]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/blockdev-util.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #19995 from poettering/cred-tool
[thirdparty/systemd.git] / src / shared / blockdev-util.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <sys/file.h>
4 #include <unistd.h>
5
6 #include "alloc-util.h"
7 #include "blockdev-util.h"
8 #include "btrfs-util.h"
9 #include "dirent-util.h"
10 #include "fd-util.h"
11 #include "fileio.h"
12 #include "missing_magic.h"
13 #include "parse-util.h"
14 #include "stat-util.h"
15
16 int block_get_whole_disk(dev_t d, dev_t *ret) {
17 char p[SYS_BLOCK_PATH_MAX("/partition")];
18 _cleanup_free_ char *s = NULL;
19 dev_t devt;
20 int r;
21
22 assert(ret);
23
24 if (major(d) == 0)
25 return -ENODEV;
26
27 /* If it has a queue this is good enough for us */
28 xsprintf_sys_block_path(p, "/queue", d);
29 if (access(p, F_OK) >= 0) {
30 *ret = d;
31 return 0;
32 }
33 if (errno != ENOENT)
34 return -errno;
35
36 /* If it is a partition find the originating device */
37 xsprintf_sys_block_path(p, "/partition", d);
38 if (access(p, F_OK) < 0)
39 return -errno;
40
41 /* Get parent dev_t */
42 xsprintf_sys_block_path(p, "/../dev", d);
43 r = read_one_line_file(p, &s);
44 if (r < 0)
45 return r;
46
47 r = parse_dev(s, &devt);
48 if (r < 0)
49 return r;
50
51 /* Only return this if it is really good enough for us. */
52 xsprintf_sys_block_path(p, "/queue", devt);
53 if (access(p, F_OK) < 0)
54 return -errno;
55
56 *ret = devt;
57 return 1;
58 }
59
60 int get_block_device_fd(int fd, dev_t *ret) {
61 struct stat st;
62 int r;
63
64 assert(fd >= 0);
65 assert(ret);
66
67 /* Gets the block device directly backing a file system. If the block device is encrypted, returns
68 * the device mapper block device. */
69
70 if (fstat(fd, &st))
71 return -errno;
72
73 if (major(st.st_dev) != 0) {
74 *ret = st.st_dev;
75 return 1;
76 }
77
78 r = btrfs_get_block_device_fd(fd, ret);
79 if (r > 0)
80 return 1;
81 if (r != -ENOTTY) /* not btrfs */
82 return r;
83
84 *ret = 0;
85 return 0;
86 }
87
88 int get_block_device(const char *path, dev_t *ret) {
89 _cleanup_close_ int fd = -1;
90
91 assert(path);
92 assert(ret);
93
94 fd = open(path, O_RDONLY|O_NOFOLLOW|O_CLOEXEC);
95 if (fd < 0)
96 return -errno;
97
98 return get_block_device_fd(fd, ret);
99 }
100
101 int block_get_originating(dev_t dt, dev_t *ret) {
102 _cleanup_closedir_ DIR *d = NULL;
103 _cleanup_free_ char *t = NULL;
104 char p[SYS_BLOCK_PATH_MAX("/slaves")];
105 _cleanup_free_ char *first_found = NULL;
106 struct dirent *de;
107 const char *q;
108 dev_t devt;
109 int r;
110
111 /* For the specified block device tries to chase it through the layers, in case LUKS-style DM stacking is used,
112 * trying to find the next underlying layer. */
113
114 xsprintf_sys_block_path(p, "/slaves", dt);
115 d = opendir(p);
116 if (!d)
117 return -errno;
118
119 FOREACH_DIRENT_ALL(de, d, return -errno) {
120
121 if (dot_or_dot_dot(de->d_name))
122 continue;
123
124 if (!IN_SET(de->d_type, DT_LNK, DT_UNKNOWN))
125 continue;
126
127 if (first_found) {
128 _cleanup_free_ char *u = NULL, *v = NULL, *a = NULL, *b = NULL;
129
130 /* We found a device backed by multiple other devices. We don't really support
131 * automatic discovery on such setups, with the exception of dm-verity partitions. In
132 * this case there are two backing devices: the data partition and the hash
133 * partition. We are fine with such setups, however, only if both partitions are on
134 * the same physical device. Hence, let's verify this by iterating over every node
135 * in the 'slaves/' directory and comparing them with the first that gets returned by
136 * readdir(), to ensure they all point to the same device. */
137
138 u = path_join(p, de->d_name, "../dev");
139 if (!u)
140 return -ENOMEM;
141
142 v = path_join(p, first_found, "../dev");
143 if (!v)
144 return -ENOMEM;
145
146 r = read_one_line_file(u, &a);
147 if (r < 0)
148 return log_debug_errno(r, "Failed to read %s: %m", u);
149
150 r = read_one_line_file(v, &b);
151 if (r < 0)
152 return log_debug_errno(r, "Failed to read %s: %m", v);
153
154 /* Check if the parent device is the same. If not, then the two backing devices are on
155 * different physical devices, and we don't support that. */
156 if (!streq(a, b))
157 return -ENOTUNIQ;
158 } else {
159 first_found = strdup(de->d_name);
160 if (!first_found)
161 return -ENOMEM;
162 }
163 }
164
165 if (!first_found)
166 return -ENOENT;
167
168 q = strjoina(p, "/", first_found, "/dev");
169
170 r = read_one_line_file(q, &t);
171 if (r < 0)
172 return r;
173
174 r = parse_dev(t, &devt);
175 if (r < 0)
176 return -EINVAL;
177
178 if (major(devt) == 0)
179 return -ENOENT;
180
181 *ret = devt;
182 return 1;
183 }
184
185 int get_block_device_harder(const char *path, dev_t *ret) {
186 int r;
187
188 assert(path);
189 assert(ret);
190
191 /* Gets the backing block device for a file system, and handles LUKS encrypted file systems, looking for its
192 * immediate parent, if there is one. */
193
194 r = get_block_device(path, ret);
195 if (r <= 0)
196 return r;
197
198 r = block_get_originating(*ret, ret);
199 if (r < 0)
200 log_debug_errno(r, "Failed to chase block device '%s', ignoring: %m", path);
201
202 return 1;
203 }
204
205 int lock_whole_block_device(dev_t devt, int operation) {
206 _cleanup_free_ char *whole_node = NULL;
207 _cleanup_close_ int lock_fd = -1;
208 dev_t whole_devt;
209 int r;
210
211 /* Let's get a BSD file lock on the whole block device, as per: https://systemd.io/BLOCK_DEVICE_LOCKING */
212
213 r = block_get_whole_disk(devt, &whole_devt);
214 if (r < 0)
215 return r;
216
217 r = device_path_make_major_minor(S_IFBLK, whole_devt, &whole_node);
218 if (r < 0)
219 return r;
220
221 lock_fd = open(whole_node, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
222 if (lock_fd < 0)
223 return -errno;
224
225 if (flock(lock_fd, operation) < 0)
226 return -errno;
227
228 return TAKE_FD(lock_fd);
229 }
230
231 int blockdev_partscan_enabled(int fd) {
232 _cleanup_free_ char *p = NULL, *buf = NULL;
233 unsigned long long ull;
234 struct stat st;
235 int r;
236
237 /* Checks if partition scanning is correctly enabled on the block device */
238
239 if (fstat(fd, &st) < 0)
240 return -errno;
241
242 if (!S_ISBLK(st.st_mode))
243 return -ENOTBLK;
244
245 if (asprintf(&p, "/sys/dev/block/%u:%u/capability", major(st.st_rdev), minor(st.st_rdev)) < 0)
246 return -ENOMEM;
247
248 r = read_one_line_file(p, &buf);
249 if (r == -ENOENT) /* If the capability file doesn't exist then we are most likely looking at a
250 * partition block device, not the whole block device. And that means we have no
251 * partition scanning on for it (we do for its parent, but not for the partition
252 * itself). */
253 return false;
254 if (r < 0)
255 return r;
256
257 r = safe_atollu_full(buf, 16, &ull);
258 if (r < 0)
259 return r;
260
261 #ifndef GENHD_FL_NO_PART_SCAN
262 #define GENHD_FL_NO_PART_SCAN (0x0200)
263 #endif
264
265 return !FLAGS_SET(ull, GENHD_FL_NO_PART_SCAN);
266 }
267
268 static int blockdev_is_encrypted(const char *sysfs_path, unsigned depth_left) {
269 _cleanup_free_ char *p = NULL, *uuids = NULL;
270 _cleanup_closedir_ DIR *d = NULL;
271 int r, found_encrypted = false;
272
273 assert(sysfs_path);
274
275 if (depth_left == 0)
276 return -EINVAL;
277
278 p = path_join(sysfs_path, "dm/uuid");
279 if (!p)
280 return -ENOMEM;
281
282 r = read_one_line_file(p, &uuids);
283 if (r != -ENOENT) {
284 if (r < 0)
285 return r;
286
287 /* The DM device's uuid attribute is prefixed with "CRYPT-" if this is a dm-crypt device. */
288 if (startswith(uuids, "CRYPT-"))
289 return true;
290 }
291
292 /* Not a dm-crypt device itself. But maybe it is on top of one? Follow the links in the "slaves/"
293 * subdir. */
294
295 p = mfree(p);
296 p = path_join(sysfs_path, "slaves");
297 if (!p)
298 return -ENOMEM;
299
300 d = opendir(p);
301 if (!d) {
302 if (errno == ENOENT) /* Doesn't have underlying devices */
303 return false;
304
305 return -errno;
306 }
307
308 for (;;) {
309 _cleanup_free_ char *q = NULL;
310 struct dirent *de;
311
312 errno = 0;
313 de = readdir_no_dot(d);
314 if (!de) {
315 if (errno != 0)
316 return -errno;
317
318 break; /* No more underlying devices */
319 }
320
321 q = path_join(p, de->d_name);
322 if (!q)
323 return -ENOMEM;
324
325 r = blockdev_is_encrypted(q, depth_left - 1);
326 if (r < 0)
327 return r;
328 if (r == 0) /* we found one that is not encrypted? then propagate that immediately */
329 return false;
330
331 found_encrypted = true;
332 }
333
334 return found_encrypted;
335 }
336
337 int fd_is_encrypted(int fd) {
338 char p[SYS_BLOCK_PATH_MAX(NULL)];
339 dev_t devt;
340 int r;
341
342 r = get_block_device_fd(fd, &devt);
343 if (r < 0)
344 return r;
345 if (r == 0) /* doesn't have a block device */
346 return false;
347
348 xsprintf_sys_block_path(p, NULL, devt);
349
350 return blockdev_is_encrypted(p, 10 /* safety net: maximum recursion depth */);
351 }
352
353 int path_is_encrypted(const char *path) {
354 char p[SYS_BLOCK_PATH_MAX(NULL)];
355 dev_t devt;
356 int r;
357
358 r = get_block_device(path, &devt);
359 if (r < 0)
360 return r;
361 if (r == 0) /* doesn't have a block device */
362 return false;
363
364 xsprintf_sys_block_path(p, NULL, devt);
365
366 return blockdev_is_encrypted(p, 10 /* safety net: maximum recursion depth */);
367 }
Unnamed repository; edit this file 'description' to name the repository.