2 * Metadata on-disk locking for processes serialization
4 * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2016-2023 Ondrej Kozina
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 #include <linux/limits.h>
29 #include <sys/types.h>
31 #ifdef HAVE_SYS_SYSMACROS_H
32 # include <sys/sysmacros.h> /* for major, minor */
37 #include "utils_device_locking.h"
39 #define same_inode(buf1, buf2) \
40 ((buf1).st_ino == (buf2).st_ino && \
41 (buf1).st_dev == (buf2).st_dev)
54 struct crypt_lock_handle {
69 static int resource_by_name(char *res, size_t res_size, const char *name, bool fullpath)
74 r = snprintf(res, res_size, "%s/LN_%s", DEFAULT_LUKS2_LOCK_PATH, name);
76 r = snprintf(res, res_size, "LN_%s", name);
78 return (r < 0 || (size_t)r >= res_size) ? -EINVAL : 0;
81 static int resource_by_devno(char *res, size_t res_size, dev_t devno, unsigned fullpath)
86 r = snprintf(res, res_size, "%s/L_%d:%d", DEFAULT_LUKS2_LOCK_PATH, major(devno), minor(devno));
88 r = snprintf(res, res_size, "L_%d:%d", major(devno), minor(devno));
90 return (r < 0 || (size_t)r >= res_size) ? -EINVAL : 0;
93 static int open_lock_dir(struct crypt_device *cd, const char *dir, const char *base)
97 dirfd = open(dir, O_RDONLY | O_DIRECTORY | O_CLOEXEC);
99 log_dbg(cd, "Failed to open directory %s: (%d: %s).", dir, errno, strerror(errno));
100 if (errno == ENOTDIR || errno == ENOENT)
101 log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."), dir, base);
105 lockdfd = openat(dirfd, base, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
107 if (errno == ENOENT) {
108 log_dbg(cd, "Locking directory %s/%s will be created with default compiled-in permissions.", dir, base);
110 /* success or failure w/ errno == EEXIST either way just try to open the 'base' directory again */
111 if (mkdirat(dirfd, base, DEFAULT_LUKS2_LOCK_DIR_PERMS) && errno != EEXIST)
112 log_dbg(cd, "Failed to create directory %s in %s (%d: %s).", base, dir, errno, strerror(errno));
114 lockdfd = openat(dirfd, base, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
116 log_dbg(cd, "Failed to open directory %s/%s: (%d: %s)", dir, base, errno, strerror(errno));
117 if (errno == ENOTDIR || errno == ELOOP)
118 log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."), dir, base, base);
123 return lockdfd >= 0 ? lockdfd : -EINVAL;
126 static int open_resource(struct crypt_device *cd, const char *res)
128 int err, lockdir_fd, r;
129 char dir[] = DEFAULT_LUKS2_LOCK_PATH,
130 base[] = DEFAULT_LUKS2_LOCK_PATH;
132 lockdir_fd = open_lock_dir(cd, dirname(dir), basename(base));
136 log_dbg(cd, "Opening lock resource file %s/%s", DEFAULT_LUKS2_LOCK_PATH, res);
137 r = openat(lockdir_fd, res, O_CREAT | O_NOFOLLOW | O_RDWR | O_CLOEXEC, 0777);
142 return r < 0 ? -err : r;
145 static int acquire_lock_handle(struct crypt_device *cd, struct device *device, struct crypt_lock_handle *h)
151 dev_fd = open(device_path(device), O_RDONLY | O_NONBLOCK | O_CLOEXEC);
155 if (fstat(dev_fd, &st)) {
160 if (S_ISBLK(st.st_mode)) {
161 if (resource_by_devno(res, sizeof(res), st.st_rdev, 0)) {
166 fd = open_resource(cd, res);
172 h->u.bdev.devno = st.st_rdev;
173 h->mode = DEV_LOCK_BDEV;
174 } else if (S_ISREG(st.st_mode)) {
175 /* workaround for nfsv4 */
176 fd = open(device_path(device), O_RDWR | O_NONBLOCK | O_CLOEXEC);
178 h->flock_fd = dev_fd;
183 h->mode = DEV_LOCK_FILE;
185 /* Wrong device type */
193 static int acquire_lock_handle_by_name(struct crypt_device *cd, const char *name, struct crypt_lock_handle *h)
198 h->u.name.name = strdup(name);
202 if (resource_by_name(res, sizeof(res), name, false)) {
203 free(h->u.name.name);
207 fd = open_resource(cd, res);
209 free(h->u.name.name);
214 h->mode = DEV_LOCK_NAME;
219 static void release_lock_handle(struct crypt_device *cd, struct crypt_lock_handle *h)
222 struct stat buf_a, buf_b;
224 if ((h->mode == DEV_LOCK_NAME) && /* was it name lock */
225 !flock(h->flock_fd, LOCK_EX | LOCK_NB) && /* lock to drop the file */
226 !resource_by_name(res, sizeof(res), h->u.name.name, true) && /* acquire lock resource name */
227 !fstat(h->flock_fd, &buf_a) && /* read inode id referred by fd */
228 !stat(res, &buf_b) && /* does path file still exist? */
229 same_inode(buf_a, buf_b)) { /* is it same id as the one referenced by fd? */
230 /* coverity[toctou] */
231 if (unlink(res)) /* yes? unlink the file. lgtm[cpp/toctou-race-condition] */
232 log_dbg(cd, "Failed to unlink resource file: %s", res);
235 if ((h->mode == DEV_LOCK_BDEV) && /* was it block device */
236 !flock(h->flock_fd, LOCK_EX | LOCK_NB) && /* lock to drop the file */
237 !resource_by_devno(res, sizeof(res), h->u.bdev.devno, 1) && /* acquire lock resource name */
238 !fstat(h->flock_fd, &buf_a) && /* read inode id referred by fd */
239 !stat(res, &buf_b) && /* does path file still exist? */
240 same_inode(buf_a, buf_b)) { /* is it same id as the one referenced by fd? */
241 /* coverity[toctou] */
242 if (unlink(res)) /* yes? unlink the file. lgtm[cpp/toctou-race-condition] */
243 log_dbg(cd, "Failed to unlink resource file: %s", res);
246 if (h->mode == DEV_LOCK_NAME)
247 free(h->u.name.name);
249 if (close(h->flock_fd))
250 log_dbg(cd, "Failed to close lock resource fd (%d).", h->flock_fd);
253 int device_locked(struct crypt_lock_handle *h)
255 return (h && (h->type == DEV_LOCK_READ || h->type == DEV_LOCK_WRITE));
258 int device_locked_readonly(struct crypt_lock_handle *h)
260 return (h && h->type == DEV_LOCK_READ);
263 static int verify_lock_handle(struct crypt_lock_handle *h)
266 struct stat lck_st, res_st;
268 /* we locked a regular file, check during device_open() instead. No reason to check now */
269 if (h->mode == DEV_LOCK_FILE)
272 if (h->mode == DEV_LOCK_NAME) {
273 if (resource_by_name(res, sizeof(res), h->u.name.name, true))
275 } else if (h->mode == DEV_LOCK_BDEV) {
276 if (resource_by_devno(res, sizeof(res), h->u.bdev.devno, true))
281 if (fstat(h->flock_fd, &lck_st))
284 return (stat(res, &res_st) || !same_inode(lck_st, res_st)) ? -EAGAIN : 0;
287 static unsigned device_lock_inc(struct crypt_lock_handle *h)
292 static unsigned device_lock_dec(struct crypt_lock_handle *h)
299 static int acquire_and_verify(struct crypt_device *cd, struct device *device, const char *resource, int flock_op, struct crypt_lock_handle **lock)
302 struct crypt_lock_handle *h;
304 if (device && resource)
307 if (!(h = malloc(sizeof(*h))))
311 r = device ? acquire_lock_handle(cd, device, h) : acquire_lock_handle_by_name(cd, resource, h);
315 if (flock(h->flock_fd, flock_op)) {
316 log_dbg(cd, "Flock on fd %d failed with errno %d.", h->flock_fd, errno);
317 r = (errno == EWOULDBLOCK) ? -EBUSY : -EINVAL;
318 release_lock_handle(cd, h);
322 log_dbg(cd, "Verifying lock handle for %s.", device ? device_path(device) : resource);
325 * check whether another libcryptsetup process removed resource file before this
326 * one managed to flock() it. See release_lock_handle() for details
328 r = verify_lock_handle(h);
330 if (flock(h->flock_fd, LOCK_UN))
331 log_dbg(cd, "flock on fd %d failed.", h->flock_fd);
332 release_lock_handle(cd, h);
333 log_dbg(cd, "Lock handle verification failed.");
335 } while (r == -EAGAIN);
347 int device_read_lock_internal(struct crypt_device *cd, struct device *device)
350 struct crypt_lock_handle *h;
355 h = device_get_lock_handle(device);
357 if (device_locked(h)) {
359 log_dbg(cd, "Device %s READ lock (or higher) already held.", device_path(device));
363 log_dbg(cd, "Acquiring read lock for device %s.", device_path(device));
365 r = acquire_and_verify(cd, device, NULL, LOCK_SH, &h);
369 h->type = DEV_LOCK_READ;
371 device_set_lock_handle(device, h);
373 log_dbg(cd, "Device %s READ lock taken.", device_path(device));
378 int device_write_lock_internal(struct crypt_device *cd, struct device *device)
381 struct crypt_lock_handle *h;
386 h = device_get_lock_handle(device);
388 if (device_locked(h)) {
389 log_dbg(cd, "Device %s WRITE lock already held.", device_path(device));
390 return device_lock_inc(h);
393 log_dbg(cd, "Acquiring write lock for device %s.", device_path(device));
395 r = acquire_and_verify(cd, device, NULL, LOCK_EX, &h);
399 h->type = DEV_LOCK_WRITE;
401 device_set_lock_handle(device, h);
403 log_dbg(cd, "Device %s WRITE lock taken.", device_path(device));
408 int crypt_read_lock(struct crypt_device *cd, const char *resource, bool blocking, struct crypt_lock_handle **lock)
411 struct crypt_lock_handle *h;
416 log_dbg(cd, "Acquiring %sblocking read lock for resource %s.", blocking ? "" : "non", resource);
418 r = acquire_and_verify(cd, NULL, resource, LOCK_SH | (blocking ? 0 : LOCK_NB), &h);
422 h->type = DEV_LOCK_READ;
425 log_dbg(cd, "READ lock for resource %s taken.", resource);
432 int crypt_write_lock(struct crypt_device *cd, const char *resource, bool blocking, struct crypt_lock_handle **lock)
435 struct crypt_lock_handle *h;
440 log_dbg(cd, "Acquiring %sblocking write lock for resource %s.", blocking ? "" : "non", resource);
442 r = acquire_and_verify(cd, NULL, resource, LOCK_EX | (blocking ? 0 : LOCK_NB), &h);
446 h->type = DEV_LOCK_WRITE;
449 log_dbg(cd, "WRITE lock for resource %s taken.", resource);
456 static void unlock_internal(struct crypt_device *cd, struct crypt_lock_handle *h)
458 if (flock(h->flock_fd, LOCK_UN))
459 log_dbg(cd, "flock on fd %d failed.", h->flock_fd);
460 release_lock_handle(cd, h);
464 void crypt_unlock_internal(struct crypt_device *cd, struct crypt_lock_handle *h)
469 /* nested locks are illegal */
470 assert(!device_lock_dec(h));
472 log_dbg(cd, "Unlocking %s lock for resource %s.",
473 device_locked_readonly(h) ? "READ" : "WRITE", h->u.name.name);
475 unlock_internal(cd, h);
478 void device_unlock_internal(struct crypt_device *cd, struct device *device)
481 struct crypt_lock_handle *h = device_get_lock_handle(device);
482 unsigned u = device_lock_dec(h);
487 readonly = device_locked_readonly(h);
489 unlock_internal(cd, h);
491 log_dbg(cd, "Device %s %s lock released.", device_path(device),
492 readonly ? "READ" : "WRITE");
494 device_set_lock_handle(device, NULL);
497 int device_locked_verify(struct crypt_device *cd, int dev_fd, struct crypt_lock_handle *h)
500 struct stat dev_st, lck_st, st;
502 if (fstat(dev_fd, &dev_st) || fstat(h->flock_fd, &lck_st))
505 /* if device handle is regular file the handle must match the lock handle */
506 if (S_ISREG(dev_st.st_mode)) {
507 log_dbg(cd, "Verifying locked device handle (regular file)");
508 if (!same_inode(dev_st, lck_st))
510 } else if (S_ISBLK(dev_st.st_mode)) {
511 log_dbg(cd, "Verifying locked device handle (bdev)");
512 if (resource_by_devno(res, sizeof(res), dev_st.st_rdev, 1) ||
514 !same_inode(lck_st, st))
projects / platform / upstream / cryptsetup.git / blob