1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 #if HAVE_VALGRIND_MEMCHECK_H
4 #include <valgrind/memcheck.h>
9 #include <linux/blkpg.h>
11 #include <linux/loop.h>
13 #include <sys/ioctl.h>
16 #include "sd-device.h"
18 #include "alloc-util.h"
19 #include "blockdev-util.h"
20 #include "data-fd-util.h"
21 #include "device-util.h"
22 #include "devnum-util.h"
23 #include "dissect-image.h"
25 #include "errno-util.h"
29 #include "loop-util.h"
30 #include "missing_loop.h"
31 #include "parse-util.h"
32 #include "path-util.h"
33 #include "random-util.h"
34 #include "stat-util.h"
35 #include "stdio-util.h"
36 #include "string-util.h"
37 #include "tmpfile-util.h"
39 static void cleanup_clear_loop_close(int *fd
) {
43 (void) ioctl(*fd
, LOOP_CLR_FD
);
44 (void) safe_close(*fd
);
47 static int loop_is_bound(int fd
) {
48 struct loop_info64 info
;
50 if (ioctl(ASSERT_FD(fd
), LOOP_GET_STATUS64
, &info
) < 0) {
52 return false; /* not bound! */
57 return true; /* bound! */
60 static int get_current_uevent_seqnum(uint64_t *ret
) {
61 _cleanup_free_
char *p
= NULL
;
64 r
= read_full_virtual_file("/sys/kernel/uevent_seqnum", &p
, NULL
);
66 return log_debug_errno(r
, "Failed to read current uevent sequence number: %m");
68 r
= safe_atou64(strstrip(p
), ret
);
70 return log_debug_errno(r
, "Failed to parse current uevent sequence number: %s", p
);
75 static int open_lock_fd(int primary_fd
, int operation
) {
76 _cleanup_close_
int lock_fd
= -EBADF
;
78 assert(IN_SET(operation
& ~LOCK_NB
, LOCK_SH
, LOCK_EX
));
80 lock_fd
= fd_reopen(ASSERT_FD(primary_fd
), O_RDONLY
|O_CLOEXEC
|O_NONBLOCK
|O_NOCTTY
);
84 if (flock(lock_fd
, operation
) < 0)
87 return TAKE_FD(lock_fd
);
90 static int loop_configure_verify_direct_io(int fd
, const struct loop_config
*c
) {
94 if (FLAGS_SET(c
->info
.lo_flags
, LO_FLAGS_DIRECT_IO
)) {
95 struct loop_info64 info
;
97 if (ioctl(fd
, LOOP_GET_STATUS64
, &info
) < 0)
98 return log_debug_errno(errno
, "Failed to issue LOOP_GET_STATUS64: %m");
100 #if HAVE_VALGRIND_MEMCHECK_H
101 VALGRIND_MAKE_MEM_DEFINED(&info
, sizeof(info
));
104 /* On older kernels (<= 5.3) it was necessary to set the block size of the loopback block
105 * device to the logical block size of the underlying file system. Since there was no nice
106 * way to query the value, we are not bothering to do this however. On newer kernels the
107 * block size is propagated automatically and does not require intervention from us. We'll
108 * check here if enabling direct IO worked, to make this easily debuggable however.
110 * (Should anyone really care and actually wants direct IO on old kernels: it might be worth
111 * enabling direct IO with iteratively larger block sizes until it eventually works.)
113 * On older kernels (e.g.: 5.10) when this is attempted on a file stored on a dm-crypt
114 * backed partition the kernel will start returning I/O errors when accessing the mounted
115 * loop device, so return a recognizable error that causes the operation to be started
116 * from scratch without the LO_FLAGS_DIRECT_IO flag. */
117 if (!FLAGS_SET(info
.lo_flags
, LO_FLAGS_DIRECT_IO
))
118 return log_debug_errno(
119 SYNTHETIC_ERRNO(ENOANO
),
120 "Could not enable direct IO mode, retrying in buffered IO mode.");
126 static int loop_configure_verify(int fd
, const struct loop_config
*c
) {
133 if (c
->block_size
!= 0) {
136 r
= blockdev_get_sector_size(fd
, &ssz
);
140 if (ssz
!= c
->block_size
) {
141 log_debug("LOOP_CONFIGURE didn't honour requested block size %" PRIu32
", got %" PRIu32
" instead. Ignoring.", c
->block_size
, ssz
);
146 if (c
->info
.lo_sizelimit
!= 0) {
147 /* Kernel 5.8 vanilla doesn't properly propagate the size limit into the
148 * block device. If it's used, let's immediately check if it had the desired
149 * effect hence. And if not use classic LOOP_SET_STATUS64. */
152 r
= blockdev_get_device_size(fd
, &z
);
156 if (z
!= c
->info
.lo_sizelimit
) {
157 log_debug("LOOP_CONFIGURE is broken, doesn't honour .info.lo_sizelimit. Falling back to LOOP_SET_STATUS64.");
162 if (FLAGS_SET(c
->info
.lo_flags
, LO_FLAGS_PARTSCAN
)) {
163 /* Kernel 5.8 vanilla doesn't properly propagate the partition scanning flag
164 * into the block device. Let's hence verify if things work correctly here
165 * before returning. */
167 r
= blockdev_partscan_enabled(fd
);
171 log_debug("LOOP_CONFIGURE is broken, doesn't honour LO_FLAGS_PARTSCAN. Falling back to LOOP_SET_STATUS64.");
176 r
= loop_configure_verify_direct_io(fd
, c
);
183 static int loop_configure_fallback(int fd
, const struct loop_config
*c
) {
184 struct loop_info64 info_copy
;
190 /* Only some of the flags LOOP_CONFIGURE can set are also settable via LOOP_SET_STATUS64, hence mask
193 info_copy
.lo_flags
&= LOOP_SET_STATUS_SETTABLE_FLAGS
;
195 /* Since kernel commit 5db470e229e22b7eda6e23b5566e532c96fb5bc3 (kernel v5.0) the LOOP_SET_STATUS64
196 * ioctl can return EAGAIN in case we change the info.lo_offset field, if someone else is accessing the
197 * block device while we try to reconfigure it. This is a pretty common case, since udev might
198 * instantly start probing the device as soon as we attach an fd to it. Hence handle it in two ways:
199 * first, let's take the BSD lock to ensure that udev will not step in between the point in
200 * time where we attach the fd and where we reconfigure the device. Secondly, let's wait 50ms on
201 * EAGAIN and retry. The former should be an efficient mechanism to avoid we have to wait 50ms
202 * needlessly if we are just racing against udev. The latter is protection against all other cases,
203 * i.e. peers that do not take the BSD lock. */
205 for (unsigned n_attempts
= 0;;) {
206 if (ioctl(fd
, LOOP_SET_STATUS64
, &info_copy
) >= 0)
209 if (errno
!= EAGAIN
|| ++n_attempts
>= 64)
210 return log_debug_errno(errno
, "Failed to configure loopback block device: %m");
212 /* Sleep some random time, but at least 10ms, at most 250ms. Increase the delay the more
213 * failed attempts we see */
214 (void) usleep_safe(UINT64_C(10) * USEC_PER_MSEC
+
215 random_u64_range(UINT64_C(240) * USEC_PER_MSEC
* n_attempts
/64));
218 /* Work around a kernel bug, where changing offset/size of the loopback device doesn't correctly
219 * invalidate the buffer cache. For details see:
221 * https://android.googlesource.com/platform/system/apex/+/bef74542fbbb4cd629793f4efee8e0053b360570
223 * This was fixed in kernel 5.0, see:
225 * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5db470e229e22b7eda6e23b5566e532c96fb5bc3
227 * We'll run the work-around here in the legacy LOOP_SET_STATUS64 codepath. In the LOOP_CONFIGURE
228 * codepath above it should not be necessary. */
229 if (c
->info
.lo_offset
!= 0 || c
->info
.lo_sizelimit
!= 0)
230 if (ioctl(fd
, BLKFLSBUF
, 0) < 0)
231 log_debug_errno(errno
, "Failed to issue BLKFLSBUF ioctl, ignoring: %m");
233 /* If a block size is requested then try to configure it. If that doesn't work, ignore errors, but
234 * afterwards, let's validate what is in effect, and if it doesn't match what we want, fail */
235 if (c
->block_size
!= 0) {
238 if (ioctl(fd
, LOOP_SET_BLOCK_SIZE
, (unsigned long) c
->block_size
) < 0)
239 log_debug_errno(errno
, "Failed to set sector size, ignoring: %m");
241 r
= blockdev_get_sector_size(fd
, &ssz
);
243 return log_debug_errno(r
, "Failed to read sector size: %m");
244 if (ssz
!= c
->block_size
)
245 return log_debug_errno(SYNTHETIC_ERRNO(EIO
), "Sector size of loopback device doesn't match what we requested, refusing.");
248 /* LO_FLAGS_DIRECT_IO is a flags we need to configure via explicit ioctls. */
249 if (FLAGS_SET(c
->info
.lo_flags
, LO_FLAGS_DIRECT_IO
))
250 if (ioctl(fd
, LOOP_SET_DIRECT_IO
, 1UL) < 0)
251 log_debug_errno(errno
, "Failed to enable direct IO mode, ignoring: %m");
253 return loop_configure_verify_direct_io(fd
, c
);
256 static int loop_configure(
260 const struct loop_config
*c
,
263 static bool loop_configure_broken
= false;
265 _cleanup_(sd_device_unrefp
) sd_device
*dev
= NULL
;
266 _cleanup_(cleanup_clear_loop_close
) int loop_with_fd
= -EBADF
; /* This must be declared before lock_fd. */
267 _cleanup_close_
int fd
= -EBADF
, lock_fd
= -EBADF
;
268 _cleanup_free_
char *node
= NULL
;
269 uint64_t diskseq
= 0, seqnum
= UINT64_MAX
;
270 usec_t timestamp
= USEC_INFINITY
;
278 if (asprintf(&node
, "/dev/loop%i", nr
) < 0)
279 return log_oom_debug();
281 r
= sd_device_new_from_devname(&dev
, node
);
283 return log_debug_errno(r
, "Failed to create sd_device object for \"%s\": %m", node
);
285 r
= sd_device_get_devnum(dev
, &devno
);
287 return log_device_debug_errno(dev
, r
, "Failed to get devnum: %m");
289 fd
= sd_device_open(dev
, O_CLOEXEC
|O_NONBLOCK
|O_NOCTTY
|open_flags
);
291 return log_device_debug_errno(dev
, fd
, "Failed to open device: %m");
293 /* Let's lock the device before we do anything. We take the BSD lock on a second, separately opened
294 * fd for the device. udev after all watches for close() events (specifically IN_CLOSE_WRITE) on
295 * block devices to reprobe them, hence by having a separate fd we will later close() we can ensure
296 * we trigger udev after everything is done. If we'd lock our own fd instead and keep it open for a
297 * long time udev would possibly never run on it again, even though the fd is unlocked, simply
298 * because we never close() it. It also has the nice benefit we can use the _cleanup_close_ logic to
299 * automatically release the lock, after we are done. */
300 lock_fd
= open_lock_fd(fd
, LOCK_EX
);
302 return log_device_debug_errno(dev
, lock_fd
, "Failed to acquire lock: %m");
304 log_device_debug(dev
, "Acquired exclusive lock.");
306 /* Let's see if backing file is really unattached. Someone may already attach a backing file without
307 * taking BSD lock. */
308 r
= loop_is_bound(fd
);
310 return log_device_debug_errno(dev
, r
, "Failed to check if the loopback block device is bound: %m");
312 return log_device_debug_errno(dev
, SYNTHETIC_ERRNO(EBUSY
),
313 "The loopback block device is already bound, ignoring.");
315 /* Let's see if the device is really detached, i.e. currently has no associated partition block
316 * devices. On various kernels (such as 5.8) it is possible to have a loopback block device that
317 * superficially is detached but still has partition block devices associated for it. Let's then
318 * manually remove the partitions via BLKPG, and tell the caller we did that via EUCLEAN, so they try
320 r
= block_device_remove_all_partitions(dev
, fd
);
322 return log_device_debug_errno(dev
, r
, "Failed to remove partitions on the loopback block device: %m");
324 /* Removed all partitions. Let's report this to the caller, to try again, and count this as
326 return log_device_debug_errno(dev
, SYNTHETIC_ERRNO(EUCLEAN
),
327 "Removed partitions on the loopback block device.");
329 if (!loop_configure_broken
) {
330 /* Acquire uevent seqnum immediately before attaching the loopback device. This allows
331 * callers to ignore all uevents with a seqnum before this one, if they need to associate
332 * uevent with this attachment. Doing so isn't race-free though, as uevents that happen in
333 * the window between this reading of the seqnum, and the LOOP_CONFIGURE call might still be
334 * mistaken as originating from our attachment, even though might be caused by an earlier
335 * use. But doing this at least shortens the race window a bit. */
336 r
= get_current_uevent_seqnum(&seqnum
);
338 return log_device_debug_errno(dev
, r
, "Failed to get the current uevent seqnum: %m");
340 timestamp
= now(CLOCK_MONOTONIC
);
342 if (ioctl(fd
, LOOP_CONFIGURE
, c
) < 0) {
343 /* Do fallback only if LOOP_CONFIGURE is not supported, propagate all other
344 * errors. Note that the kernel is weird: non-existing ioctls currently return EINVAL
345 * rather than ENOTTY on loopback block devices. They should fix that in the kernel,
346 * but in the meantime we accept both here. */
347 if (!ERRNO_IS_NOT_SUPPORTED(errno
) && errno
!= EINVAL
)
348 return log_device_debug_errno(dev
, errno
, "ioctl(LOOP_CONFIGURE) failed: %m");
350 loop_configure_broken
= true;
352 loop_with_fd
= TAKE_FD(fd
);
354 r
= loop_configure_verify(loop_with_fd
, c
);
356 return log_device_debug_errno(dev
, r
, "Failed to verify if loopback block device is correctly configured: %m");
358 /* LOOP_CONFIGURE doesn't work. Remember that. */
359 loop_configure_broken
= true;
361 /* We return EBUSY here instead of retrying immediately with LOOP_SET_FD,
362 * because LOOP_CLR_FD is async: if the operation cannot be executed right
363 * away it just sets the autoclear flag on the device. This means there's a
364 * good chance we cannot actually reuse the loopback device right-away. Hence
365 * let's assume it's busy, avoid the trouble and let the calling loop call us
366 * again with a new, likely unused device. */
372 if (loop_configure_broken
) {
373 /* Let's read the seqnum again, to shorten the window. */
374 r
= get_current_uevent_seqnum(&seqnum
);
376 return log_device_debug_errno(dev
, r
, "Failed to get the current uevent seqnum: %m");
378 timestamp
= now(CLOCK_MONOTONIC
);
380 if (ioctl(fd
, LOOP_SET_FD
, c
->fd
) < 0)
381 return log_device_debug_errno(dev
, errno
, "ioctl(LOOP_SET_FD) failed: %m");
383 loop_with_fd
= TAKE_FD(fd
);
385 r
= loop_configure_fallback(loop_with_fd
, c
);
390 r
= fd_get_diskseq(loop_with_fd
, &diskseq
);
391 if (r
< 0 && r
!= -EOPNOTSUPP
)
392 return log_device_debug_errno(dev
, r
, "Failed to get diskseq: %m");
394 switch (lock_op
& ~LOCK_NB
) {
395 case LOCK_EX
: /* Already in effect */
397 case LOCK_SH
: /* Downgrade */
398 if (flock(lock_fd
, lock_op
) < 0)
399 return log_device_debug_errno(dev
, errno
, "Failed to downgrade lock level: %m");
401 case LOCK_UN
: /* Release */
402 lock_fd
= safe_close(lock_fd
);
405 assert_not_reached();
408 uint64_t device_size
;
409 r
= blockdev_get_device_size(loop_with_fd
, &device_size
);
411 return log_device_debug_errno(dev
, r
, "Failed to get loopback device size: %m");
413 LoopDevice
*d
= new(LoopDevice
, 1);
415 return log_oom_debug();
419 .fd
= TAKE_FD(loop_with_fd
),
420 .lock_fd
= TAKE_FD(lock_fd
),
421 .node
= TAKE_PTR(node
),
424 .dev
= TAKE_PTR(dev
),
426 .uevent_seqnum_not_before
= seqnum
,
427 .timestamp_not_before
= timestamp
,
428 .sector_size
= c
->block_size
,
429 .device_size
= device_size
,
437 static int loop_device_make_internal(
443 uint32_t sector_size
,
448 _cleanup_(loop_device_unrefp
) LoopDevice
*d
= NULL
;
449 _cleanup_close_
int reopened_fd
= -EBADF
, control
= -EBADF
;
450 _cleanup_free_
char *backing_file
= NULL
;
451 struct loop_config config
;
456 assert(IN_SET(open_flags
, O_RDWR
, O_RDONLY
));
458 if (fstat(ASSERT_FD(fd
), &st
) < 0)
461 if (S_ISBLK(st
.st_mode
)) {
462 if (offset
== 0 && IN_SET(size
, 0, UINT64_MAX
))
463 /* If this is already a block device and we are supposed to cover the whole of it
464 * then store an fd to the original open device node — and do not actually create an
465 * unnecessary loopback device for it. */
466 return loop_device_open_from_fd(fd
, open_flags
, lock_op
, ret
);
468 r
= stat_verify_regular(&st
);
474 r
= path_make_absolute_cwd(path
, &backing_file
);
478 path_simplify(backing_file
);
480 r
= fd_get_path(fd
, &backing_file
);
485 f_flags
= fcntl(fd
, F_GETFL
);
489 if (FLAGS_SET(loop_flags
, LO_FLAGS_DIRECT_IO
) != FLAGS_SET(f_flags
, O_DIRECT
)) {
490 /* If LO_FLAGS_DIRECT_IO is requested, then make sure we have the fd open with O_DIRECT, as
491 * that's required. Conversely, if it's off require that O_DIRECT is off too (that's because
492 * new kernels will implicitly enable LO_FLAGS_DIRECT_IO if O_DIRECT is set).
494 * Our intention here is that LO_FLAGS_DIRECT_IO is the primary knob, and O_DIRECT derived
495 * from that automatically. */
497 reopened_fd
= fd_reopen(fd
, (FLAGS_SET(loop_flags
, LO_FLAGS_DIRECT_IO
) ? O_DIRECT
: 0)|O_CLOEXEC
|O_NONBLOCK
|open_flags
);
498 if (reopened_fd
< 0) {
499 if (!FLAGS_SET(loop_flags
, LO_FLAGS_DIRECT_IO
))
500 return log_debug_errno(reopened_fd
, "Failed to reopen file descriptor without O_DIRECT: %m");
502 /* Some file systems might not support O_DIRECT, let's gracefully continue without it then. */
503 log_debug_errno(reopened_fd
, "Failed to enable O_DIRECT for backing file descriptor for loopback device. Continuing without.");
504 loop_flags
&= ~LO_FLAGS_DIRECT_IO
;
506 fd
= reopened_fd
; /* From now on, operate on our new O_DIRECT fd */
509 control
= open("/dev/loop-control", O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
);
513 if (sector_size
== 0)
514 /* If no sector size is specified, default to the classic default */
516 else if (sector_size
== UINT32_MAX
) {
518 if (S_ISBLK(st
.st_mode
))
519 /* If the sector size is specified as UINT32_MAX we'll propagate the sector size of
520 * the underlying block device. */
521 r
= blockdev_get_sector_size(fd
, §or_size
);
523 _cleanup_close_
int non_direct_io_fd
= -EBADF
;
526 assert(S_ISREG(st
.st_mode
));
528 /* If sector size is specified as UINT32_MAX, we'll try to probe the right sector
529 * size of the image in question by looking for the GPT partition header at various
530 * offsets. This of course only works if the image already has a disk label.
532 * So here we actually want to read the file contents ourselves. This is quite likely
533 * not going to work if we managed to enable O_DIRECT, because in such a case there
534 * are some pretty strict alignment requirements to offset, size and target, but
535 * there's no way to query what alignment specifically is actually required. Hence,
536 * let's avoid the mess, and temporarily open an fd without O_DIRECT for the probing
539 if (FLAGS_SET(loop_flags
, LO_FLAGS_DIRECT_IO
)) {
540 non_direct_io_fd
= fd_reopen(fd
, O_RDONLY
|O_CLOEXEC
|O_NONBLOCK
);
541 if (non_direct_io_fd
< 0)
542 return non_direct_io_fd
;
544 probe_fd
= non_direct_io_fd
;
548 r
= probe_sector_size(probe_fd
, §or_size
);
554 config
= (struct loop_config
) {
556 .block_size
= sector_size
,
558 /* Use the specified flags, but configure the read-only flag from the open flags, and force autoclear */
559 .lo_flags
= (loop_flags
& ~LO_FLAGS_READ_ONLY
) | ((open_flags
& O_ACCMODE
) == O_RDONLY
? LO_FLAGS_READ_ONLY
: 0) | LO_FLAGS_AUTOCLEAR
,
561 .lo_sizelimit
= size
== UINT64_MAX
? 0 : size
,
565 /* Loop around LOOP_CTL_GET_FREE, since at the moment we attempt to open the returned device it might
566 * be gone already, taken by somebody else racing against us. */
567 for (unsigned n_attempts
= 0;;) {
571 /* Let's take a lock on the control device first. On a busy system, where many programs
572 * attempt to allocate a loopback device at the same time, we might otherwise keep looping
573 * around relatively heavy operations: asking for a free loopback device, then opening it,
574 * validating it, attaching something to it. Let's serialize this whole operation, to make
575 * unnecessary busywork less likely. Note that this is just something we do to optimize our
576 * own code (and whoever else decides to use LOCK_EX locks for this), taking this lock is not
577 * necessary, it just means it's less likely we have to iterate through this loop again and
578 * again if our own code races against our own code.
580 * Note: our lock protocol is to take the /dev/loop-control lock first, and the block device
581 * lock second, if both are taken, and always in this order, to avoid ABBA locking issues. */
582 if (flock(control
, LOCK_EX
) < 0)
585 nr
= ioctl(control
, LOOP_CTL_GET_FREE
);
589 r
= loop_configure(nr
, open_flags
, lock_op
, &config
, &d
);
593 /* -ENODEV or friends: Somebody might've gotten the same number from the kernel, used the
594 * device, and called LOOP_CTL_REMOVE on it. Let's retry with a new number.
595 * -EBUSY: a file descriptor is already bound to the loopback block device.
596 * -EUCLEAN: some left-over partition devices that were cleaned up.
597 * -ENOANO: we tried to use LO_FLAGS_DIRECT_IO but the kernel rejected it. */
598 if (!ERRNO_IS_DEVICE_ABSENT(r
) && !IN_SET(r
, -EBUSY
, -EUCLEAN
, -ENOANO
))
601 /* OK, this didn't work, let's try again a bit later, but first release the lock on the
603 if (flock(control
, LOCK_UN
) < 0)
606 if (++n_attempts
>= 64) /* Give up eventually */
609 /* If we failed to enable direct IO mode, let's retry without it. We restart the process as
610 * on some combination of kernel version and storage filesystem, the kernel is very unhappy
611 * about a failed DIRECT_IO enablement and throws I/O errors. */
612 if (r
== -ENOANO
&& FLAGS_SET(config
.info
.lo_flags
, LO_FLAGS_DIRECT_IO
)) {
613 config
.info
.lo_flags
&= ~LO_FLAGS_DIRECT_IO
;
614 open_flags
&= ~O_DIRECT
;
616 int non_direct_io_fd
= fd_reopen(config
.fd
, O_CLOEXEC
|O_NONBLOCK
|open_flags
);
617 if (non_direct_io_fd
< 0)
618 return log_debug_errno(
620 "Failed to reopen file descriptor without O_DIRECT: %m");
622 safe_close(reopened_fd
);
623 fd
= config
.fd
= /* For cleanups */ reopened_fd
= non_direct_io_fd
;
626 /* Wait some random time, to make collision less likely. Let's pick a random time in the
627 * range 0ms…250ms, linearly scaled by the number of failed attempts. */
628 usec
= random_u64_range(UINT64_C(10) * USEC_PER_MSEC
+
629 UINT64_C(240) * USEC_PER_MSEC
* n_attempts
/64);
630 log_debug("Trying again after %s.", FORMAT_TIMESPAN(usec
, USEC_PER_MSEC
));
631 (void) usleep_safe(usec
);
634 d
->backing_file
= TAKE_PTR(backing_file
);
635 d
->backing_inode
= st
.st_ino
;
636 d
->backing_devno
= st
.st_dev
;
638 log_debug("Successfully acquired %s, devno=%u:%u, nr=%i, diskseq=%" PRIu64
,
640 major(d
->devno
), minor(d
->devno
),
648 static uint32_t loop_flags_mangle(uint32_t loop_flags
) {
651 r
= getenv_bool("SYSTEMD_LOOP_DIRECT_IO");
652 if (r
< 0 && r
!= -ENXIO
)
653 log_debug_errno(r
, "Failed to parse $SYSTEMD_LOOP_DIRECT_IO, ignoring: %m");
655 return UPDATE_FLAG(loop_flags
, LO_FLAGS_DIRECT_IO
, r
!= 0); /* Turn on LO_FLAGS_DIRECT_IO by default, unless explicitly configured to off. */
658 int loop_device_make(
663 uint32_t sector_size
,
671 return loop_device_make_internal(
678 loop_flags_mangle(loop_flags
),
683 int loop_device_make_by_path_at(
687 uint32_t sector_size
,
692 int r
, basic_flags
, direct_flags
, rdwr_flags
;
693 _cleanup_close_
int fd
= -EBADF
;
696 assert(dir_fd
>= 0 || dir_fd
== AT_FDCWD
);
699 assert(open_flags
< 0 || IN_SET(open_flags
, O_RDWR
, O_RDONLY
));
701 /* Passing < 0 as open_flags here means we'll try to open the device writable if we can, retrying
702 * read-only if we cannot. */
704 loop_flags
= loop_flags_mangle(loop_flags
);
706 /* Let's open with O_DIRECT if we can. But not all file systems support that, hence fall back to
707 * non-O_DIRECT mode automatically, if it fails. */
709 basic_flags
= O_CLOEXEC
|O_NONBLOCK
|O_NOCTTY
;
710 direct_flags
= FLAGS_SET(loop_flags
, LO_FLAGS_DIRECT_IO
) ? O_DIRECT
: 0;
711 rdwr_flags
= open_flags
>= 0 ? open_flags
: O_RDWR
;
713 fd
= xopenat(dir_fd
, path
, basic_flags
|direct_flags
|rdwr_flags
, /* xopen_flags = */ 0, /* mode = */ 0);
714 if (fd
< 0 && direct_flags
!= 0) /* If we had O_DIRECT on, and things failed with that, let's immediately try again without */
715 fd
= xopenat(dir_fd
, path
, basic_flags
|rdwr_flags
, /* xopen_flags = */ 0, /* mode = */ 0);
717 direct
= direct_flags
!= 0;
721 /* Retry read-only? */
722 if (open_flags
>= 0 || !(ERRNO_IS_PRIVILEGE(r
) || r
== -EROFS
))
725 fd
= xopenat(dir_fd
, path
, basic_flags
|direct_flags
|O_RDONLY
, /* xopen_flags = */ 0, /* mode = */ 0);
726 if (fd
< 0 && direct_flags
!= 0) /* as above */
727 fd
= xopenat(dir_fd
, path
, basic_flags
|O_RDONLY
, /* xopen_flags = */ 0, /* mode = */ 0);
729 direct
= direct_flags
!= 0;
731 return r
; /* Propagate original error */
733 open_flags
= O_RDONLY
;
734 } else if (open_flags
< 0)
737 log_debug("Opened '%s' in %s access mode%s, with O_DIRECT %s%s.",
739 open_flags
== O_RDWR
? "O_RDWR" : "O_RDONLY",
740 open_flags
!= rdwr_flags
? " (O_RDWR was requested but not allowed)" : "",
741 direct
? "enabled" : "disabled",
742 direct
!= (direct_flags
!= 0) ? " (O_DIRECT was requested but not supported)" : "");
744 return loop_device_make_internal(
745 dir_fd
== AT_FDCWD
? path
: NULL
,
756 int loop_device_make_by_path_memory(
759 uint32_t sector_size
,
764 _cleanup_close_
int fd
= -EBADF
, mfd
= -EBADF
;
765 _cleanup_free_
char *fn
= NULL
;
770 assert(IN_SET(open_flags
, O_RDWR
, O_RDONLY
));
773 loop_flags
&= ~LO_FLAGS_DIRECT_IO
; /* memfds don't support O_DIRECT, hence LO_FLAGS_DIRECT_IO can't be used either */
775 fd
= open(path
, O_CLOEXEC
|O_NONBLOCK
|O_NOCTTY
|O_RDONLY
);
779 if (fstat(fd
, &st
) < 0)
782 if (!S_ISREG(st
.st_mode
) && !S_ISBLK(st
.st_mode
))
785 r
= path_extract_filename(path
, &fn
);
789 mfd
= memfd_clone_fd(fd
, fn
, open_flags
|O_CLOEXEC
);
793 fd
= safe_close(fd
); /* Let's close the original early */
795 return loop_device_make_internal(NULL
, mfd
, open_flags
, 0, 0, sector_size
, loop_flags
, lock_op
, ret
);
798 static LoopDevice
* loop_device_free(LoopDevice
*d
) {
799 _cleanup_close_
int control
= -EBADF
;
805 /* Release any lock we might have on the device first. We want to open+lock the /dev/loop-control
806 * device below, but our lock protocol says that if both control and block device locks are taken,
807 * the control lock needs to be taken first, the block device lock second — in order to avoid ABBA
808 * locking issues. Moreover, we want to issue LOOP_CLR_FD on the block device further down, and that
809 * would fail if we had another fd open to the device. */
810 d
->lock_fd
= safe_close(d
->lock_fd
);
812 /* Let's open the control device early, and lock it, so that we can release our block device and
813 * delete it in a synchronized fashion, and allocators won't needlessly see the block device as free
814 * while we are about to delete it. */
815 if (!LOOP_DEVICE_IS_FOREIGN(d
) && !d
->relinquished
) {
816 control
= open("/dev/loop-control", O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
);
818 log_debug_errno(errno
, "Failed to open loop control device, cannot remove loop device '%s', ignoring: %m", strna(d
->node
));
819 else if (flock(control
, LOCK_EX
) < 0)
820 log_debug_errno(errno
, "Failed to lock loop control device, ignoring: %m");
823 /* Then let's release the loopback block device */
825 /* Implicitly sync the device, since otherwise in-flight blocks might not get written */
826 if (fsync(d
->fd
) < 0)
827 log_debug_errno(errno
, "Failed to sync loop block device, ignoring: %m");
829 if (!LOOP_DEVICE_IS_FOREIGN(d
) && !d
->relinquished
) {
830 /* We are supposed to clear the loopback device. Let's do this synchronously: lock
831 * the device, manually remove all partitions and then clear it. This should ensure
832 * udev doesn't concurrently access the devices, and we can be reasonably sure that
833 * once we are done here the device is cleared and all its partition children
834 * removed. Note that we lock our primary device fd here (and not a separate locking
835 * fd, as we do during allocation, since we want to keep the lock all the way through
836 * the LOOP_CLR_FD, but that call would fail if we had more than one fd open.) */
838 if (flock(d
->fd
, LOCK_EX
) < 0)
839 log_debug_errno(errno
, "Failed to lock loop block device, ignoring: %m");
841 r
= block_device_remove_all_partitions(d
->dev
, d
->fd
);
843 log_debug_errno(r
, "Failed to remove partitions of loopback block device, ignoring: %m");
845 if (ioctl(d
->fd
, LOOP_CLR_FD
) < 0)
846 log_debug_errno(errno
, "Failed to clear loop device, ignoring: %m");
852 /* Now that the block device is released, let's also try to remove it */
854 useconds_t delay
= 5 * USEC_PER_MSEC
; /* A total delay of 5090 ms between 39 attempts,
855 * (4*5 + 5*10 + 5*20 + … + 3*640) = 5090. */
857 for (unsigned attempt
= 1;; attempt
++) {
858 if (ioctl(control
, LOOP_CTL_REMOVE
, d
->nr
) >= 0)
860 if (errno
!= EBUSY
|| attempt
> 38) {
861 log_debug_errno(errno
, "Failed to remove device %s: %m", strna(d
->node
));
864 if (attempt
% 5 == 0) {
865 log_debug("Device is still busy after %u attempts…", attempt
);
869 (void) usleep_safe(delay
);
874 sd_device_unref(d
->dev
);
875 free(d
->backing_file
);
879 DEFINE_TRIVIAL_REF_UNREF_FUNC(LoopDevice
, loop_device
, loop_device_free
);
881 void loop_device_relinquish(LoopDevice
*d
) {
884 /* Don't attempt to clean up the loop device anymore from this point on. Leave the clean-ing up to the kernel
885 * itself, using the loop device "auto-clear" logic we already turned on when creating the device. */
887 d
->relinquished
= true;
890 void loop_device_unrelinquish(LoopDevice
*d
) {
892 d
->relinquished
= false;
895 int loop_device_open(
901 _cleanup_close_
int fd
= -EBADF
, lock_fd
= -EBADF
;
902 _cleanup_free_
char *node
= NULL
, *backing_file
= NULL
;
903 dev_t devnum
, backing_devno
= 0;
904 struct loop_info64 info
;
905 ino_t backing_inode
= 0;
906 uint64_t diskseq
= 0;
912 assert(IN_SET(open_flags
, O_RDWR
, O_RDONLY
));
915 /* Even if fd is provided through the argument in loop_device_open_from_fd(), we reopen the inode
916 * here, instead of keeping just a dup() clone of it around, since we want to ensure that the
917 * O_DIRECT flag of the handle we keep is off, we have our own file index, and have the right
918 * read/write mode in effect. */
919 fd
= sd_device_open(dev
, O_CLOEXEC
|O_NONBLOCK
|O_NOCTTY
|open_flags
);
923 if ((lock_op
& ~LOCK_NB
) != LOCK_UN
) {
924 lock_fd
= open_lock_fd(fd
, lock_op
);
929 if (ioctl(fd
, LOOP_GET_STATUS64
, &info
) >= 0) {
930 #if HAVE_VALGRIND_MEMCHECK_H
931 /* Valgrind currently doesn't know LOOP_GET_STATUS64. Remove this once it does */
932 VALGRIND_MAKE_MEM_DEFINED(&info
, sizeof(info
));
936 if (sd_device_get_sysattr_value(dev
, "loop/backing_file", &s
) >= 0) {
937 backing_file
= strdup(s
);
942 backing_devno
= info
.lo_device
;
943 backing_inode
= info
.lo_inode
;
946 r
= fd_get_diskseq(fd
, &diskseq
);
947 if (r
< 0 && r
!= -EOPNOTSUPP
)
950 uint32_t sector_size
;
951 r
= blockdev_get_sector_size(fd
, §or_size
);
955 uint64_t device_size
;
956 r
= blockdev_get_device_size(fd
, &device_size
);
960 r
= sd_device_get_devnum(dev
, &devnum
);
964 r
= sd_device_get_devname(dev
, &s
);
972 d
= new(LoopDevice
, 1);
979 .lock_fd
= TAKE_FD(lock_fd
),
981 .node
= TAKE_PTR(node
),
982 .dev
= sd_device_ref(dev
),
983 .backing_file
= TAKE_PTR(backing_file
),
984 .backing_inode
= backing_inode
,
985 .backing_devno
= backing_devno
,
986 .relinquished
= true, /* It's not ours, don't try to destroy it when this object is freed */
989 .uevent_seqnum_not_before
= UINT64_MAX
,
990 .timestamp_not_before
= USEC_INFINITY
,
991 .sector_size
= sector_size
,
992 .device_size
= device_size
,
1000 int loop_device_open_from_fd(
1006 _cleanup_(sd_device_unrefp
) sd_device
*dev
= NULL
;
1009 r
= block_device_new_from_fd(ASSERT_FD(fd
), 0, &dev
);
1013 return loop_device_open(dev
, open_flags
, lock_op
, ret
);
1016 int loop_device_open_from_path(
1022 _cleanup_(sd_device_unrefp
) sd_device
*dev
= NULL
;
1027 r
= block_device_new_from_path(path
, 0, &dev
);
1031 return loop_device_open(dev
, open_flags
, lock_op
, ret
);
1034 static int resize_partition(int partition_fd
, uint64_t offset
, uint64_t size
) {
1035 char sysfs
[STRLEN("/sys/dev/block/:/partition") + 2*DECIMAL_STR_MAX(dev_t
) + 1];
1036 _cleanup_free_
char *buffer
= NULL
;
1037 uint64_t current_offset
, current_size
, partno
;
1038 _cleanup_close_
int whole_fd
= -EBADF
;
1043 /* Resizes the partition the loopback device refer to (assuming it refers to one instead of an actual
1044 * loopback device), and changes the offset, if needed. This is a fancy wrapper around
1045 * BLKPG_RESIZE_PARTITION. */
1047 if (fstat(ASSERT_FD(partition_fd
), &st
) < 0)
1050 assert(S_ISBLK(st
.st_mode
));
1052 xsprintf(sysfs
, "/sys/dev/block/" DEVNUM_FORMAT_STR
"/partition", DEVNUM_FORMAT_VAL(st
.st_rdev
));
1053 r
= read_one_line_file(sysfs
, &buffer
);
1054 if (r
== -ENOENT
) /* not a partition, cannot resize */
1058 r
= safe_atou64(buffer
, &partno
);
1062 xsprintf(sysfs
, "/sys/dev/block/" DEVNUM_FORMAT_STR
"/start", DEVNUM_FORMAT_VAL(st
.st_rdev
));
1064 buffer
= mfree(buffer
);
1065 r
= read_one_line_file(sysfs
, &buffer
);
1068 r
= safe_atou64(buffer
, ¤t_offset
);
1071 if (current_offset
> UINT64_MAX
/512U)
1073 current_offset
*= 512U;
1075 r
= blockdev_get_device_size(partition_fd
, ¤t_size
);
1079 if (size
== UINT64_MAX
&& offset
== UINT64_MAX
)
1081 if (current_size
== size
&& current_offset
== offset
)
1084 xsprintf(sysfs
, "/sys/dev/block/" DEVNUM_FORMAT_STR
"/../dev", DEVNUM_FORMAT_VAL(st
.st_rdev
));
1086 buffer
= mfree(buffer
);
1087 r
= read_one_line_file(sysfs
, &buffer
);
1090 r
= parse_devnum(buffer
, &devno
);
1094 whole_fd
= r
= device_open_from_devnum(S_IFBLK
, devno
, O_RDWR
|O_CLOEXEC
|O_NONBLOCK
|O_NOCTTY
, NULL
);
1098 return block_device_resize_partition(
1101 offset
== UINT64_MAX
? current_offset
: offset
,
1102 size
== UINT64_MAX
? current_size
: size
);
1105 int loop_device_refresh_size(LoopDevice
*d
, uint64_t offset
, uint64_t size
) {
1106 struct loop_info64 info
;
1111 /* Changes the offset/start of the loop device relative to the beginning of the underlying file or
1112 * block device. If this loop device actually refers to a partition and not a loopback device, we'll
1113 * try to adjust the partition offsets instead.
1115 * If either offset or size is UINT64_MAX we won't change that parameter. */
1117 if (d
->nr
< 0) /* not a loopback device */
1118 return resize_partition(d
->fd
, offset
, size
);
1120 if (ioctl(d
->fd
, LOOP_GET_STATUS64
, &info
) < 0)
1123 #if HAVE_VALGRIND_MEMCHECK_H
1124 /* Valgrind currently doesn't know LOOP_GET_STATUS64. Remove this once it does */
1125 VALGRIND_MAKE_MEM_DEFINED(&info
, sizeof(info
));
1128 if (size
== UINT64_MAX
&& offset
== UINT64_MAX
)
1130 if (info
.lo_sizelimit
== size
&& info
.lo_offset
== offset
)
1133 if (size
!= UINT64_MAX
)
1134 info
.lo_sizelimit
= size
;
1135 if (offset
!= UINT64_MAX
)
1136 info
.lo_offset
= offset
;
1138 return RET_NERRNO(ioctl(d
->fd
, LOOP_SET_STATUS64
, &info
));
1141 int loop_device_flock(LoopDevice
*d
, int operation
) {
1142 assert(IN_SET(operation
& ~LOCK_NB
, LOCK_UN
, LOCK_SH
, LOCK_EX
));
1145 /* When unlocking just close the lock fd */
1146 if ((operation
& ~LOCK_NB
) == LOCK_UN
) {
1147 d
->lock_fd
= safe_close(d
->lock_fd
);
1151 /* If we had no lock fd so far, create one and lock it right-away */
1152 if (d
->lock_fd
< 0) {
1153 d
->lock_fd
= open_lock_fd(ASSERT_FD(d
->fd
), operation
);
1160 /* Otherwise change the current lock mode on the existing fd */
1161 return RET_NERRNO(flock(d
->lock_fd
, operation
));
1164 int loop_device_sync(LoopDevice
*d
) {
1167 /* We also do this implicitly in loop_device_unref(). Doing this explicitly here has the benefit that
1168 * we can check the return value though. */
1170 return RET_NERRNO(fsync(ASSERT_FD(d
->fd
)));
1173 int loop_device_set_autoclear(LoopDevice
*d
, bool autoclear
) {
1174 struct loop_info64 info
;
1178 if (ioctl(ASSERT_FD(d
->fd
), LOOP_GET_STATUS64
, &info
) < 0)
1181 if (autoclear
== FLAGS_SET(info
.lo_flags
, LO_FLAGS_AUTOCLEAR
))
1184 SET_FLAG(info
.lo_flags
, LO_FLAGS_AUTOCLEAR
, autoclear
);
1186 if (ioctl(d
->fd
, LOOP_SET_STATUS64
, &info
) < 0)
1192 int loop_device_set_filename(LoopDevice
*d
, const char *name
) {
1193 struct loop_info64 info
;
1197 /* Sets the .lo_file_name of the loopback device. This is supposed to contain the path to the file
1198 * backing the block device, but is actually just a free-form string you can pass to the kernel. Most
1199 * tools that actually care for the backing file path use the sysfs attribute file loop/backing_file
1200 * which is a kernel generated string, subject to file system namespaces and such.
1202 * .lo_file_name is useful since userspace can select it freely when creating a loopback block
1203 * device, and we can use it for /dev/disk/by-loop-ref/ symlinks, and similar, so that apps can
1204 * recognize their own loopback files. */
1206 if (name
&& strlen(name
) >= sizeof(info
.lo_file_name
))
1209 if (ioctl(ASSERT_FD(d
->fd
), LOOP_GET_STATUS64
, &info
) < 0)
1212 if (strneq((char*) info
.lo_file_name
, strempty(name
), sizeof(info
.lo_file_name
)))
1216 strncpy((char*) info
.lo_file_name
, name
, sizeof(info
.lo_file_name
)-1);
1217 info
.lo_file_name
[sizeof(info
.lo_file_name
)-1] = 0;
1219 memzero(info
.lo_file_name
, sizeof(info
.lo_file_name
));
1221 if (ioctl(d
->fd
, LOOP_SET_STATUS64
, &info
) < 0)