|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PATCH v2 08/16] device-mapper: Allow userspace to provide expected diskseq
This can be used to avoid race conditions in which a device is destroyed
and recreated with the same major/minor, name, or UUID. diskseqs are
only honored if strict parameter checking is on, to avoid any risk of
breaking old userspace.
Signed-off-by: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>
---
drivers/md/dm-ioctl.c | 48 ++++++++++++++++++++++++++++-------
include/uapi/linux/dm-ioctl.h | 33 +++++++++++++++++++++---
2 files changed, 69 insertions(+), 12 deletions(-)
diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
index
cf752e72ef6a2d8f8230e5bd6d1a6dc817a4f597..01cdf57bcafbf7f3e1b8304eec28792c6b24642d
100644
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -871,6 +871,9 @@ static void __dev_status(struct mapped_device *md, struct
dm_ioctl *param)
}
dm_put_live_table(md, srcu_idx);
}
+
+ if (param->version[0] >= DM_VERSION_MAJOR_STRICT)
+ dm_set_diskseq(param, disk->diskseq);
}
static int dev_create(struct file *filp, struct dm_ioctl *param, size_t
param_size)
@@ -889,6 +892,8 @@ static int dev_create(struct file *filp, struct dm_ioctl
*param, size_t param_si
if (r)
return r;
+ param->flags &= ~DM_INACTIVE_PRESENT_FLAG;
+
r = dm_hash_insert(param->name, *param->uuid ? param->uuid : NULL, md);
if (r) {
dm_put(md);
@@ -909,6 +914,7 @@ static int dev_create(struct file *filp, struct dm_ioctl
*param, size_t param_si
static struct hash_cell *__find_device_hash_cell(struct dm_ioctl *param)
{
struct hash_cell *hc = NULL;
+ static_assert(offsetof(struct dm_ioctl, diskseq_high) ==
offsetof(struct dm_ioctl, data) + 3);
if (*param->uuid) {
if (*param->name || param->dev) {
@@ -937,6 +943,27 @@ static struct hash_cell *__find_device_hash_cell(struct
dm_ioctl *param)
} else
return NULL;
+ if (param->version[0] >= DM_VERSION_MAJOR_STRICT) {
+ u64 expected_diskseq = dm_get_diskseq(param);
+ u64 diskseq;
+ struct mapped_device *md = hc->md;
+
+ if (WARN_ON_ONCE(md->disk == NULL))
+ return NULL;
+ diskseq = md->disk->diskseq;
+ if (WARN_ON_ONCE(diskseq == 0))
+ return NULL;
+ if (expected_diskseq != 0) {
+ if (expected_diskseq != diskseq) {
+ DMERR("Diskseq mismatch: expected %llu actual
%llu",
+ expected_diskseq, diskseq);
+ return NULL;
+ }
+ } else {
+ dm_set_diskseq(param, diskseq);
+ }
+ }
+
/*
* Sneakily write in both the name and the uuid
* while we have the cell.
@@ -2088,7 +2115,6 @@ static int validate_params(uint cmd, struct dm_ioctl
*param,
uint32_t ioctl_flags, uint32_t supported_flags)
{
static_assert(__same_type(param->flags, supported_flags));
- u64 zero = 0;
if (cmd == DM_DEV_CREATE_CMD) {
if (!*param->name) {
@@ -2112,14 +2138,24 @@ static int validate_params(uint cmd, struct dm_ioctl
*param,
return 0;
}
+ if (param->data_size < sizeof(struct dm_ioctl)) {
+ DMERR("Entire struct dm_ioctl (size %zu) must be valid, but
only %u was valid",
+ sizeof(struct dm_ioctl), param->data_size);
+ return -EINVAL;
+ }
+
/* Check that strings are terminated */
if (!no_non_nul_after_nul(param->name, DM_NAME_LEN, cmd, "Name") ||
!no_non_nul_after_nul(param->uuid, DM_UUID_LEN, cmd, "UUID")) {
return -EINVAL;
}
- if (memcmp(param->data, &zero, sizeof(param->data)) != 0) {
- DMERR("second padding field not zeroed in strict mode (cmd
%u)", cmd);
+ /*
+ * This also reads the NUL terminator of the UUID, but that has already
been
+ * checked to be zero by no_non_nul_after_nul().
+ */
+ if (*(const u32 *)((const char *)param + sizeof(struct dm_ioctl) - 8)
!= 0) {
+ DMERR("padding field not zeroed in strict mode (cmd %u)", cmd);
return -EINVAL;
}
@@ -2129,12 +2165,6 @@ static int validate_params(uint cmd, struct dm_ioctl
*param,
return -EINVAL;
}
- if (param->padding) {
- DMERR("padding not zeroed in strict mode (got %u, cmd %u)",
- param->padding, cmd);
- return -EINVAL;
- }
-
if (param->open_count != 0) {
DMERR("open_count not zeroed in strict mode (got %d, cmd %u)",
param->open_count, cmd);
diff --git a/include/uapi/linux/dm-ioctl.h b/include/uapi/linux/dm-ioctl.h
index
81103e1dcdac3015204e9c05d73037191e965d59..5647b218f24b626f5c1cefe8bec18dc04373c3d0
100644
--- a/include/uapi/linux/dm-ioctl.h
+++ b/include/uapi/linux/dm-ioctl.h
@@ -136,16 +136,43 @@ struct dm_ioctl {
* For output, the ioctls return the event number, not the cookie.
*/
__u32 event_nr; /* in/out */
- __u32 padding;
+
+ union {
+ /* valid if DM_VERSION_MAJOR is used */
+ __u32 padding; /* padding */
+ /* valid if DM_VERSION_MAJOR_STRICT is used */
+ __u32 diskseq_low; /* in/out: low 4 bytes of the diskseq */
+ };
__u64 dev; /* in/out */
char name[DM_NAME_LEN]; /* device name */
char uuid[DM_UUID_LEN]; /* unique identifier for
* the block device */
- char data[7]; /* padding or data */
+ union {
+ /* valid if DM_VERSION_MAJOR is used */
+ char data[7]; /* padding or data */
+ /* valid if DM_VERSION_MAJOR_STRICT is used */
+ struct {
+ char _padding[3]; /* padding */
+ __u32 diskseq_high; /* in/out: high 4 bytes of the
diskseq */
+ } __attribute__((packed));
+ };
};
+__attribute__((always_inline)) static inline __u64
+dm_get_diskseq(const struct dm_ioctl *_i)
+{
+ return (__u64)_i->diskseq_high << 32 | (__u64)_i->diskseq_low;
+}
+
+__attribute__((always_inline)) static inline void
+dm_set_diskseq(struct dm_ioctl *_i, __u64 _diskseq)
+{
+ _i->diskseq_low = (__u32)(_diskseq & 0xFFFFFFFFU);
+ _i->diskseq_high = (__u32)(_diskseq >> 32);
+}
+
/*
* Used to specify tables. These structures appear after the
* dm_ioctl.
@@ -402,6 +429,6 @@ enum {
* If DM_VERSION_MAJOR_STRICT is used, these flags are reserved and
* must be zeroed.
*/
-#define DM_STRICT_ONLY_FLAGS ((__u32)0xFFF00004)
+#define DM_STRICT_ONLY_FLAGS ((__u32)(~((1UL << 19) - 1) | 1 << 9 | 1 << 7))
#endif /* _LINUX_DM_IOCTL_H */
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |