1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <sys/file.h>
4 #include <unistd.h>
5
6 #include "alloc-util.h"
7 #include "blockdev-util.h"
8 #include "btrfs-util.h"
9 #include "devnum-util.h"
10 #include "dirent-util.h"
11 #include "fd-util.h"
12 #include "fileio.h"
13 #include "missing_magic.h"
14 #include "parse-util.h"
15
block_get_whole_disk(dev_t d,dev_t * ret)16 int block_get_whole_disk(dev_t d, dev_t *ret) {
17 char p[SYS_BLOCK_PATH_MAX("/partition")];
18 _cleanup_free_ char *s = NULL;
19 dev_t devt;
20 int r;
21
22 assert(ret);
23
24 if (major(d) == 0)
25 return -ENODEV;
26
27 /* If it has a queue this is good enough for us */
28 xsprintf_sys_block_path(p, "/queue", d);
29 if (access(p, F_OK) >= 0) {
30 *ret = d;
31 return 0;
32 }
33 if (errno != ENOENT)
34 return -errno;
35
36 /* If it is a partition find the originating device */
37 xsprintf_sys_block_path(p, "/partition", d);
38 if (access(p, F_OK) < 0)
39 return -errno;
40
41 /* Get parent dev_t */
42 xsprintf_sys_block_path(p, "/../dev", d);
43 r = read_one_line_file(p, &s);
44 if (r < 0)
45 return r;
46
47 r = parse_devnum(s, &devt);
48 if (r < 0)
49 return r;
50
51 /* Only return this if it is really good enough for us. */
52 xsprintf_sys_block_path(p, "/queue", devt);
53 if (access(p, F_OK) < 0)
54 return -errno;
55
56 *ret = devt;
57 return 1;
58 }
59
get_block_device_fd(int fd,dev_t * ret)60 int get_block_device_fd(int fd, dev_t *ret) {
61 struct stat st;
62 int r;
63
64 assert(fd >= 0);
65 assert(ret);
66
67 /* Gets the block device directly backing a file system. If the block device is encrypted, returns
68 * the device mapper block device. */
69
70 if (fstat(fd, &st))
71 return -errno;
72
73 if (major(st.st_dev) != 0) {
74 *ret = st.st_dev;
75 return 1;
76 }
77
78 r = btrfs_get_block_device_fd(fd, ret);
79 if (r > 0)
80 return 1;
81 if (r != -ENOTTY) /* not btrfs */
82 return r;
83
84 *ret = 0;
85 return 0;
86 }
87
get_block_device(const char * path,dev_t * ret)88 int get_block_device(const char *path, dev_t *ret) {
89 _cleanup_close_ int fd = -1;
90
91 assert(path);
92 assert(ret);
93
94 fd = open(path, O_RDONLY|O_NOFOLLOW|O_CLOEXEC);
95 if (fd < 0)
96 return -errno;
97
98 return get_block_device_fd(fd, ret);
99 }
100
block_get_originating(dev_t dt,dev_t * ret)101 int block_get_originating(dev_t dt, dev_t *ret) {
102 _cleanup_closedir_ DIR *d = NULL;
103 _cleanup_free_ char *t = NULL;
104 char p[SYS_BLOCK_PATH_MAX("/slaves")];
105 _cleanup_free_ char *first_found = NULL;
106 const char *q;
107 dev_t devt;
108 int r;
109
110 /* For the specified block device tries to chase it through the layers, in case LUKS-style DM stacking is used,
111 * trying to find the next underlying layer. */
112
113 xsprintf_sys_block_path(p, "/slaves", dt);
114 d = opendir(p);
115 if (!d)
116 return -errno;
117
118 FOREACH_DIRENT_ALL(de, d, return -errno) {
119
120 if (dot_or_dot_dot(de->d_name))
121 continue;
122
123 if (!IN_SET(de->d_type, DT_LNK, DT_UNKNOWN))
124 continue;
125
126 if (first_found) {
127 _cleanup_free_ char *u = NULL, *v = NULL, *a = NULL, *b = NULL;
128
129 /* We found a device backed by multiple other devices. We don't really support
130 * automatic discovery on such setups, with the exception of dm-verity partitions. In
131 * this case there are two backing devices: the data partition and the hash
132 * partition. We are fine with such setups, however, only if both partitions are on
133 * the same physical device. Hence, let's verify this by iterating over every node
134 * in the 'slaves/' directory and comparing them with the first that gets returned by
135 * readdir(), to ensure they all point to the same device. */
136
137 u = path_join(p, de->d_name, "../dev");
138 if (!u)
139 return -ENOMEM;
140
141 v = path_join(p, first_found, "../dev");
142 if (!v)
143 return -ENOMEM;
144
145 r = read_one_line_file(u, &a);
146 if (r < 0)
147 return log_debug_errno(r, "Failed to read %s: %m", u);
148
149 r = read_one_line_file(v, &b);
150 if (r < 0)
151 return log_debug_errno(r, "Failed to read %s: %m", v);
152
153 /* Check if the parent device is the same. If not, then the two backing devices are on
154 * different physical devices, and we don't support that. */
155 if (!streq(a, b))
156 return -ENOTUNIQ;
157 } else {
158 first_found = strdup(de->d_name);
159 if (!first_found)
160 return -ENOMEM;
161 }
162 }
163
164 if (!first_found)
165 return -ENOENT;
166
167 q = strjoina(p, "/", first_found, "/dev");
168
169 r = read_one_line_file(q, &t);
170 if (r < 0)
171 return r;
172
173 r = parse_devnum(t, &devt);
174 if (r < 0)
175 return -EINVAL;
176
177 if (major(devt) == 0)
178 return -ENOENT;
179
180 *ret = devt;
181 return 1;
182 }
183
get_block_device_harder_fd(int fd,dev_t * ret)184 int get_block_device_harder_fd(int fd, dev_t *ret) {
185 int r;
186
187 assert(fd >= 0);
188 assert(ret);
189
190 /* Gets the backing block device for a file system, and handles LUKS encrypted file systems, looking for its
191 * immediate parent, if there is one. */
192
193 r = get_block_device_fd(fd, ret);
194 if (r <= 0)
195 return r;
196
197 r = block_get_originating(*ret, ret);
198 if (r < 0)
199 log_debug_errno(r, "Failed to chase block device, ignoring: %m");
200
201 return 1;
202 }
203
get_block_device_harder(const char * path,dev_t * ret)204 int get_block_device_harder(const char *path, dev_t *ret) {
205 _cleanup_close_ int fd = -1;
206
207 assert(path);
208 assert(ret);
209
210 fd = open(path, O_RDONLY|O_NOFOLLOW|O_CLOEXEC);
211 if (fd < 0)
212 return -errno;
213
214 return get_block_device_harder_fd(fd, ret);
215 }
216
lock_whole_block_device(dev_t devt,int operation)217 int lock_whole_block_device(dev_t devt, int operation) {
218 _cleanup_free_ char *whole_node = NULL;
219 _cleanup_close_ int lock_fd = -1;
220 dev_t whole_devt;
221 int r;
222
223 /* Let's get a BSD file lock on the whole block device, as per: https://systemd.io/BLOCK_DEVICE_LOCKING */
224
225 r = block_get_whole_disk(devt, &whole_devt);
226 if (r < 0)
227 return r;
228
229 r = device_path_make_major_minor(S_IFBLK, whole_devt, &whole_node);
230 if (r < 0)
231 return r;
232
233 lock_fd = open(whole_node, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
234 if (lock_fd < 0)
235 return -errno;
236
237 if (flock(lock_fd, operation) < 0)
238 return -errno;
239
240 return TAKE_FD(lock_fd);
241 }
242
blockdev_partscan_enabled(int fd)243 int blockdev_partscan_enabled(int fd) {
244 _cleanup_free_ char *p = NULL, *buf = NULL;
245 unsigned long long ull;
246 struct stat st;
247 int r;
248
249 /* Checks if partition scanning is correctly enabled on the block device */
250
251 if (fstat(fd, &st) < 0)
252 return -errno;
253
254 if (!S_ISBLK(st.st_mode))
255 return -ENOTBLK;
256
257 if (asprintf(&p, "/sys/dev/block/%u:%u/capability", major(st.st_rdev), minor(st.st_rdev)) < 0)
258 return -ENOMEM;
259
260 r = read_one_line_file(p, &buf);
261 if (r == -ENOENT) /* If the capability file doesn't exist then we are most likely looking at a
262 * partition block device, not the whole block device. And that means we have no
263 * partition scanning on for it (we do for its parent, but not for the partition
264 * itself). */
265 return false;
266 if (r < 0)
267 return r;
268
269 r = safe_atollu_full(buf, 16, &ull);
270 if (r < 0)
271 return r;
272
273 #ifndef GENHD_FL_NO_PART_SCAN
274 #define GENHD_FL_NO_PART_SCAN (0x0200)
275 #endif
276
277 return !FLAGS_SET(ull, GENHD_FL_NO_PART_SCAN);
278 }
279
blockdev_is_encrypted(const char * sysfs_path,unsigned depth_left)280 static int blockdev_is_encrypted(const char *sysfs_path, unsigned depth_left) {
281 _cleanup_free_ char *p = NULL, *uuids = NULL;
282 _cleanup_closedir_ DIR *d = NULL;
283 int r, found_encrypted = false;
284
285 assert(sysfs_path);
286
287 if (depth_left == 0)
288 return -EINVAL;
289
290 p = path_join(sysfs_path, "dm/uuid");
291 if (!p)
292 return -ENOMEM;
293
294 r = read_one_line_file(p, &uuids);
295 if (r != -ENOENT) {
296 if (r < 0)
297 return r;
298
299 /* The DM device's uuid attribute is prefixed with "CRYPT-" if this is a dm-crypt device. */
300 if (startswith(uuids, "CRYPT-"))
301 return true;
302 }
303
304 /* Not a dm-crypt device itself. But maybe it is on top of one? Follow the links in the "slaves/"
305 * subdir. */
306
307 p = mfree(p);
308 p = path_join(sysfs_path, "slaves");
309 if (!p)
310 return -ENOMEM;
311
312 d = opendir(p);
313 if (!d) {
314 if (errno == ENOENT) /* Doesn't have underlying devices */
315 return false;
316
317 return -errno;
318 }
319
320 for (;;) {
321 _cleanup_free_ char *q = NULL;
322 struct dirent *de;
323
324 errno = 0;
325 de = readdir_no_dot(d);
326 if (!de) {
327 if (errno != 0)
328 return -errno;
329
330 break; /* No more underlying devices */
331 }
332
333 q = path_join(p, de->d_name);
334 if (!q)
335 return -ENOMEM;
336
337 r = blockdev_is_encrypted(q, depth_left - 1);
338 if (r < 0)
339 return r;
340 if (r == 0) /* we found one that is not encrypted? then propagate that immediately */
341 return false;
342
343 found_encrypted = true;
344 }
345
346 return found_encrypted;
347 }
348
fd_is_encrypted(int fd)349 int fd_is_encrypted(int fd) {
350 char p[SYS_BLOCK_PATH_MAX(NULL)];
351 dev_t devt;
352 int r;
353
354 r = get_block_device_fd(fd, &devt);
355 if (r < 0)
356 return r;
357 if (r == 0) /* doesn't have a block device */
358 return false;
359
360 xsprintf_sys_block_path(p, NULL, devt);
361
362 return blockdev_is_encrypted(p, 10 /* safety net: maximum recursion depth */);
363 }
364
path_is_encrypted(const char * path)365 int path_is_encrypted(const char *path) {
366 char p[SYS_BLOCK_PATH_MAX(NULL)];
367 dev_t devt;
368 int r;
369
370 r = get_block_device(path, &devt);
371 if (r < 0)
372 return r;
373 if (r == 0) /* doesn't have a block device */
374 return false;
375
376 xsprintf_sys_block_path(p, NULL, devt);
377
378 return blockdev_is_encrypted(p, 10 /* safety net: maximum recursion depth */);
379 }
380