/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * * Implements root device discovery via sysfs with optional bells and whistles. */ #include "rootdev.h" #include <ctype.h> #include <dirent.h> #include <err.h> #include <errno.h> #include <fcntl.h> #include <stdbool.h> #include <stddef.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/stat.h> #include <sys/types.h> #include <unistd.h> /* * Limit prevents endless looping to find slave. * We currently have at most 2 levels, this allows * for future growth. */ #define MAX_SLAVE_DEPTH 8 static const char *kDefaultSearchPath = "/sys/block"; static const char *kDefaultDevPath = "/dev/block"; /* Encode the root device structuring here for Chromium OS */ static const char kActiveRoot[] = "/dev/ACTIVE_ROOT"; static const char kRootDev[] = "/dev/ROOT"; static const char kRootA[] = "/dev/ROOT0"; static const char kRootB[] = "/dev/ROOT1"; struct part_config { const char *name; int offset; }; #define CHROMEOS_PRIMARY_PARTITION 3 static const struct part_config kPrimaryPart[] = { { kRootA, 0 }, { kRootDev, -3 }, { kRootB, 2 } }; #define CHROMEOS_SECONDARY_PARTITION 5 static const struct part_config kSecondaryPart[] = { { kRootB, 0 }, { kRootDev, -5 }, { kRootA, -2 } }; /* The number of entries in a part_config so we could add RootC easily. */ static const int kPartitionEntries = 3; /* Converts a file of %u:%u -> dev_t. */ static dev_t devt_from_file(const char *file) { char candidate[10]; /* TODO(wad) system-provided constant? */ ssize_t bytes = 0; unsigned int major_num = 0; unsigned int minor_num = 0; dev_t dev = 0; int fd = -1; /* Never hang. Either get the data or return 0. */ fd = open(file, O_NONBLOCK | O_RDONLY); if (fd < 0) return 0; bytes = read(fd, candidate, sizeof(candidate)); close(fd); /* 0:0 should be considered the minimum size. */ if (bytes < 3) return 0; candidate[bytes] = 0; if (sscanf(candidate, "%u:%u", &major_num, &minor_num) == 2) { /* candidate's size artificially limits the size of the converted * %u to safely convert to a signed int. */ dev = makedev(major_num, minor_num); } return dev; } /* Walks sysfs and recurses into any directory/link that represents * a block device to find sub-devices (partitions) for dev. * If dev == 0, the name fo the first device in the directory will be returned. * Returns the device's name in "name" */ static int match_sysfs_device(char *name, size_t name_len, const char *basedir, dev_t *dev, int depth) { int found = -1; size_t basedir_len; DIR *dirp = NULL; struct dirent *entry = NULL; struct dirent *next = NULL; char *working_path = NULL; long working_path_size = 0; if (!name || !name_len || !basedir || !dev) { warnx("match_sysfs_device: invalid arguments supplied"); return -1; } basedir_len = strlen(basedir); if (!basedir_len) { warnx("match_sysfs_device: basedir must not be empty"); return -1; } errno = 0; dirp = opendir(basedir); if (!dirp) { /* Don't complain if the directory doesn't exist. */ if (errno != ENOENT) warn("match_sysfs_device:opendir(%s)", basedir); return found; } /* Grab a platform appropriate path to work with. * Ideally, this won't vary under sys/block. */ working_path_size = pathconf(basedir, _PC_NAME_MAX) + 1; /* Fallback to PATH_MAX on any pathconf error. */ if (working_path_size < 0) working_path_size = PATH_MAX; working_path = malloc(working_path_size); if (!working_path) { warn("malloc(dirent)"); closedir(dirp); return found; } /* Allocate a properly sized entry. */ entry = malloc(offsetof(struct dirent, d_name) + working_path_size); if (!entry) { warn("malloc(dirent)"); free(working_path); closedir(dirp); return found; } while (readdir_r(dirp, entry, &next) == 0 && next) { size_t candidate_len = strlen(entry->d_name); size_t path_len = 0; dev_t found_devt = 0; /* Ignore the usual */ if (!strcmp(entry->d_name, ".") || !strcmp(entry->d_name, "..")) continue; /* TODO(wad) determine how to best bubble up this case. */ if (candidate_len > name_len) continue; /* Only traverse directories or symlinks (to directories ideally) */ switch (entry->d_type) { case DT_UNKNOWN: case DT_DIR: case DT_LNK: break; default: continue; } /* Determine path to block device number */ path_len = snprintf(working_path, working_path_size, "%s/%s/dev", basedir, entry->d_name); /* Ignore if truncation occurs. */ if (path_len != candidate_len + basedir_len + 5) continue; found_devt = devt_from_file(working_path); /* *dev == 0 is a wildcard. */ if (!*dev || found_devt == *dev) { snprintf(name, name_len, "%s", entry->d_name); *dev = found_devt; found = 1; break; } /* Prevent infinite recursion on symlink loops by limiting depth. */ if (depth > 5) break; /* Recurse one level for devices that may have a matching partition. */ if (major(found_devt) == major(*dev) && minor(*dev) > minor(found_devt)) { sprintf(working_path, "%s/%s", basedir, entry->d_name); found = match_sysfs_device(name, name_len, working_path, dev, depth + 1); if (found > 0) break; } } free(working_path); free(entry); closedir(dirp); return found; } const char *rootdev_get_partition(const char *dst, size_t len) { const char *end = dst + strnlen(dst, len); const char *part = end - 1; if (!len) return NULL; if (!isdigit(*part--)) return NULL; while (part > dst && isdigit(*part)) part--; part++; if (part >= end) return NULL; return part; } void rootdev_strip_partition(char *dst, size_t len) { char *part = (char *)rootdev_get_partition(dst, len); if (!part) return; /* For devices that end with a digit, the kernel uses a 'p' * as a separator. E.g., mmcblk1p2. */ if (*(part - 1) == 'p') part--; *part = '\0'; } int rootdev_symlink_active(const char *path) { int ret = 0; /* Don't overwrite an existing link. */ errno = 0; if ((symlink(path, kActiveRoot)) && errno != EEXIST) { warn("failed to symlink %s -> %s", kActiveRoot, path); ret = -1; } return ret; } int rootdev_get_device(char *dst, size_t size, dev_t dev, const char *search) { struct stat active_root_statbuf; if (search == NULL) search = kDefaultSearchPath; /* Check if the -s symlink exists. */ if ((stat(kActiveRoot, &active_root_statbuf) == 0) && active_root_statbuf.st_rdev == dev) { /* Note, if the link is not fully qualified, this won't be * either. */ ssize_t len = readlink(kActiveRoot, dst, PATH_MAX); if (len > 0) { dst[len] = 0; return 0; } /* If readlink fails or is empty, fall through */ } snprintf(dst, size, "%s", search); if (match_sysfs_device(dst, size, dst, &dev, 0) <= 0) { fprintf (stderr, "unable to find match\n"); return 1; } return 0; } /* * rootdev_get_device_slave returns results in slave which * may be the original device or the name of the slave. * * Because slave and device may point to the same data, * must be careful how they are handled because slave * is modified (can't use snprintf). */ void rootdev_get_device_slave(char *slave, size_t size, dev_t *dev, const char *device, const char *search) { char dst[PATH_MAX]; int len = 0; int i; if (search == NULL) search = kDefaultSearchPath; /* * With stacked device mappers, we have to chain through all the levels * and find the last device. For example, verity can be stacked on bootcache * that is stacked on a disk partition. */ if (slave != device) strncpy(slave, device, size); slave[size - 1] = '\0'; for (i = 0; i < MAX_SLAVE_DEPTH; i++) { len = snprintf(dst, sizeof(dst), "%s/%s/slaves", search, slave); if (len != strlen(device) + strlen(search) + 8) { warnx("rootdev_get_device_slave: device name too long"); return; } *dev = 0; if (match_sysfs_device(slave, size, dst, dev, 0) <= 0) { return; } } warnx("slave depth greater than %d at %s", i, slave); } int rootdev_create_devices(const char *name, dev_t dev, bool symlink) { int ret = 0; unsigned int major_num = major(dev); unsigned int minor_num = minor(dev); int i; const struct part_config *config; const char *part_s = rootdev_get_partition(name, strlen(name)); if (part_s == NULL) { warnx("create_devices: unable to determine partition"); return -1; } switch (atoi(part_s)) { case CHROMEOS_PRIMARY_PARTITION: config = kPrimaryPart; break; case CHROMEOS_SECONDARY_PARTITION: config = kSecondaryPart; break; default: warnx("create_devices: unable to determine partition: %s", part_s); return -1; } for (i = 0; i < kPartitionEntries; ++i) { dev = makedev(major_num, minor_num + config[i].offset); errno = 0; if (mknod(config[i].name, S_IFBLK | S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH, dev) && errno != EEXIST) { warn("failed to create %s", config[i].name); return -1; } } if (symlink) ret = rootdev_symlink_active(config[0].name); return ret; } int rootdev_get_path(char *path, size_t size, const char *device, const char *dev_path) { int path_len; if (!dev_path) dev_path = kDefaultDevPath; if (!path || !size || !device) return -1; path_len = snprintf(path, size, "%s/%s", dev_path, device); if (path_len != strlen(dev_path) + 1 + strlen(device)) return -1; // TODO(bsimonnet): We should check that |path| exists and is the right // device. We don't do this currently as OEMs can add custom SELinux rules // which may prevent us from accessing this. // See b/24267261. return 0; } int rootdev_wrapper(char *path, size_t size, bool full, bool strip, dev_t *dev, const char *search, const char *dev_path) { int res = 0; char devname[PATH_MAX]; if (!search) search = kDefaultSearchPath; if (!dev_path) dev_path = kDefaultDevPath; if (!dev) return -1; res = rootdev_get_device(devname, sizeof(devname), *dev, search); if (res != 0) return res; if (full) rootdev_get_device_slave(devname, sizeof(devname), dev, devname, search); /* TODO(wad) we should really just track the block dev, partition number, and * dev path. When we rewrite this, we can track all the sysfs info * in the class. */ if (strip) { /* When we strip the partition, we don't want get_path to return non-zero * because of dev mismatch. Passing in 0 tells it to not test. */ *dev = 0; rootdev_strip_partition(devname, size); } res = rootdev_get_path(path, size, devname, dev_path); return res; } int rootdev(char *path, size_t size, bool full, bool strip) { struct stat root_statbuf; dev_t _root_dev, *root_dev = &_root_dev; /* Yields the containing dev_t in st_dev. */ if (stat("/data", &root_statbuf) != 0) return -1; /* Some ABIs (like mips o32) are broken and the st_dev field isn't actually * a dev_t. In that case, pass a pointer to a local dev_t who we took care * of truncating the value into. On sane arches, gcc can optimize this to * the same code, so should only be a penalty when the ABI is broken. */ if (sizeof(root_statbuf.st_dev) == sizeof(*root_dev)) { /* Cast is OK since we verified size here. */ root_dev = (dev_t *)&root_statbuf.st_dev; } else { *root_dev = root_statbuf.st_dev; } return rootdev_wrapper(path, size, full, strip, root_dev, NULL, /* default /sys dir */ NULL); /* default /dev dir */ }