blob: e4c6d55cf3fdc671d4e4966663226b9a1691bbb7 [file] [log] [blame]
/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Implements root device discovery via sysfs with optional bells and whistles.
*/
#include "rootdev.h"
#include <ctype.h>
#include <dirent.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
/*
* Limit prevents endless looping to find slave.
* We currently have at most 2 levels, this allows
* for future growth.
*/
#define MAX_SLAVE_DEPTH 8
static const char *kDefaultSearchPath = "/sys/block";
static const char *kDefaultDevPath = "/dev/block";
/* Encode the root device structuring here for Chromium OS */
static const char kActiveRoot[] = "/dev/ACTIVE_ROOT";
static const char kRootDev[] = "/dev/ROOT";
static const char kRootA[] = "/dev/ROOT0";
static const char kRootB[] = "/dev/ROOT1";
struct part_config {
const char *name;
int offset;
};
#define CHROMEOS_PRIMARY_PARTITION 3
static const struct part_config kPrimaryPart[] = { { kRootA, 0 },
{ kRootDev, -3 },
{ kRootB, 2 } };
#define CHROMEOS_SECONDARY_PARTITION 5
static const struct part_config kSecondaryPart[] = { { kRootB, 0 },
{ kRootDev, -5 },
{ kRootA, -2 } };
/* The number of entries in a part_config so we could add RootC easily. */
static const int kPartitionEntries = 3;
/* Converts a file of %u:%u -> dev_t. */
static dev_t devt_from_file(const char *file) {
char candidate[10]; /* TODO(wad) system-provided constant? */
ssize_t bytes = 0;
unsigned int major_num = 0;
unsigned int minor_num = 0;
dev_t dev = 0;
int fd = -1;
/* Never hang. Either get the data or return 0. */
fd = open(file, O_NONBLOCK | O_RDONLY);
if (fd < 0)
return 0;
bytes = read(fd, candidate, sizeof(candidate));
close(fd);
/* 0:0 should be considered the minimum size. */
if (bytes < 3)
return 0;
candidate[bytes] = 0;
if (sscanf(candidate, "%u:%u", &major_num, &minor_num) == 2) {
/* candidate's size artificially limits the size of the converted
* %u to safely convert to a signed int. */
dev = makedev(major_num, minor_num);
}
return dev;
}
/* Walks sysfs and recurses into any directory/link that represents
* a block device to find sub-devices (partitions) for dev.
* If dev == 0, the name fo the first device in the directory will be returned.
* Returns the device's name in "name" */
static int match_sysfs_device(char *name, size_t name_len,
const char *basedir, dev_t *dev, int depth) {
int found = -1;
size_t basedir_len;
DIR *dirp = NULL;
struct dirent *entry = NULL;
struct dirent *next = NULL;
char *working_path = NULL;
long working_path_size = 0;
if (!name || !name_len || !basedir || !dev) {
warnx("match_sysfs_device: invalid arguments supplied");
return -1;
}
basedir_len = strlen(basedir);
if (!basedir_len) {
warnx("match_sysfs_device: basedir must not be empty");
return -1;
}
errno = 0;
dirp = opendir(basedir);
if (!dirp) {
/* Don't complain if the directory doesn't exist. */
if (errno != ENOENT)
warn("match_sysfs_device:opendir(%s)", basedir);
return found;
}
/* Grab a platform appropriate path to work with.
* Ideally, this won't vary under sys/block. */
working_path_size = pathconf(basedir, _PC_NAME_MAX) + 1;
/* Fallback to PATH_MAX on any pathconf error. */
if (working_path_size < 0)
working_path_size = PATH_MAX;
working_path = malloc(working_path_size);
if (!working_path) {
warn("malloc(dirent)");
closedir(dirp);
return found;
}
/* Allocate a properly sized entry. */
entry = malloc(offsetof(struct dirent, d_name) + working_path_size);
if (!entry) {
warn("malloc(dirent)");
free(working_path);
closedir(dirp);
return found;
}
while (readdir_r(dirp, entry, &next) == 0 && next) {
size_t candidate_len = strlen(entry->d_name);
size_t path_len = 0;
dev_t found_devt = 0;
/* Ignore the usual */
if (!strcmp(entry->d_name, ".") || !strcmp(entry->d_name, ".."))
continue;
/* TODO(wad) determine how to best bubble up this case. */
if (candidate_len > name_len)
continue;
/* Only traverse directories or symlinks (to directories ideally) */
switch (entry->d_type) {
case DT_UNKNOWN:
case DT_DIR:
case DT_LNK:
break;
default:
continue;
}
/* Determine path to block device number */
path_len = snprintf(working_path, working_path_size, "%s/%s/dev",
basedir, entry->d_name);
/* Ignore if truncation occurs. */
if (path_len != candidate_len + basedir_len + 5)
continue;
found_devt = devt_from_file(working_path);
/* *dev == 0 is a wildcard. */
if (!*dev || found_devt == *dev) {
snprintf(name, name_len, "%s", entry->d_name);
*dev = found_devt;
found = 1;
break;
}
/* Prevent infinite recursion on symlink loops by limiting depth. */
if (depth > 5)
break;
/* Recurse one level for devices that may have a matching partition. */
if (major(found_devt) == major(*dev) && minor(*dev) > minor(found_devt)) {
sprintf(working_path, "%s/%s", basedir, entry->d_name);
found = match_sysfs_device(name, name_len, working_path, dev, depth + 1);
if (found > 0)
break;
}
}
free(working_path);
free(entry);
closedir(dirp);
return found;
}
const char *rootdev_get_partition(const char *dst, size_t len) {
const char *end = dst + strnlen(dst, len);
const char *part = end - 1;
if (!len)
return NULL;
if (!isdigit(*part--))
return NULL;
while (part > dst && isdigit(*part)) part--;
part++;
if (part >= end)
return NULL;
return part;
}
void rootdev_strip_partition(char *dst, size_t len) {
char *part = (char *)rootdev_get_partition(dst, len);
if (!part)
return;
/* For devices that end with a digit, the kernel uses a 'p'
* as a separator. E.g., mmcblk1p2. */
if (*(part - 1) == 'p')
part--;
*part = '\0';
}
int rootdev_symlink_active(const char *path) {
int ret = 0;
/* Don't overwrite an existing link. */
errno = 0;
if ((symlink(path, kActiveRoot)) && errno != EEXIST) {
warn("failed to symlink %s -> %s", kActiveRoot, path);
ret = -1;
}
return ret;
}
int rootdev_get_device(char *dst, size_t size, dev_t dev,
const char *search) {
struct stat active_root_statbuf;
if (search == NULL)
search = kDefaultSearchPath;
/* Check if the -s symlink exists. */
if ((stat(kActiveRoot, &active_root_statbuf) == 0) &&
active_root_statbuf.st_rdev == dev) {
/* Note, if the link is not fully qualified, this won't be
* either. */
ssize_t len = readlink(kActiveRoot, dst, PATH_MAX);
if (len > 0) {
dst[len] = 0;
return 0;
}
/* If readlink fails or is empty, fall through */
}
snprintf(dst, size, "%s", search);
if (match_sysfs_device(dst, size, dst, &dev, 0) <= 0) {
fprintf (stderr, "unable to find match\n");
return 1;
}
return 0;
}
/*
* rootdev_get_device_slave returns results in slave which
* may be the original device or the name of the slave.
*
* Because slave and device may point to the same data,
* must be careful how they are handled because slave
* is modified (can't use snprintf).
*/
void rootdev_get_device_slave(char *slave, size_t size, dev_t *dev,
const char *device, const char *search) {
char dst[PATH_MAX];
int len = 0;
int i;
if (search == NULL)
search = kDefaultSearchPath;
/*
* With stacked device mappers, we have to chain through all the levels
* and find the last device. For example, verity can be stacked on bootcache
* that is stacked on a disk partition.
*/
if (slave != device)
strncpy(slave, device, size);
slave[size - 1] = '\0';
for (i = 0; i < MAX_SLAVE_DEPTH; i++) {
len = snprintf(dst, sizeof(dst), "%s/%s/slaves", search, slave);
if (len != strlen(device) + strlen(search) + 8) {
warnx("rootdev_get_device_slave: device name too long");
return;
}
*dev = 0;
if (match_sysfs_device(slave, size, dst, dev, 0) <= 0) {
return;
}
}
warnx("slave depth greater than %d at %s", i, slave);
}
int rootdev_create_devices(const char *name, dev_t dev, bool symlink) {
int ret = 0;
unsigned int major_num = major(dev);
unsigned int minor_num = minor(dev);
int i;
const struct part_config *config;
const char *part_s = rootdev_get_partition(name, strlen(name));
if (part_s == NULL) {
warnx("create_devices: unable to determine partition");
return -1;
}
switch (atoi(part_s)) {
case CHROMEOS_PRIMARY_PARTITION:
config = kPrimaryPart;
break;
case CHROMEOS_SECONDARY_PARTITION:
config = kSecondaryPart;
break;
default:
warnx("create_devices: unable to determine partition: %s",
part_s);
return -1;
}
for (i = 0; i < kPartitionEntries; ++i) {
dev = makedev(major_num, minor_num + config[i].offset);
errno = 0;
if (mknod(config[i].name,
S_IFBLK | S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH,
dev) && errno != EEXIST) {
warn("failed to create %s", config[i].name);
return -1;
}
}
if (symlink)
ret = rootdev_symlink_active(config[0].name);
return ret;
}
int rootdev_get_path(char *path, size_t size, const char *device,
const char *dev_path) {
int path_len;
if (!dev_path)
dev_path = kDefaultDevPath;
if (!path || !size || !device)
return -1;
path_len = snprintf(path, size, "%s/%s", dev_path, device);
if (path_len != strlen(dev_path) + 1 + strlen(device))
return -1;
// TODO(bsimonnet): We should check that |path| exists and is the right
// device. We don't do this currently as OEMs can add custom SELinux rules
// which may prevent us from accessing this.
// See b/24267261.
return 0;
}
int rootdev_wrapper(char *path, size_t size,
bool full, bool strip,
dev_t *dev,
const char *search, const char *dev_path) {
int res = 0;
char devname[PATH_MAX];
if (!search)
search = kDefaultSearchPath;
if (!dev_path)
dev_path = kDefaultDevPath;
if (!dev)
return -1;
res = rootdev_get_device(devname, sizeof(devname), *dev, search);
if (res != 0)
return res;
if (full)
rootdev_get_device_slave(devname, sizeof(devname), dev, devname,
search);
/* TODO(wad) we should really just track the block dev, partition number, and
* dev path. When we rewrite this, we can track all the sysfs info
* in the class. */
if (strip) {
/* When we strip the partition, we don't want get_path to return non-zero
* because of dev mismatch. Passing in 0 tells it to not test. */
*dev = 0;
rootdev_strip_partition(devname, size);
}
res = rootdev_get_path(path, size, devname, dev_path);
return res;
}
int rootdev(char *path, size_t size, bool full, bool strip) {
struct stat root_statbuf;
dev_t _root_dev, *root_dev = &_root_dev;
/* Yields the containing dev_t in st_dev. */
if (stat("/data", &root_statbuf) != 0)
return -1;
/* Some ABIs (like mips o32) are broken and the st_dev field isn't actually
* a dev_t. In that case, pass a pointer to a local dev_t who we took care
* of truncating the value into. On sane arches, gcc can optimize this to
* the same code, so should only be a penalty when the ABI is broken. */
if (sizeof(root_statbuf.st_dev) == sizeof(*root_dev)) {
/* Cast is OK since we verified size here. */
root_dev = (dev_t *)&root_statbuf.st_dev;
} else {
*root_dev = root_statbuf.st_dev;
}
return rootdev_wrapper(path,
size,
full,
strip,
root_dev,
NULL, /* default /sys dir */
NULL); /* default /dev dir */
}