1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 #if HAVE_VALGRIND_MEMCHECK_H
4 #include <valgrind/memcheck.h>
9 #include <linux/blkpg.h>
11 #include <linux/loop.h>
13 #include <sys/ioctl.h>
16 #include "sd-device.h"
18 #include "alloc-util.h"
19 #include "blockdev-util.h"
20 #include "device-util.h"
21 #include "errno-util.h"
24 #include "loop-util.h"
25 #include "missing_loop.h"
26 #include "parse-util.h"
27 #include "random-util.h"
28 #include "stat-util.h"
29 #include "stdio-util.h"
30 #include "string-util.h"
31 #include "tmpfile-util.h"
33 static void cleanup_clear_loop_close(int *fd
) {
37 (void) ioctl(*fd
, LOOP_CLR_FD
);
38 (void) safe_close(*fd
);
41 static int loop_is_bound(int fd
) {
42 struct loop_info64 info
;
46 if (ioctl(fd
, LOOP_GET_STATUS64
, &info
) < 0) {
48 return false; /* not bound! */
53 return true; /* bound! */
56 static int device_has_block_children(sd_device
*d
) {
57 _cleanup_(sd_device_enumerator_unrefp
) sd_device_enumerator
*e
= NULL
;
58 const char *main_sn
, *main_ss
;
64 /* Checks if the specified device currently has block device children (i.e. partition block
67 r
= sd_device_get_sysname(d
, &main_sn
);
71 r
= sd_device_get_subsystem(d
, &main_ss
);
75 if (!streq(main_ss
, "block"))
78 r
= sd_device_enumerator_new(&e
);
82 r
= sd_device_enumerator_allow_uninitialized(e
);
86 r
= sd_device_enumerator_add_match_parent(e
, d
);
90 FOREACH_DEVICE(e
, q
) {
93 r
= sd_device_get_subsystem(q
, &ss
);
97 if (!streq(ss
, "block"))
100 r
= sd_device_get_sysname(q
, &sn
);
104 if (streq(sn
, main_sn
))
107 return 1; /* we have block device children */
113 static int loop_configure(
116 const struct loop_config
*c
,
117 bool *try_loop_configure
) {
119 _cleanup_(sd_device_unrefp
) sd_device
*d
= NULL
;
120 _cleanup_free_
char *sysname
= NULL
;
121 _cleanup_close_
int lock_fd
= -1;
127 assert(try_loop_configure
);
129 if (asprintf(&sysname
, "loop%i", nr
) < 0)
132 r
= sd_device_new_from_subsystem_sysname(&d
, "block", sysname
);
136 /* Let's lock the device before we do anything. We take the BSD lock on a second, separately opened
137 * fd for the device. udev after all watches for close() events (specifically IN_CLOSE_WRITE) on
138 * block devices to reprobe them, hence by having a separate fd we will later close() we can ensure
139 * we trigger udev after everything is done. If we'd lock our own fd instead and keep it open for a
140 * long time udev would possibly never run on it again, even though the fd is unlocked, simply
141 * because we never close() it. It also has the nice benefit we can use the _cleanup_close_ logic to
142 * automatically release the lock, after we are done. */
143 lock_fd
= fd_reopen(fd
, O_RDWR
|O_CLOEXEC
|O_NONBLOCK
|O_NOCTTY
);
146 if (flock(lock_fd
, LOCK_EX
) < 0)
149 /* Let's see if the device is really detached, i.e. currently has no associated partition block
150 * devices. On various kernels (such as 5.8) it is possible to have a loopback block device that
151 * superficially is detached but still has partition block devices associated for it. They only go
152 * away when the device is reattached. (Yes, LOOP_CLR_FD doesn't work then, because officially
153 * nothing is attached and LOOP_CTL_REMOVE doesn't either, since it doesn't care about partition
155 r
= device_has_block_children(d
);
159 r
= loop_is_bound(fd
);
165 return -EUCLEAN
; /* Bound but children? Tell caller to reattach something so that the
166 * partition block devices are gone too. */
169 if (*try_loop_configure
) {
170 if (ioctl(fd
, LOOP_CONFIGURE
, c
) < 0) {
171 /* Do fallback only if LOOP_CONFIGURE is not supported, propagate all other
172 * errors. Note that the kernel is weird: non-existing ioctls currently return EINVAL
173 * rather than ENOTTY on loopback block devices. They should fix that in the kernel,
174 * but in the meantime we accept both here. */
175 if (!ERRNO_IS_NOT_SUPPORTED(errno
) && errno
!= EINVAL
)
178 *try_loop_configure
= false;
182 if (c
->info
.lo_sizelimit
!= 0) {
183 /* Kernel 5.8 vanilla doesn't properly propagate the size limit into the
184 * block device. If it's used, let's immediately check if it had the desired
185 * effect hence. And if not use classic LOOP_SET_STATUS64. */
188 if (ioctl(fd
, BLKGETSIZE64
, &z
) < 0) {
193 if (z
!= c
->info
.lo_sizelimit
) {
194 log_debug("LOOP_CONFIGURE is broken, doesn't honour .lo_sizelimit. Falling back to LOOP_SET_STATUS64.");
199 if (FLAGS_SET(c
->info
.lo_flags
, LO_FLAGS_PARTSCAN
)) {
200 /* Kernel 5.8 vanilla doesn't properly propagate the partition scanning flag
201 * into the block device. Let's hence verify if things work correctly here
202 * before returning. */
204 r
= blockdev_partscan_enabled(fd
);
208 log_debug("LOOP_CONFIGURE is broken, doesn't honour LO_FLAGS_PARTSCAN. Falling back to LOOP_SET_STATUS64.");
214 /* LOOP_CONFIGURE doesn't work. Remember that. */
215 *try_loop_configure
= false;
217 /* We return EBUSY here instead of retrying immediately with LOOP_SET_FD,
218 * because LOOP_CLR_FD is async: if the operation cannot be executed right
219 * away it just sets the autoclear flag on the device. This means there's a
220 * good chance we cannot actually reuse the loopback device right-away. Hence
221 * let's assume it's busy, avoid the trouble and let the calling loop call us
222 * again with a new, likely unused device. */
231 /* Since kernel commit 5db470e229e22b7eda6e23b5566e532c96fb5bc3 (kernel v5.0) the LOOP_SET_STATUS64
232 * ioctl can return EAGAIN in case we change the lo_offset field, if someone else is accessing the
233 * block device while we try to reconfigure it. This is a pretty common case, since udev might
234 * instantly start probing the device as soon as we attach an fd to it. Hence handle it in two ways:
235 * first, let's take the BSD lock that that ensures that udev will not step in between the point in
236 * time where we attach the fd and where we reconfigure the device. Secondly, let's wait 50ms on
237 * EAGAIN and retry. The former should be an efficient mechanism to avoid we have to wait 50ms
238 * needlessly if we are just racing against udev. The latter is protection against all other cases,
239 * i.e. peers that do not take the BSD lock. */
241 if (ioctl(fd
, LOOP_SET_FD
, c
->fd
) < 0)
244 for (unsigned n_attempts
= 0;;) {
245 if (ioctl(fd
, LOOP_SET_STATUS64
, &c
->info
) >= 0)
247 if (errno
!= EAGAIN
|| ++n_attempts
>= 64) {
248 r
= log_debug_errno(errno
, "Failed to configure loopback device: %m");
252 /* Sleep some random time, but at least 10ms, at most 250ms. Increase the delay the more
253 * failed attempts we see */
254 (void) usleep(UINT64_C(10) * USEC_PER_MSEC
+
255 random_u64() % (UINT64_C(240) * USEC_PER_MSEC
* n_attempts
/64));
261 (void) ioctl(fd
, LOOP_CLR_FD
);
265 static int attach_empty_file(int loop
, int nr
) {
266 _cleanup_close_
int fd
= -1;
268 /* So here's the thing: on various kernels (5.8 at least) loop block devices might enter a state
269 * where they are detached but nonetheless have partitions, when used heavily. Accessing these
270 * partitions results in immediatey IO errors. There's no pretty way to get rid of them
271 * again. Neither LOOP_CLR_FD nor LOOP_CTL_REMOVE suffice (see above). What does work is to
272 * reassociate them with a new fd however. This is what we do here hence: we associate the devices
273 * with an empty file (i.e. an image that definitely has no partitions). We then immediately clear it
274 * again. This suffices to make the partitions go away. Ugly but appears to work. */
276 log_debug("Found unattached loopback block device /dev/loop%i with partitions. Attaching empty file to remove them.", nr
);
278 fd
= open_tmpfile_unlinkable(NULL
, O_RDONLY
);
282 if (flock(loop
, LOCK_EX
) < 0)
285 if (ioctl(loop
, LOOP_SET_FD
, fd
) < 0)
288 if (ioctl(loop
, LOOP_SET_STATUS64
, &(struct loop_info64
) {
289 .lo_flags
= LO_FLAGS_READ_ONLY
|
291 LO_FLAGS_PARTSCAN
, /* enable partscan, so that the partitions really go away */
295 if (ioctl(loop
, LOOP_CLR_FD
) < 0)
298 /* The caller is expected to immediately close the loopback device after this, so that the BSD lock
299 * is released, and udev sees the changes. */
303 int loop_device_make(
311 _cleanup_free_
char *loopdev
= NULL
;
312 bool try_loop_configure
= true;
313 struct loop_config config
;
314 LoopDevice
*d
= NULL
;
320 assert(IN_SET(open_flags
, O_RDWR
, O_RDONLY
));
322 if (fstat(fd
, &st
) < 0)
325 if (S_ISBLK(st
.st_mode
)) {
326 if (ioctl(fd
, LOOP_GET_STATUS64
, &config
.info
) >= 0) {
327 /* Oh! This is a loopback device? That's interesting! */
329 #if HAVE_VALGRIND_MEMCHECK_H
330 /* Valgrind currently doesn't know LOOP_GET_STATUS64. Remove this once it does */
331 VALGRIND_MAKE_MEM_DEFINED(&config
.info
, sizeof(config
.info
));
333 nr
= config
.info
.lo_number
;
335 if (asprintf(&loopdev
, "/dev/loop%i", nr
) < 0)
339 if (offset
== 0 && IN_SET(size
, 0, UINT64_MAX
)) {
340 _cleanup_close_
int copy
= -1;
342 /* If this is already a block device, store a copy of the fd as it is */
344 copy
= fcntl(fd
, F_DUPFD_CLOEXEC
, 3);
348 d
= new(LoopDevice
, 1);
354 .node
= TAKE_PTR(loopdev
),
355 .relinquished
= true, /* It's not allocated by us, don't destroy it when this object is freed */
362 r
= stat_verify_regular(&st
);
367 _cleanup_close_
int control
= -1;
368 _cleanup_(cleanup_clear_loop_close
) int loop_with_fd
= -1;
370 control
= open("/dev/loop-control", O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
);
374 config
= (struct loop_config
) {
377 /* Use the specified flags, but configure the read-only flag from the open flags, and force autoclear */
378 .lo_flags
= (loop_flags
& ~LO_FLAGS_READ_ONLY
) | ((open_flags
& O_ACCMODE
) == O_RDONLY
? LO_FLAGS_READ_ONLY
: 0) | LO_FLAGS_AUTOCLEAR
,
380 .lo_sizelimit
= size
== UINT64_MAX
? 0 : size
,
384 /* Loop around LOOP_CTL_GET_FREE, since at the moment we attempt to open the returned device it might
385 * be gone already, taken by somebody else racing against us. */
386 for (unsigned n_attempts
= 0;;) {
387 _cleanup_close_
int loop
= -1;
389 nr
= ioctl(control
, LOOP_CTL_GET_FREE
);
393 if (asprintf(&loopdev
, "/dev/loop%i", nr
) < 0)
396 loop
= open(loopdev
, O_CLOEXEC
|O_NONBLOCK
|O_NOCTTY
|open_flags
);
398 /* Somebody might've gotten the same number from the kernel, used the device,
399 * and called LOOP_CTL_REMOVE on it. Let's retry with a new number. */
400 if (!IN_SET(errno
, ENOENT
, ENXIO
))
403 r
= loop_configure(loop
, nr
, &config
, &try_loop_configure
);
405 loop_with_fd
= TAKE_FD(loop
);
409 /* Make left-over partition disappear hack (see above) */
410 r
= attach_empty_file(loop
, nr
);
411 if (r
< 0 && r
!= -EBUSY
)
413 } else if (r
!= -EBUSY
)
417 if (++n_attempts
>= 64) /* Give up eventually */
420 loopdev
= mfree(loopdev
);
422 /* Wait some random time, to make collision less likely. Let's pick a random time in the
423 * range 0ms…250ms, linearly scaled by the number of failed attempts. */
424 (void) usleep(random_u64() % (UINT64_C(10) * USEC_PER_MSEC
+
425 UINT64_C(240) * USEC_PER_MSEC
* n_attempts
/64));
428 d
= new(LoopDevice
, 1);
432 .fd
= TAKE_FD(loop_with_fd
),
433 .node
= TAKE_PTR(loopdev
),
441 int loop_device_make_by_path(const char *path
, int open_flags
, uint32_t loop_flags
, LoopDevice
**ret
) {
442 _cleanup_close_
int fd
= -1;
447 assert(open_flags
< 0 || IN_SET(open_flags
, O_RDWR
, O_RDONLY
));
449 /* Passing < 0 as open_flags here means we'll try to open the device writable if we can, retrying
450 * read-only if we cannot. */
452 fd
= open(path
, O_CLOEXEC
|O_NONBLOCK
|O_NOCTTY
|(open_flags
>= 0 ? open_flags
: O_RDWR
));
456 /* Retry read-only? */
457 if (open_flags
>= 0 || !(ERRNO_IS_PRIVILEGE(r
) || r
== -EROFS
))
460 fd
= open(path
, O_CLOEXEC
|O_NONBLOCK
|O_NOCTTY
|O_RDONLY
);
462 return r
; /* Propagate original error */
464 open_flags
= O_RDONLY
;
465 } else if (open_flags
< 0)
468 return loop_device_make(fd
, open_flags
, 0, 0, loop_flags
, ret
);
471 LoopDevice
* loop_device_unref(LoopDevice
*d
) {
476 /* Implicitly sync the device, since otherwise in-flight blocks might not get written */
477 if (fsync(d
->fd
) < 0)
478 log_debug_errno(errno
, "Failed to sync loop block device, ignoring: %m");
480 if (d
->nr
>= 0 && !d
->relinquished
) {
481 if (ioctl(d
->fd
, LOOP_CLR_FD
) < 0)
482 log_debug_errno(errno
, "Failed to clear loop device: %m");
489 if (d
->nr
>= 0 && !d
->relinquished
) {
490 _cleanup_close_
int control
= -1;
492 control
= open("/dev/loop-control", O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
);
494 log_warning_errno(errno
,
495 "Failed to open loop control device, cannot remove loop device %s: %m",
498 for (unsigned n_attempts
= 0;;) {
499 if (ioctl(control
, LOOP_CTL_REMOVE
, d
->nr
) >= 0)
501 if (errno
!= EBUSY
|| ++n_attempts
>= 64) {
502 log_warning_errno(errno
, "Failed to remove device %s: %m", strna(d
->node
));
505 (void) usleep(50 * USEC_PER_MSEC
);
513 void loop_device_relinquish(LoopDevice
*d
) {
516 /* Don't attempt to clean up the loop device anymore from this point on. Leave the clean-ing up to the kernel
517 * itself, using the loop device "auto-clear" logic we already turned on when creating the device. */
519 d
->relinquished
= true;
522 int loop_device_open(const char *loop_path
, int open_flags
, LoopDevice
**ret
) {
523 _cleanup_close_
int loop_fd
= -1;
524 _cleanup_free_
char *p
= NULL
;
525 struct loop_info64 info
;
533 loop_fd
= open(loop_path
, O_CLOEXEC
|O_NONBLOCK
|O_NOCTTY
|open_flags
);
537 if (fstat(loop_fd
, &st
) < 0)
539 if (!S_ISBLK(st
.st_mode
))
542 if (ioctl(loop_fd
, LOOP_GET_STATUS64
, &info
) >= 0) {
543 #if HAVE_VALGRIND_MEMCHECK_H
544 /* Valgrind currently doesn't know LOOP_GET_STATUS64. Remove this once it does */
545 VALGRIND_MAKE_MEM_DEFINED(&info
, sizeof(info
));
551 p
= strdup(loop_path
);
555 d
= new(LoopDevice
, 1);
560 .fd
= TAKE_FD(loop_fd
),
563 .relinquished
= true, /* It's not ours, don't try to destroy it when this object is freed */
570 static int resize_partition(int partition_fd
, uint64_t offset
, uint64_t size
) {
571 char sysfs
[STRLEN("/sys/dev/block/:/partition") + 2*DECIMAL_STR_MAX(dev_t
) + 1];
572 _cleanup_free_
char *whole
= NULL
, *buffer
= NULL
;
573 uint64_t current_offset
, current_size
, partno
;
574 _cleanup_close_
int whole_fd
= -1;
579 assert(partition_fd
>= 0);
581 /* Resizes the partition the loopback device refer to (assuming it refers to one instead of an actual
582 * loopback device), and changes the offset, if needed. This is a fancy wrapper around
583 * BLKPG_RESIZE_PARTITION. */
585 if (fstat(partition_fd
, &st
) < 0)
588 assert(S_ISBLK(st
.st_mode
));
590 xsprintf(sysfs
, "/sys/dev/block/%u:%u/partition", major(st
.st_rdev
), minor(st
.st_rdev
));
591 r
= read_one_line_file(sysfs
, &buffer
);
592 if (r
== -ENOENT
) /* not a partition, cannot resize */
596 r
= safe_atou64(buffer
, &partno
);
600 xsprintf(sysfs
, "/sys/dev/block/%u:%u/start", major(st
.st_rdev
), minor(st
.st_rdev
));
602 buffer
= mfree(buffer
);
603 r
= read_one_line_file(sysfs
, &buffer
);
606 r
= safe_atou64(buffer
, ¤t_offset
);
609 if (current_offset
> UINT64_MAX
/512U)
611 current_offset
*= 512U;
613 if (ioctl(partition_fd
, BLKGETSIZE64
, ¤t_size
) < 0)
616 if (size
== UINT64_MAX
&& offset
== UINT64_MAX
)
618 if (current_size
== size
&& current_offset
== offset
)
621 xsprintf(sysfs
, "/sys/dev/block/%u:%u/../dev", major(st
.st_rdev
), minor(st
.st_rdev
));
623 buffer
= mfree(buffer
);
624 r
= read_one_line_file(sysfs
, &buffer
);
627 r
= parse_dev(buffer
, &devno
);
631 r
= device_path_make_major_minor(S_IFBLK
, devno
, &whole
);
635 whole_fd
= open(whole
, O_RDWR
|O_CLOEXEC
|O_NONBLOCK
|O_NOCTTY
);
639 struct blkpg_partition bp
= {
641 .start
= offset
== UINT64_MAX
? current_offset
: offset
,
642 .length
= size
== UINT64_MAX
? current_size
: size
,
645 struct blkpg_ioctl_arg ba
= {
646 .op
= BLKPG_RESIZE_PARTITION
,
648 .datalen
= sizeof(bp
),
651 if (ioctl(whole_fd
, BLKPG
, &ba
) < 0)
657 int loop_device_refresh_size(LoopDevice
*d
, uint64_t offset
, uint64_t size
) {
658 struct loop_info64 info
;
661 /* Changes the offset/start of the loop device relative to the beginning of the underlying file or
662 * block device. If this loop device actually refers to a partition and not a loopback device, we'll
663 * try to adjust the partition offsets instead.
665 * If either offset or size is UINT64_MAX we won't change that parameter. */
670 if (d
->nr
< 0) /* not a loopback device */
671 return resize_partition(d
->fd
, offset
, size
);
673 if (ioctl(d
->fd
, LOOP_GET_STATUS64
, &info
) < 0)
676 #if HAVE_VALGRIND_MEMCHECK_H
677 /* Valgrind currently doesn't know LOOP_GET_STATUS64. Remove this once it does */
678 VALGRIND_MAKE_MEM_DEFINED(&info
, sizeof(info
));
681 if (size
== UINT64_MAX
&& offset
== UINT64_MAX
)
683 if (info
.lo_sizelimit
== size
&& info
.lo_offset
== offset
)
686 if (size
!= UINT64_MAX
)
687 info
.lo_sizelimit
= size
;
688 if (offset
!= UINT64_MAX
)
689 info
.lo_offset
= offset
;
691 if (ioctl(d
->fd
, LOOP_SET_STATUS64
, &info
) < 0)
697 int loop_device_flock(LoopDevice
*d
, int operation
) {
703 if (flock(d
->fd
, operation
) < 0)
709 int loop_device_sync(LoopDevice
*d
) {
712 /* We also do this implicitly in loop_device_unref(). Doing this explicitly here has the benefit that
713 * we can check the return value though. */
718 if (fsync(d
->fd
) < 0)