You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
430 lines
12 KiB
430 lines
12 KiB
/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
* found in the LICENSE file.
|
|
*
|
|
* Implements root device discovery via sysfs with optional bells and whistles.
|
|
*/
|
|
|
|
#include "rootdev.h"
|
|
|
|
#include <ctype.h>
|
|
#include <dirent.h>
|
|
#include <err.h>
|
|
#include <errno.h>
|
|
#include <fcntl.h>
|
|
#include <stdbool.h>
|
|
#include <stddef.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/types.h>
|
|
#include <unistd.h>
|
|
|
|
/*
|
|
* Limit prevents endless looping to find slave.
|
|
* We currently have at most 2 levels, this allows
|
|
* for future growth.
|
|
*/
|
|
#define MAX_SLAVE_DEPTH 8
|
|
|
|
static const char *kDefaultSearchPath = "/sys/block";
|
|
static const char *kDefaultDevPath = "/dev/block";
|
|
|
|
/* Encode the root device structuring here for Chromium OS */
|
|
static const char kActiveRoot[] = "/dev/ACTIVE_ROOT";
|
|
static const char kRootDev[] = "/dev/ROOT";
|
|
static const char kRootA[] = "/dev/ROOT0";
|
|
static const char kRootB[] = "/dev/ROOT1";
|
|
|
|
struct part_config {
|
|
const char *name;
|
|
int offset;
|
|
};
|
|
|
|
#define CHROMEOS_PRIMARY_PARTITION 3
|
|
static const struct part_config kPrimaryPart[] = { { kRootA, 0 },
|
|
{ kRootDev, -3 },
|
|
{ kRootB, 2 } };
|
|
#define CHROMEOS_SECONDARY_PARTITION 5
|
|
static const struct part_config kSecondaryPart[] = { { kRootB, 0 },
|
|
{ kRootDev, -5 },
|
|
{ kRootA, -2 } };
|
|
|
|
/* The number of entries in a part_config so we could add RootC easily. */
|
|
static const int kPartitionEntries = 3;
|
|
|
|
/* Converts a file of %u:%u -> dev_t. */
|
|
static dev_t devt_from_file(const char *file) {
|
|
char candidate[10]; /* TODO(wad) system-provided constant? */
|
|
ssize_t bytes = 0;
|
|
unsigned int major_num = 0;
|
|
unsigned int minor_num = 0;
|
|
dev_t dev = 0;
|
|
int fd = -1;
|
|
|
|
/* Never hang. Either get the data or return 0. */
|
|
fd = open(file, O_NONBLOCK | O_RDONLY);
|
|
if (fd < 0)
|
|
return 0;
|
|
bytes = read(fd, candidate, sizeof(candidate));
|
|
close(fd);
|
|
|
|
/* 0:0 should be considered the minimum size. */
|
|
if (bytes < 3)
|
|
return 0;
|
|
candidate[bytes] = 0;
|
|
if (sscanf(candidate, "%u:%u", &major_num, &minor_num) == 2) {
|
|
/* candidate's size artificially limits the size of the converted
|
|
* %u to safely convert to a signed int. */
|
|
dev = makedev(major_num, minor_num);
|
|
}
|
|
return dev;
|
|
}
|
|
|
|
/* Walks sysfs and recurses into any directory/link that represents
|
|
* a block device to find sub-devices (partitions) for dev.
|
|
* If dev == 0, the name fo the first device in the directory will be returned.
|
|
* Returns the device's name in "name" */
|
|
static int match_sysfs_device(char *name, size_t name_len,
|
|
const char *basedir, dev_t *dev, int depth) {
|
|
int found = -1;
|
|
size_t basedir_len;
|
|
DIR *dirp = NULL;
|
|
struct dirent *entry = NULL;
|
|
struct dirent *next = NULL;
|
|
char *working_path = NULL;
|
|
long working_path_size = 0;
|
|
|
|
if (!name || !name_len || !basedir || !dev) {
|
|
warnx("match_sysfs_device: invalid arguments supplied");
|
|
return -1;
|
|
}
|
|
basedir_len = strlen(basedir);
|
|
if (!basedir_len) {
|
|
warnx("match_sysfs_device: basedir must not be empty");
|
|
return -1;
|
|
}
|
|
|
|
errno = 0;
|
|
dirp = opendir(basedir);
|
|
if (!dirp) {
|
|
/* Don't complain if the directory doesn't exist. */
|
|
if (errno != ENOENT)
|
|
warn("match_sysfs_device:opendir(%s)", basedir);
|
|
return found;
|
|
}
|
|
|
|
/* Grab a platform appropriate path to work with.
|
|
* Ideally, this won't vary under sys/block. */
|
|
working_path_size = pathconf(basedir, _PC_NAME_MAX) + 1;
|
|
/* Fallback to PATH_MAX on any pathconf error. */
|
|
if (working_path_size < 0)
|
|
working_path_size = PATH_MAX;
|
|
|
|
working_path = malloc(working_path_size);
|
|
if (!working_path) {
|
|
warn("malloc(dirent)");
|
|
closedir(dirp);
|
|
return found;
|
|
}
|
|
|
|
/* Allocate a properly sized entry. */
|
|
entry = malloc(offsetof(struct dirent, d_name) + working_path_size);
|
|
if (!entry) {
|
|
warn("malloc(dirent)");
|
|
free(working_path);
|
|
closedir(dirp);
|
|
return found;
|
|
}
|
|
|
|
while (readdir_r(dirp, entry, &next) == 0 && next) {
|
|
size_t candidate_len = strlen(entry->d_name);
|
|
size_t path_len = 0;
|
|
dev_t found_devt = 0;
|
|
/* Ignore the usual */
|
|
if (!strcmp(entry->d_name, ".") || !strcmp(entry->d_name, ".."))
|
|
continue;
|
|
/* TODO(wad) determine how to best bubble up this case. */
|
|
if (candidate_len > name_len)
|
|
continue;
|
|
/* Only traverse directories or symlinks (to directories ideally) */
|
|
switch (entry->d_type) {
|
|
case DT_UNKNOWN:
|
|
case DT_DIR:
|
|
case DT_LNK:
|
|
break;
|
|
default:
|
|
continue;
|
|
}
|
|
/* Determine path to block device number */
|
|
path_len = snprintf(working_path, working_path_size, "%s/%s/dev",
|
|
basedir, entry->d_name);
|
|
/* Ignore if truncation occurs. */
|
|
if (path_len != candidate_len + basedir_len + 5)
|
|
continue;
|
|
|
|
found_devt = devt_from_file(working_path);
|
|
/* *dev == 0 is a wildcard. */
|
|
if (!*dev || found_devt == *dev) {
|
|
snprintf(name, name_len, "%s", entry->d_name);
|
|
*dev = found_devt;
|
|
found = 1;
|
|
break;
|
|
}
|
|
|
|
/* Prevent infinite recursion on symlink loops by limiting depth. */
|
|
if (depth > 5)
|
|
break;
|
|
|
|
/* Recurse one level for devices that may have a matching partition. */
|
|
if (major(found_devt) == major(*dev) && minor(*dev) > minor(found_devt)) {
|
|
sprintf(working_path, "%s/%s", basedir, entry->d_name);
|
|
found = match_sysfs_device(name, name_len, working_path, dev, depth + 1);
|
|
if (found > 0)
|
|
break;
|
|
}
|
|
}
|
|
|
|
free(working_path);
|
|
free(entry);
|
|
closedir(dirp);
|
|
return found;
|
|
}
|
|
|
|
const char *rootdev_get_partition(const char *dst, size_t len) {
|
|
const char *end = dst + strnlen(dst, len);
|
|
const char *part = end - 1;
|
|
if (!len)
|
|
return NULL;
|
|
|
|
if (!isdigit(*part--))
|
|
return NULL;
|
|
|
|
while (part > dst && isdigit(*part)) part--;
|
|
part++;
|
|
|
|
if (part >= end)
|
|
return NULL;
|
|
|
|
return part;
|
|
}
|
|
|
|
void rootdev_strip_partition(char *dst, size_t len) {
|
|
char *part = (char *)rootdev_get_partition(dst, len);
|
|
if (!part)
|
|
return;
|
|
/* For devices that end with a digit, the kernel uses a 'p'
|
|
* as a separator. E.g., mmcblk1p2. */
|
|
if (*(part - 1) == 'p')
|
|
part--;
|
|
*part = '\0';
|
|
}
|
|
|
|
int rootdev_symlink_active(const char *path) {
|
|
int ret = 0;
|
|
/* Don't overwrite an existing link. */
|
|
errno = 0;
|
|
if ((symlink(path, kActiveRoot)) && errno != EEXIST) {
|
|
warn("failed to symlink %s -> %s", kActiveRoot, path);
|
|
ret = -1;
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
int rootdev_get_device(char *dst, size_t size, dev_t dev,
|
|
const char *search) {
|
|
struct stat active_root_statbuf;
|
|
|
|
if (search == NULL)
|
|
search = kDefaultSearchPath;
|
|
|
|
/* Check if the -s symlink exists. */
|
|
if ((stat(kActiveRoot, &active_root_statbuf) == 0) &&
|
|
active_root_statbuf.st_rdev == dev) {
|
|
/* Note, if the link is not fully qualified, this won't be
|
|
* either. */
|
|
ssize_t len = readlink(kActiveRoot, dst, PATH_MAX);
|
|
if (len > 0) {
|
|
dst[len] = 0;
|
|
return 0;
|
|
}
|
|
/* If readlink fails or is empty, fall through */
|
|
}
|
|
|
|
snprintf(dst, size, "%s", search);
|
|
if (match_sysfs_device(dst, size, dst, &dev, 0) <= 0) {
|
|
fprintf (stderr, "unable to find match\n");
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* rootdev_get_device_slave returns results in slave which
|
|
* may be the original device or the name of the slave.
|
|
*
|
|
* Because slave and device may point to the same data,
|
|
* must be careful how they are handled because slave
|
|
* is modified (can't use snprintf).
|
|
*/
|
|
void rootdev_get_device_slave(char *slave, size_t size, dev_t *dev,
|
|
const char *device, const char *search) {
|
|
char dst[PATH_MAX];
|
|
int len = 0;
|
|
int i;
|
|
|
|
if (search == NULL)
|
|
search = kDefaultSearchPath;
|
|
|
|
/*
|
|
* With stacked device mappers, we have to chain through all the levels
|
|
* and find the last device. For example, verity can be stacked on bootcache
|
|
* that is stacked on a disk partition.
|
|
*/
|
|
if (slave != device)
|
|
strncpy(slave, device, size);
|
|
slave[size - 1] = '\0';
|
|
for (i = 0; i < MAX_SLAVE_DEPTH; i++) {
|
|
len = snprintf(dst, sizeof(dst), "%s/%s/slaves", search, slave);
|
|
if (len != strlen(device) + strlen(search) + 8) {
|
|
warnx("rootdev_get_device_slave: device name too long");
|
|
return;
|
|
}
|
|
*dev = 0;
|
|
if (match_sysfs_device(slave, size, dst, dev, 0) <= 0) {
|
|
return;
|
|
}
|
|
}
|
|
warnx("slave depth greater than %d at %s", i, slave);
|
|
}
|
|
|
|
int rootdev_create_devices(const char *name, dev_t dev, bool symlink) {
|
|
int ret = 0;
|
|
unsigned int major_num = major(dev);
|
|
unsigned int minor_num = minor(dev);
|
|
int i;
|
|
const struct part_config *config;
|
|
const char *part_s = rootdev_get_partition(name, strlen(name));
|
|
|
|
if (part_s == NULL) {
|
|
warnx("create_devices: unable to determine partition");
|
|
return -1;
|
|
}
|
|
|
|
switch (atoi(part_s)) {
|
|
case CHROMEOS_PRIMARY_PARTITION:
|
|
config = kPrimaryPart;
|
|
break;
|
|
case CHROMEOS_SECONDARY_PARTITION:
|
|
config = kSecondaryPart;
|
|
break;
|
|
default:
|
|
warnx("create_devices: unable to determine partition: %s",
|
|
part_s);
|
|
return -1;
|
|
}
|
|
|
|
for (i = 0; i < kPartitionEntries; ++i) {
|
|
dev = makedev(major_num, minor_num + config[i].offset);
|
|
errno = 0;
|
|
if (mknod(config[i].name,
|
|
S_IFBLK | S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH,
|
|
dev) && errno != EEXIST) {
|
|
warn("failed to create %s", config[i].name);
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
if (symlink)
|
|
ret = rootdev_symlink_active(config[0].name);
|
|
return ret;
|
|
}
|
|
|
|
int rootdev_get_path(char *path, size_t size, const char *device,
|
|
const char *dev_path) {
|
|
int path_len;
|
|
|
|
if (!dev_path)
|
|
dev_path = kDefaultDevPath;
|
|
|
|
if (!path || !size || !device)
|
|
return -1;
|
|
|
|
path_len = snprintf(path, size, "%s/%s", dev_path, device);
|
|
if (path_len != strlen(dev_path) + 1 + strlen(device))
|
|
return -1;
|
|
|
|
// TODO(bsimonnet): We should check that |path| exists and is the right
|
|
// device. We don't do this currently as OEMs can add custom SELinux rules
|
|
// which may prevent us from accessing this.
|
|
// See b/24267261.
|
|
|
|
return 0;
|
|
}
|
|
|
|
int rootdev_wrapper(char *path, size_t size,
|
|
bool full, bool strip,
|
|
dev_t *dev,
|
|
const char *search, const char *dev_path) {
|
|
int res = 0;
|
|
char devname[PATH_MAX];
|
|
if (!search)
|
|
search = kDefaultSearchPath;
|
|
if (!dev_path)
|
|
dev_path = kDefaultDevPath;
|
|
if (!dev)
|
|
return -1;
|
|
|
|
res = rootdev_get_device(devname, sizeof(devname), *dev, search);
|
|
if (res != 0)
|
|
return res;
|
|
|
|
if (full)
|
|
rootdev_get_device_slave(devname, sizeof(devname), dev, devname,
|
|
search);
|
|
|
|
/* TODO(wad) we should really just track the block dev, partition number, and
|
|
* dev path. When we rewrite this, we can track all the sysfs info
|
|
* in the class. */
|
|
if (strip) {
|
|
/* When we strip the partition, we don't want get_path to return non-zero
|
|
* because of dev mismatch. Passing in 0 tells it to not test. */
|
|
*dev = 0;
|
|
rootdev_strip_partition(devname, size);
|
|
}
|
|
|
|
res = rootdev_get_path(path, size, devname, dev_path);
|
|
|
|
return res;
|
|
}
|
|
|
|
int rootdev(char *path, size_t size, bool full, bool strip) {
|
|
struct stat root_statbuf;
|
|
dev_t _root_dev, *root_dev = &_root_dev;
|
|
|
|
/* Yields the containing dev_t in st_dev. */
|
|
if (stat("/data", &root_statbuf) != 0)
|
|
return -1;
|
|
|
|
/* Some ABIs (like mips o32) are broken and the st_dev field isn't actually
|
|
* a dev_t. In that case, pass a pointer to a local dev_t who we took care
|
|
* of truncating the value into. On sane arches, gcc can optimize this to
|
|
* the same code, so should only be a penalty when the ABI is broken. */
|
|
if (sizeof(root_statbuf.st_dev) == sizeof(*root_dev)) {
|
|
/* Cast is OK since we verified size here. */
|
|
root_dev = (dev_t *)&root_statbuf.st_dev;
|
|
} else {
|
|
*root_dev = root_statbuf.st_dev;
|
|
}
|
|
|
|
return rootdev_wrapper(path,
|
|
size,
|
|
full,
|
|
strip,
|
|
root_dev,
|
|
NULL, /* default /sys dir */
|
|
NULL); /* default /dev dir */
|
|
}
|