue;
159     }
160     /* Determine path to block device number */
161     path_len = snprintf(working_path, working_path_size, "%s/%s/dev",
162                         basedir, entry->d_name);
163     /* Ignore if truncation occurs. */
164     if (path_len != candidate_len + basedir_len + 5)
165       continue;
166 
167     found_devt = devt_from_file(working_path);
168     /* *dev == 0 is a wildcard. */
169     if (!*dev || found_devt == *dev) {
170       snprintf(name, name_len, "%s", entry->d_name);
171       *dev = found_devt;
172       found = 1;
173       break;
174     }
175 
176     /* Prevent infinite recursion on symlink loops by limiting depth. */
177     if (depth > 5)
178       break;
179 
180     /* Recurse one level for devices that may have a matching partition. */
181     if (major(found_devt) == major(*dev) && minor(*dev) > minor(found_devt)) {
182       sprintf(working_path, "%s/%s", basedir, entry->d_name);
183       found = match_sysfs_device(name, name_len, working_path, dev, depth + 1);
184       if (found > 0)
185         break;
186     }
187   }
188 
189   free(working_path);
190   free(entry);
191   closedir(dirp);
192   return found;
193 }
194 
rootdev_get_partition(const char * dst,size_t len)195 const char *rootdev_get_partition(const char *dst, size_t len) {
196   const char *end = dst + strnlen(dst, len);
197   const char *part = end - 1;
198   if (!len)
199     return NULL;
200 
201   if (!isdigit(*part--))
202     return NULL;
203 
204   while (part > dst && isdigit(*part)) part--;
205   part++;
206 
207   if (part >= end)
208     return NULL;
209 
210   return part;
211 }
212 
rootdev_strip_partition(char * dst,size_t len)213 void rootdev_strip_partition(char *dst, size_t len) {
214   char *part = (char *)rootdev_get_partition(dst, len);
215   if (!part)
216     return;
217   /* For devices that end with a digit, the kernel uses a 'p'
218    * as a separator. E.g., mmcblk1p2. */
219   if (*(part - 1) == 'p')
220     part--;
221   *part = '\0';
222 }
223 
rootdev_symlink_active(const char * path)224 int rootdev_symlink_active(const char *path) {
225   int ret = 0;
226   /* Don't overwrite an existing link. */
227   errno = 0;
228   if ((symlink(path, kActiveRoot)) && errno != EEXIST) {
229     warn("failed to symlink %s -> %s", kActiveRoot, path);
230     ret = -1;
231   }
232   return ret;
233 }
234 
rootdev_get_device(char * dst,size_t size,dev_t dev,const char * search)235 int rootdev_get_device(char *dst, size_t size, dev_t dev,
236                        const char *search) {
237   struct stat active_root_statbuf;
238 
239   if (search == NULL)
240     search = kDefaultSearchPath;
241 
242   /* Check if the -s symlink exists. */
243   if ((stat(kActiveRoot, &active_root_statbuf) == 0) &&
244       active_root_statbuf.st_rdev == dev) {
245     /* Note, if the link is not fully qualified, this won't be
246      * either. */
247     ssize_t len = readlink(kActiveRoot, dst, PATH_MAX);
248     if (len > 0) {
249       dst[len] = 0;
250       return 0;
251     }
252     /* If readlink fails or is empty, fall through */
253   }
254 
255   snprintf(dst, size, "%s", search);
256   if (match_sysfs_device(dst, size, dst, &dev, 0) <= 0) {
257     fprintf (stderr, "unable to find match\n");
258     return 1;
259   }
260 
261   return 0;
262 }
263 
264 /*
265  * rootdev_get_device_slave returns results in slave which
266  * may be the original device or the name of the slave.
267  *
268  * Because slave and device may point to the same data,
269  * must be careful how they are handled because slave
270  * is modified (can't use snprintf).
271  */
rootdev_get_device_slave(char * slave,size_t size,dev_t * dev,const char * device,const char * search)272 void rootdev_get_device_slave(char *slave, size_t size, dev_t *dev,
273                               const char *device, const char *search) {
274   char dst[PATH_MAX];
275   int len = 0;
276   int i;
277 
278   if (search == NULL)
279     search = kDefaultSearchPath;
280 
281   /*
282    * With stacked device mappers, we have to chain through all the levels
283    * and find the last device. For example, verity can be stacked on bootcache
284    * that is stacked on a disk partition.
285    */
286   if (slave != device)
287     strncpy(slave, device, size);
288   slave[size - 1] = '\0';
289   for (i = 0; i < MAX_SLAVE_DEPTH; i++) {
290     len = snprintf(dst, sizeof(dst), "%s/%s/slaves", search, slave);
291     if (len != strlen(device) + strlen(search) + 8) {
292       warnx("rootdev_get_device_slave: device name too long");
293       return;
294     }
295     *dev = 0;
296     if (match_sysfs_device(slave, size, dst, dev, 0) <= 0) {
297       return;
298     }
299   }
300   warnx("slave depth greater than %d at %s", i, slave);
301 }
302 
rootdev_create_devices(const char * name,dev_t dev,bool symlink)303 int rootdev_create_devices(const char *name, dev_t dev, bool symlink) {
304   int ret = 0;
305   unsigned int major_num = major(dev);
306   unsigned int minor_num = minor(dev);
307   int i;
308   const struct part_config *config;
309   const char *part_s = rootdev_get_partition(name, strlen(name));
310 
311   if (part_s == NULL) {
312     warnx("create_devices: unable to determine partition");
313     return -1;
314   }
315 
316   switch (atoi(part_s)) {
317   case CHROMEOS_PRIMARY_PARTITION:
318     config = kPrimaryPart;
319     break;
320   case CHROMEOS_SECONDARY_PARTITION:
321     config = kSecondaryPart;
322     break;
323   default:
324     warnx("create_devices: unable to determine partition: %s",
325           part_s);
326     return -1;
327   }
328 
329   for (i = 0; i < kPartitionEntries; ++i) {
330     dev = makedev(major_num, minor_num + config[i].offset);
331     errno = 0;
332     if (mknod(config[i].name,
333               S_IFBLK | S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH,
334               dev) && errno != EEXIST) {
335       warn("failed to create %s", config[i].name);
336       return -1;
337     }
338   }
339 
340   if (symlink)
341     ret = rootdev_symlink_active(config[0].name);
342   return ret;
343 }
344 
rootdev_get_path(char * path,size_t size,const char * device,const char * dev_path)345 int rootdev_get_path(char *path, size_t size, const char *device,
346                      const char *dev_path) {
347   int path_len;
348 
349   if (!dev_path)
350     dev_path = kDefaultDevPath;
351 
352   if (!path || !size || !device)
353     return -1;
354 
355   path_len = snprintf(path, size, "%s/%s", dev_path, device);
356   if (path_len != strlen(dev_path) + 1 + strlen(device))
357     return -1;
358 
359   // TODO(bsimonnet): We should check that |path| exists and is the right
360   // device. We don't do this currently as OEMs can add custom SELinux rules
361   // which may prevent us from accessing this.
362   // See b/24267261.
363 
364   return 0;
365 }
366 
rootdev_wrapper(char * path,size_t size,bool full,bool strip,dev_t * dev,const char * search,const char * dev_path)367 int rootdev_wrapper(char *path, size_t size,
368                     bool full, bool strip,
369                     dev_t *dev,
370                     const char *search, const char *dev_path) {
371   int res = 0;
372   char devname[PATH_MAX];
373   if (!search)
374     search = kDefaultSearchPath;
375   if (!dev_path)
376    dev_path = kDefaultDevPath;
377   if (!dev)
378     return -1;
379 
380   res = rootdev_get_device(devname, sizeof(devname), *dev, search);
381   if (res != 0)
382     return res;
383 
384   if (full)
385     rootdev_get_device_slave(devname, sizeof(devname), dev, devname,
386                              search);
387 
388   /* TODO(wad) we should really just track the block dev, partition number, and
389    *           dev path.  When we rewrite this, we can track all the sysfs info
390    *           in the class. */
391   if (strip) {
392     /* When we strip the partition, we don't want get_path to return non-zero
393      * because of dev mismatch.  Passing in 0 tells it to not test. */
394     *dev = 0;
395     rootdev_strip_partition(devname, size);
396   }
397 
398   res = rootdev_get_path(path, size, devname, dev_path);
399 
400   return res;
401 }
402 
rootdev(char * path,size_t size,bool full,bool strip)403 int rootdev(char *path, size_t size, bool full, bool strip) {
404   struct stat root_statbuf;
405   dev_t _root_dev, *root_dev = &_root_dev;
406 
407   /* Yields the containing dev_t in st_dev. */
408   if (stat("/data", &root_statbuf) != 0)
409     return -1;
410 
411   /* Some ABIs (like mips o32) are broken and the st_dev field isn't actually
412    * a dev_t.  In that case, pass a pointer to a local dev_t who we took care
413    * of truncating the value into.  On sane arches, gcc can optimize this to
414    * the same code, so should only be a penalty when the ABI is broken. */
415   if (sizeof(root_statbuf.st_dev) == sizeof(*root_dev)) {
416     /* Cast is OK since we verified size here. */
417     root_dev = (dev_t *)&root_statbuf.st_dev;
418   } else {
419     *root_dev = root_statbuf.st_dev;
420   }
421 
422   return rootdev_wrapper(path,
423                          size,
424                          full,
425                          strip,
426                          root_dev,
427                          NULL,  /* default /sys dir */
428                          NULL);  /* default /dev dir */
429 }
430