1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2001, 2002 Sistina Software (UK) Limited. 4 * Copyright (C) 2004 - 2006 Red Hat, Inc. All rights reserved. 5 * 6 * This file is released under the GPL. 7 */ 8 9 #include "dm-core.h" 10 #include "dm-ima.h" 11 #include <linux/module.h> 12 #include <linux/vmalloc.h> 13 #include <linux/miscdevice.h> 14 #include <linux/sched/mm.h> 15 #include <linux/init.h> 16 #include <linux/wait.h> 17 #include <linux/slab.h> 18 #include <linux/rbtree.h> 19 #include <linux/dm-ioctl.h> 20 #include <linux/hdreg.h> 21 #include <linux/compat.h> 22 #include <linux/nospec.h> 23 24 #include <linux/uaccess.h> 25 #include <linux/ima.h> 26 27 #define DM_MSG_PREFIX "ioctl" 28 #define DM_DRIVER_EMAIL "dm-devel@redhat.com" 29 30 struct dm_file { 31 /* 32 * poll will wait until the global event number is greater than 33 * this value. 34 */ 35 volatile unsigned int global_event_nr; 36 }; 37 38 /* 39 *--------------------------------------------------------------- 40 * The ioctl interface needs to be able to look up devices by 41 * name or uuid. 42 *--------------------------------------------------------------- 43 */ 44 struct hash_cell { 45 struct rb_node name_node; 46 struct rb_node uuid_node; 47 bool name_set; 48 bool uuid_set; 49 50 char *name; 51 char *uuid; 52 struct mapped_device *md; 53 struct dm_table *new_map; 54 }; 55 56 struct vers_iter { 57 size_t param_size; 58 struct dm_target_versions *vers, *old_vers; 59 char *end; 60 uint32_t flags; 61 }; 62 63 64 static struct rb_root name_rb_tree = RB_ROOT; 65 static struct rb_root uuid_rb_tree = RB_ROOT; 66 67 static void dm_hash_remove_all(bool keep_open_devices, bool mark_deferred, bool only_deferred); 68 69 /* 70 * Guards access to both hash tables. 71 */ 72 static DECLARE_RWSEM(_hash_lock); 73 74 /* 75 * Protects use of mdptr to obtain hash cell name and uuid from mapped device. 76 */ 77 static DEFINE_MUTEX(dm_hash_cells_mutex); 78 79 static void dm_hash_exit(void) 80 { 81 dm_hash_remove_all(false, false, false); 82 } 83 84 /* 85 *--------------------------------------------------------------- 86 * Code for looking up a device by name 87 *--------------------------------------------------------------- 88 */ 89 static struct hash_cell *__get_name_cell(const char *str) 90 { 91 struct rb_node *n = name_rb_tree.rb_node; 92 93 while (n) { 94 struct hash_cell *hc = container_of(n, struct hash_cell, name_node); 95 int c; 96 97 c = strcmp(hc->name, str); 98 if (!c) { 99 dm_get(hc->md); 100 return hc; 101 } 102 n = c >= 0 ? n->rb_left : n->rb_right; 103 } 104 105 return NULL; 106 } 107 108 static struct hash_cell *__get_uuid_cell(const char *str) 109 { 110 struct rb_node *n = uuid_rb_tree.rb_node; 111 112 while (n) { 113 struct hash_cell *hc = container_of(n, struct hash_cell, uuid_node); 114 int c; 115 116 c = strcmp(hc->uuid, str); 117 if (!c) { 118 dm_get(hc->md); 119 return hc; 120 } 121 n = c >= 0 ? n->rb_left : n->rb_right; 122 } 123 124 return NULL; 125 } 126 127 static void __unlink_name(struct hash_cell *hc) 128 { 129 if (hc->name_set) { 130 hc->name_set = false; 131 rb_erase(&hc->name_node, &name_rb_tree); 132 } 133 } 134 135 static void __unlink_uuid(struct hash_cell *hc) 136 { 137 if (hc->uuid_set) { 138 hc->uuid_set = false; 139 rb_erase(&hc->uuid_node, &uuid_rb_tree); 140 } 141 } 142 143 static void __link_name(struct hash_cell *new_hc) 144 { 145 struct rb_node **n, *parent; 146 147 __unlink_name(new_hc); 148 149 new_hc->name_set = true; 150 151 n = &name_rb_tree.rb_node; 152 parent = NULL; 153 154 while (*n) { 155 struct hash_cell *hc = container_of(*n, struct hash_cell, name_node); 156 int c; 157 158 c = strcmp(hc->name, new_hc->name); 159 BUG_ON(!c); 160 parent = *n; 161 n = c >= 0 ? &hc->name_node.rb_left : &hc->name_node.rb_right; 162 } 163 164 rb_link_node(&new_hc->name_node, parent, n); 165 rb_insert_color(&new_hc->name_node, &name_rb_tree); 166 } 167 168 static void __link_uuid(struct hash_cell *new_hc) 169 { 170 struct rb_node **n, *parent; 171 172 __unlink_uuid(new_hc); 173 174 new_hc->uuid_set = true; 175 176 n = &uuid_rb_tree.rb_node; 177 parent = NULL; 178 179 while (*n) { 180 struct hash_cell *hc = container_of(*n, struct hash_cell, uuid_node); 181 int c; 182 183 c = strcmp(hc->uuid, new_hc->uuid); 184 BUG_ON(!c); 185 parent = *n; 186 n = c > 0 ? &hc->uuid_node.rb_left : &hc->uuid_node.rb_right; 187 } 188 189 rb_link_node(&new_hc->uuid_node, parent, n); 190 rb_insert_color(&new_hc->uuid_node, &uuid_rb_tree); 191 } 192 193 static struct hash_cell *__get_dev_cell(uint64_t dev) 194 { 195 struct mapped_device *md; 196 struct hash_cell *hc; 197 198 md = dm_get_md(huge_decode_dev(dev)); 199 if (!md) 200 return NULL; 201 202 hc = dm_get_mdptr(md); 203 if (!hc) { 204 dm_put(md); 205 return NULL; 206 } 207 208 return hc; 209 } 210 211 /* 212 *--------------------------------------------------------------- 213 * Inserting, removing and renaming a device. 214 *--------------------------------------------------------------- 215 */ 216 static struct hash_cell *alloc_cell(const char *name, const char *uuid, 217 struct mapped_device *md) 218 { 219 struct hash_cell *hc; 220 221 hc = kmalloc(sizeof(*hc), GFP_KERNEL); 222 if (!hc) 223 return NULL; 224 225 hc->name = kstrdup(name, GFP_KERNEL); 226 if (!hc->name) { 227 kfree(hc); 228 return NULL; 229 } 230 231 if (!uuid) 232 hc->uuid = NULL; 233 234 else { 235 hc->uuid = kstrdup(uuid, GFP_KERNEL); 236 if (!hc->uuid) { 237 kfree(hc->name); 238 kfree(hc); 239 return NULL; 240 } 241 } 242 243 hc->name_set = hc->uuid_set = false; 244 hc->md = md; 245 hc->new_map = NULL; 246 return hc; 247 } 248 249 static void free_cell(struct hash_cell *hc) 250 { 251 if (hc) { 252 kfree(hc->name); 253 kfree(hc->uuid); 254 kfree(hc); 255 } 256 } 257 258 /* 259 * The kdev_t and uuid of a device can never change once it is 260 * initially inserted. 261 */ 262 static int dm_hash_insert(const char *name, const char *uuid, struct mapped_device *md) 263 { 264 struct hash_cell *cell, *hc; 265 266 /* 267 * Allocate the new cells. 268 */ 269 cell = alloc_cell(name, uuid, md); 270 if (!cell) 271 return -ENOMEM; 272 273 /* 274 * Insert the cell into both hash tables. 275 */ 276 down_write(&_hash_lock); 277 hc = __get_name_cell(name); 278 if (hc) { 279 dm_put(hc->md); 280 goto bad; 281 } 282 283 __link_name(cell); 284 285 if (uuid) { 286 hc = __get_uuid_cell(uuid); 287 if (hc) { 288 __unlink_name(cell); 289 dm_put(hc->md); 290 goto bad; 291 } 292 __link_uuid(cell); 293 } 294 dm_get(md); 295 mutex_lock(&dm_hash_cells_mutex); 296 dm_set_mdptr(md, cell); 297 mutex_unlock(&dm_hash_cells_mutex); 298 up_write(&_hash_lock); 299 300 return 0; 301 302 bad: 303 up_write(&_hash_lock); 304 free_cell(cell); 305 return -EBUSY; 306 } 307 308 static struct dm_table *__hash_remove(struct hash_cell *hc) 309 { 310 struct dm_table *table; 311 int srcu_idx; 312 313 lockdep_assert_held(&_hash_lock); 314 315 /* remove from the dev trees */ 316 __unlink_name(hc); 317 __unlink_uuid(hc); 318 mutex_lock(&dm_hash_cells_mutex); 319 dm_set_mdptr(hc->md, NULL); 320 mutex_unlock(&dm_hash_cells_mutex); 321 322 table = dm_get_live_table(hc->md, &srcu_idx); 323 if (table) 324 dm_table_event(table); 325 dm_put_live_table(hc->md, srcu_idx); 326 327 table = NULL; 328 if (hc->new_map) 329 table = hc->new_map; 330 dm_put(hc->md); 331 free_cell(hc); 332 333 return table; 334 } 335 336 static void dm_hash_remove_all(bool keep_open_devices, bool mark_deferred, bool only_deferred) 337 { 338 int dev_skipped; 339 struct rb_node *n; 340 struct hash_cell *hc; 341 struct mapped_device *md; 342 struct dm_table *t; 343 344 retry: 345 dev_skipped = 0; 346 347 down_write(&_hash_lock); 348 349 for (n = rb_first(&name_rb_tree); n; n = rb_next(n)) { 350 hc = container_of(n, struct hash_cell, name_node); 351 md = hc->md; 352 dm_get(md); 353 354 if (keep_open_devices && 355 dm_lock_for_deletion(md, mark_deferred, only_deferred)) { 356 dm_put(md); 357 dev_skipped++; 358 continue; 359 } 360 361 t = __hash_remove(hc); 362 363 up_write(&_hash_lock); 364 365 if (t) { 366 dm_sync_table(md); 367 dm_table_destroy(t); 368 } 369 dm_ima_measure_on_device_remove(md, true); 370 dm_put(md); 371 if (likely(keep_open_devices)) 372 dm_destroy(md); 373 else 374 dm_destroy_immediate(md); 375 376 /* 377 * Some mapped devices may be using other mapped 378 * devices, so repeat until we make no further 379 * progress. If a new mapped device is created 380 * here it will also get removed. 381 */ 382 goto retry; 383 } 384 385 up_write(&_hash_lock); 386 387 if (dev_skipped) 388 DMWARN("remove_all left %d open device(s)", dev_skipped); 389 } 390 391 /* 392 * Set the uuid of a hash_cell that isn't already set. 393 */ 394 static void __set_cell_uuid(struct hash_cell *hc, char *new_uuid) 395 { 396 mutex_lock(&dm_hash_cells_mutex); 397 hc->uuid = new_uuid; 398 mutex_unlock(&dm_hash_cells_mutex); 399 400 __link_uuid(hc); 401 } 402 403 /* 404 * Changes the name of a hash_cell and returns the old name for 405 * the caller to free. 406 */ 407 static char *__change_cell_name(struct hash_cell *hc, char *new_name) 408 { 409 char *old_name; 410 411 /* 412 * Rename and move the name cell. 413 */ 414 __unlink_name(hc); 415 old_name = hc->name; 416 417 mutex_lock(&dm_hash_cells_mutex); 418 hc->name = new_name; 419 mutex_unlock(&dm_hash_cells_mutex); 420 421 __link_name(hc); 422 423 return old_name; 424 } 425 426 static struct mapped_device *dm_hash_rename(struct dm_ioctl *param, 427 const char *new) 428 { 429 char *new_data, *old_name = NULL; 430 struct hash_cell *hc; 431 struct dm_table *table; 432 struct mapped_device *md; 433 unsigned int change_uuid = (param->flags & DM_UUID_FLAG) ? 1 : 0; 434 int srcu_idx; 435 436 /* 437 * duplicate new. 438 */ 439 new_data = kstrdup(new, GFP_KERNEL); 440 if (!new_data) 441 return ERR_PTR(-ENOMEM); 442 443 down_write(&_hash_lock); 444 445 /* 446 * Is new free ? 447 */ 448 if (change_uuid) 449 hc = __get_uuid_cell(new); 450 else 451 hc = __get_name_cell(new); 452 453 if (hc) { 454 DMERR("Unable to change %s on mapped device %s to one that already exists: %s", 455 change_uuid ? "uuid" : "name", 456 param->name, new); 457 dm_put(hc->md); 458 up_write(&_hash_lock); 459 kfree(new_data); 460 return ERR_PTR(-EBUSY); 461 } 462 463 /* 464 * Is there such a device as 'old' ? 465 */ 466 hc = __get_name_cell(param->name); 467 if (!hc) { 468 DMERR("Unable to rename non-existent device, %s to %s%s", 469 param->name, change_uuid ? "uuid " : "", new); 470 up_write(&_hash_lock); 471 kfree(new_data); 472 return ERR_PTR(-ENXIO); 473 } 474 475 /* 476 * Does this device already have a uuid? 477 */ 478 if (change_uuid && hc->uuid) { 479 DMERR("Unable to change uuid of mapped device %s to %s " 480 "because uuid is already set to %s", 481 param->name, new, hc->uuid); 482 dm_put(hc->md); 483 up_write(&_hash_lock); 484 kfree(new_data); 485 return ERR_PTR(-EINVAL); 486 } 487 488 if (change_uuid) 489 __set_cell_uuid(hc, new_data); 490 else 491 old_name = __change_cell_name(hc, new_data); 492 493 /* 494 * Wake up any dm event waiters. 495 */ 496 table = dm_get_live_table(hc->md, &srcu_idx); 497 if (table) 498 dm_table_event(table); 499 dm_put_live_table(hc->md, srcu_idx); 500 501 if (!dm_kobject_uevent(hc->md, KOBJ_CHANGE, param->event_nr, false)) 502 param->flags |= DM_UEVENT_GENERATED_FLAG; 503 504 md = hc->md; 505 506 dm_ima_measure_on_device_rename(md); 507 508 up_write(&_hash_lock); 509 kfree(old_name); 510 511 return md; 512 } 513 514 void dm_deferred_remove(void) 515 { 516 dm_hash_remove_all(true, false, true); 517 } 518 519 /* 520 *--------------------------------------------------------------- 521 * Implementation of the ioctl commands 522 *--------------------------------------------------------------- 523 */ 524 /* 525 * All the ioctl commands get dispatched to functions with this 526 * prototype. 527 */ 528 typedef int (*ioctl_fn)(struct file *filp, struct dm_ioctl *param, size_t param_size); 529 530 static int remove_all(struct file *filp, struct dm_ioctl *param, size_t param_size) 531 { 532 dm_hash_remove_all(true, !!(param->flags & DM_DEFERRED_REMOVE), false); 533 param->data_size = 0; 534 return 0; 535 } 536 537 /* 538 * Round up the ptr to an 8-byte boundary. 539 */ 540 #define ALIGN_MASK 7 541 static inline size_t align_val(size_t val) 542 { 543 return (val + ALIGN_MASK) & ~ALIGN_MASK; 544 } 545 static inline void *align_ptr(void *ptr) 546 { 547 return (void *)align_val((size_t)ptr); 548 } 549 550 /* 551 * Retrieves the data payload buffer from an already allocated 552 * struct dm_ioctl. 553 */ 554 static void *get_result_buffer(struct dm_ioctl *param, size_t param_size, 555 size_t *len) 556 { 557 param->data_start = align_ptr(param + 1) - (void *) param; 558 559 if (param->data_start < param_size) 560 *len = param_size - param->data_start; 561 else 562 *len = 0; 563 564 return ((void *) param) + param->data_start; 565 } 566 567 static bool filter_device(struct hash_cell *hc, const char *pfx_name, const char *pfx_uuid) 568 { 569 const char *val; 570 size_t val_len, pfx_len; 571 572 val = hc->name; 573 val_len = strlen(val); 574 pfx_len = strnlen(pfx_name, DM_NAME_LEN); 575 if (pfx_len > val_len) 576 return false; 577 if (memcmp(val, pfx_name, pfx_len)) 578 return false; 579 580 val = hc->uuid ? hc->uuid : ""; 581 val_len = strlen(val); 582 pfx_len = strnlen(pfx_uuid, DM_UUID_LEN); 583 if (pfx_len > val_len) 584 return false; 585 if (memcmp(val, pfx_uuid, pfx_len)) 586 return false; 587 588 return true; 589 } 590 591 static int list_devices(struct file *filp, struct dm_ioctl *param, size_t param_size) 592 { 593 struct rb_node *n; 594 struct hash_cell *hc; 595 size_t len, needed = 0; 596 struct gendisk *disk; 597 struct dm_name_list *orig_nl, *nl, *old_nl = NULL; 598 uint32_t *event_nr; 599 600 down_write(&_hash_lock); 601 602 /* 603 * Loop through all the devices working out how much 604 * space we need. 605 */ 606 for (n = rb_first(&name_rb_tree); n; n = rb_next(n)) { 607 hc = container_of(n, struct hash_cell, name_node); 608 if (!filter_device(hc, param->name, param->uuid)) 609 continue; 610 needed += align_val(offsetof(struct dm_name_list, name) + strlen(hc->name) + 1); 611 needed += align_val(sizeof(uint32_t) * 2); 612 if (param->flags & DM_UUID_FLAG && hc->uuid) 613 needed += align_val(strlen(hc->uuid) + 1); 614 } 615 616 /* 617 * Grab our output buffer. 618 */ 619 nl = orig_nl = get_result_buffer(param, param_size, &len); 620 if (len < needed || len < sizeof(nl->dev)) { 621 param->flags |= DM_BUFFER_FULL_FLAG; 622 goto out; 623 } 624 param->data_size = param->data_start + needed; 625 626 nl->dev = 0; /* Flags no data */ 627 628 /* 629 * Now loop through filling out the names. 630 */ 631 for (n = rb_first(&name_rb_tree); n; n = rb_next(n)) { 632 void *uuid_ptr; 633 634 hc = container_of(n, struct hash_cell, name_node); 635 if (!filter_device(hc, param->name, param->uuid)) 636 continue; 637 if (old_nl) 638 old_nl->next = (uint32_t) ((void *) nl - 639 (void *) old_nl); 640 disk = dm_disk(hc->md); 641 nl->dev = huge_encode_dev(disk_devt(disk)); 642 nl->next = 0; 643 strcpy(nl->name, hc->name); 644 645 old_nl = nl; 646 event_nr = align_ptr(nl->name + strlen(hc->name) + 1); 647 event_nr[0] = dm_get_event_nr(hc->md); 648 event_nr[1] = 0; 649 uuid_ptr = align_ptr(event_nr + 2); 650 if (param->flags & DM_UUID_FLAG) { 651 if (hc->uuid) { 652 event_nr[1] |= DM_NAME_LIST_FLAG_HAS_UUID; 653 strcpy(uuid_ptr, hc->uuid); 654 uuid_ptr = align_ptr(uuid_ptr + strlen(hc->uuid) + 1); 655 } else { 656 event_nr[1] |= DM_NAME_LIST_FLAG_DOESNT_HAVE_UUID; 657 } 658 } 659 nl = uuid_ptr; 660 } 661 /* 662 * If mismatch happens, security may be compromised due to buffer 663 * overflow, so it's better to crash. 664 */ 665 BUG_ON((char *)nl - (char *)orig_nl != needed); 666 667 out: 668 up_write(&_hash_lock); 669 return 0; 670 } 671 672 static void list_version_get_needed(struct target_type *tt, void *needed_param) 673 { 674 size_t *needed = needed_param; 675 676 *needed += sizeof(struct dm_target_versions); 677 *needed += strlen(tt->name) + 1; 678 *needed += ALIGN_MASK; 679 } 680 681 static void list_version_get_info(struct target_type *tt, void *param) 682 { 683 struct vers_iter *info = param; 684 685 /* Check space - it might have changed since the first iteration */ 686 if ((char *)info->vers + sizeof(tt->version) + strlen(tt->name) + 1 > info->end) { 687 info->flags = DM_BUFFER_FULL_FLAG; 688 return; 689 } 690 691 if (info->old_vers) 692 info->old_vers->next = (uint32_t) ((void *)info->vers - (void *)info->old_vers); 693 694 info->vers->version[0] = tt->version[0]; 695 info->vers->version[1] = tt->version[1]; 696 info->vers->version[2] = tt->version[2]; 697 info->vers->next = 0; 698 strcpy(info->vers->name, tt->name); 699 700 info->old_vers = info->vers; 701 info->vers = align_ptr((void *)(info->vers + 1) + strlen(tt->name) + 1); 702 } 703 704 static int __list_versions(struct dm_ioctl *param, size_t param_size, const char *name) 705 { 706 size_t len, needed = 0; 707 struct dm_target_versions *vers; 708 struct vers_iter iter_info; 709 struct target_type *tt = NULL; 710 711 if (name) { 712 tt = dm_get_target_type(name); 713 if (!tt) 714 return -EINVAL; 715 } 716 717 /* 718 * Loop through all the devices working out how much 719 * space we need. 720 */ 721 if (!tt) 722 dm_target_iterate(list_version_get_needed, &needed); 723 else 724 list_version_get_needed(tt, &needed); 725 726 /* 727 * Grab our output buffer. 728 */ 729 vers = get_result_buffer(param, param_size, &len); 730 if (len < needed) { 731 param->flags |= DM_BUFFER_FULL_FLAG; 732 goto out; 733 } 734 param->data_size = param->data_start + needed; 735 736 iter_info.param_size = param_size; 737 iter_info.old_vers = NULL; 738 iter_info.vers = vers; 739 iter_info.flags = 0; 740 iter_info.end = (char *)vers + needed; 741 742 /* 743 * Now loop through filling out the names & versions. 744 */ 745 if (!tt) 746 dm_target_iterate(list_version_get_info, &iter_info); 747 else 748 list_version_get_info(tt, &iter_info); 749 param->flags |= iter_info.flags; 750 751 out: 752 if (tt) 753 dm_put_target_type(tt); 754 return 0; 755 } 756 757 static int list_versions(struct file *filp, struct dm_ioctl *param, size_t param_size) 758 { 759 return __list_versions(param, param_size, NULL); 760 } 761 762 static int get_target_version(struct file *filp, struct dm_ioctl *param, size_t param_size) 763 { 764 return __list_versions(param, param_size, param->name); 765 } 766 767 static int check_name(const char *name) 768 { 769 if (strchr(name, '/')) { 770 DMERR("invalid device name"); 771 return -EINVAL; 772 } 773 774 return 0; 775 } 776 777 /* 778 * On successful return, the caller must not attempt to acquire 779 * _hash_lock without first calling dm_put_live_table, because dm_table_destroy 780 * waits for this dm_put_live_table and could be called under this lock. 781 */ 782 static struct dm_table *dm_get_inactive_table(struct mapped_device *md, int *srcu_idx) 783 { 784 struct hash_cell *hc; 785 struct dm_table *table = NULL; 786 787 /* increment rcu count, we don't care about the table pointer */ 788 dm_get_live_table(md, srcu_idx); 789 790 down_read(&_hash_lock); 791 hc = dm_get_mdptr(md); 792 if (!hc) { 793 DMERR("device has been removed from the dev hash table."); 794 goto out; 795 } 796 797 table = hc->new_map; 798 799 out: 800 up_read(&_hash_lock); 801 802 return table; 803 } 804 805 static struct dm_table *dm_get_live_or_inactive_table(struct mapped_device *md, 806 struct dm_ioctl *param, 807 int *srcu_idx) 808 { 809 return (param->flags & DM_QUERY_INACTIVE_TABLE_FLAG) ? 810 dm_get_inactive_table(md, srcu_idx) : dm_get_live_table(md, srcu_idx); 811 } 812 813 /* 814 * Fills in a dm_ioctl structure, ready for sending back to 815 * userland. 816 */ 817 static void __dev_status(struct mapped_device *md, struct dm_ioctl *param) 818 { 819 struct gendisk *disk = dm_disk(md); 820 struct dm_table *table; 821 int srcu_idx; 822 823 param->flags &= ~(DM_SUSPEND_FLAG | DM_READONLY_FLAG | 824 DM_ACTIVE_PRESENT_FLAG | DM_INTERNAL_SUSPEND_FLAG); 825 826 if (dm_suspended_md(md)) 827 param->flags |= DM_SUSPEND_FLAG; 828 829 if (dm_suspended_internally_md(md)) 830 param->flags |= DM_INTERNAL_SUSPEND_FLAG; 831 832 if (dm_test_deferred_remove_flag(md)) 833 param->flags |= DM_DEFERRED_REMOVE; 834 835 param->dev = huge_encode_dev(disk_devt(disk)); 836 837 /* 838 * Yes, this will be out of date by the time it gets back 839 * to userland, but it is still very useful for 840 * debugging. 841 */ 842 param->open_count = dm_open_count(md); 843 844 param->event_nr = dm_get_event_nr(md); 845 param->target_count = 0; 846 847 table = dm_get_live_table(md, &srcu_idx); 848 if (table) { 849 if (!(param->flags & DM_QUERY_INACTIVE_TABLE_FLAG)) { 850 if (get_disk_ro(disk)) 851 param->flags |= DM_READONLY_FLAG; 852 param->target_count = table->num_targets; 853 } 854 855 param->flags |= DM_ACTIVE_PRESENT_FLAG; 856 } 857 dm_put_live_table(md, srcu_idx); 858 859 if (param->flags & DM_QUERY_INACTIVE_TABLE_FLAG) { 860 int srcu_idx; 861 862 table = dm_get_inactive_table(md, &srcu_idx); 863 if (table) { 864 if (!(dm_table_get_mode(table) & FMODE_WRITE)) 865 param->flags |= DM_READONLY_FLAG; 866 param->target_count = table->num_targets; 867 } 868 dm_put_live_table(md, srcu_idx); 869 } 870 } 871 872 static int dev_create(struct file *filp, struct dm_ioctl *param, size_t param_size) 873 { 874 int r, m = DM_ANY_MINOR; 875 struct mapped_device *md; 876 877 r = check_name(param->name); 878 if (r) 879 return r; 880 881 if (param->flags & DM_PERSISTENT_DEV_FLAG) 882 m = MINOR(huge_decode_dev(param->dev)); 883 884 r = dm_create(m, &md); 885 if (r) 886 return r; 887 888 r = dm_hash_insert(param->name, *param->uuid ? param->uuid : NULL, md); 889 if (r) { 890 dm_put(md); 891 dm_destroy(md); 892 return r; 893 } 894 895 param->flags &= ~DM_INACTIVE_PRESENT_FLAG; 896 897 __dev_status(md, param); 898 899 dm_put(md); 900 901 return 0; 902 } 903 904 /* 905 * Always use UUID for lookups if it's present, otherwise use name or dev. 906 */ 907 static struct hash_cell *__find_device_hash_cell(struct dm_ioctl *param) 908 { 909 struct hash_cell *hc = NULL; 910 911 if (*param->uuid) { 912 if (*param->name || param->dev) { 913 DMERR("Invalid ioctl structure: uuid %s, name %s, dev %llx", 914 param->uuid, param->name, (unsigned long long)param->dev); 915 return NULL; 916 } 917 918 hc = __get_uuid_cell(param->uuid); 919 if (!hc) 920 return NULL; 921 } else if (*param->name) { 922 if (param->dev) { 923 DMERR("Invalid ioctl structure: name %s, dev %llx", 924 param->name, (unsigned long long)param->dev); 925 return NULL; 926 } 927 928 hc = __get_name_cell(param->name); 929 if (!hc) 930 return NULL; 931 } else if (param->dev) { 932 hc = __get_dev_cell(param->dev); 933 if (!hc) 934 return NULL; 935 } else 936 return NULL; 937 938 /* 939 * Sneakily write in both the name and the uuid 940 * while we have the cell. 941 */ 942 strscpy(param->name, hc->name, sizeof(param->name)); 943 if (hc->uuid) 944 strscpy(param->uuid, hc->uuid, sizeof(param->uuid)); 945 else 946 param->uuid[0] = '\0'; 947 948 if (hc->new_map) 949 param->flags |= DM_INACTIVE_PRESENT_FLAG; 950 else 951 param->flags &= ~DM_INACTIVE_PRESENT_FLAG; 952 953 return hc; 954 } 955 956 static struct mapped_device *find_device(struct dm_ioctl *param) 957 { 958 struct hash_cell *hc; 959 struct mapped_device *md = NULL; 960 961 down_read(&_hash_lock); 962 hc = __find_device_hash_cell(param); 963 if (hc) 964 md = hc->md; 965 up_read(&_hash_lock); 966 967 return md; 968 } 969 970 static int dev_remove(struct file *filp, struct dm_ioctl *param, size_t param_size) 971 { 972 struct hash_cell *hc; 973 struct mapped_device *md; 974 int r; 975 struct dm_table *t; 976 977 down_write(&_hash_lock); 978 hc = __find_device_hash_cell(param); 979 980 if (!hc) { 981 DMDEBUG_LIMIT("device doesn't appear to be in the dev hash table."); 982 up_write(&_hash_lock); 983 return -ENXIO; 984 } 985 986 md = hc->md; 987 988 /* 989 * Ensure the device is not open and nothing further can open it. 990 */ 991 r = dm_lock_for_deletion(md, !!(param->flags & DM_DEFERRED_REMOVE), false); 992 if (r) { 993 if (r == -EBUSY && param->flags & DM_DEFERRED_REMOVE) { 994 up_write(&_hash_lock); 995 dm_put(md); 996 return 0; 997 } 998 DMDEBUG_LIMIT("unable to remove open device %s", hc->name); 999 up_write(&_hash_lock); 1000 dm_put(md); 1001 return r; 1002 } 1003 1004 t = __hash_remove(hc); 1005 up_write(&_hash_lock); 1006 1007 if (t) { 1008 dm_sync_table(md); 1009 dm_table_destroy(t); 1010 } 1011 1012 param->flags &= ~DM_DEFERRED_REMOVE; 1013 1014 dm_ima_measure_on_device_remove(md, false); 1015 1016 if (!dm_kobject_uevent(md, KOBJ_REMOVE, param->event_nr, false)) 1017 param->flags |= DM_UEVENT_GENERATED_FLAG; 1018 1019 dm_put(md); 1020 dm_destroy(md); 1021 return 0; 1022 } 1023 1024 /* 1025 * Check a string doesn't overrun the chunk of 1026 * memory we copied from userland. 1027 */ 1028 static int invalid_str(char *str, void *end) 1029 { 1030 while ((void *) str < end) 1031 if (!*str++) 1032 return 0; 1033 1034 return -EINVAL; 1035 } 1036 1037 static int dev_rename(struct file *filp, struct dm_ioctl *param, size_t param_size) 1038 { 1039 int r; 1040 char *new_data = (char *) param + param->data_start; 1041 struct mapped_device *md; 1042 unsigned int change_uuid = (param->flags & DM_UUID_FLAG) ? 1 : 0; 1043 1044 if (new_data < param->data || 1045 invalid_str(new_data, (void *) param + param_size) || !*new_data || 1046 strlen(new_data) > (change_uuid ? DM_UUID_LEN - 1 : DM_NAME_LEN - 1)) { 1047 DMERR("Invalid new mapped device name or uuid string supplied."); 1048 return -EINVAL; 1049 } 1050 1051 if (!change_uuid) { 1052 r = check_name(new_data); 1053 if (r) 1054 return r; 1055 } 1056 1057 md = dm_hash_rename(param, new_data); 1058 if (IS_ERR(md)) 1059 return PTR_ERR(md); 1060 1061 __dev_status(md, param); 1062 dm_put(md); 1063 1064 return 0; 1065 } 1066 1067 static int dev_set_geometry(struct file *filp, struct dm_ioctl *param, size_t param_size) 1068 { 1069 int r = -EINVAL, x; 1070 struct mapped_device *md; 1071 struct hd_geometry geometry; 1072 unsigned long indata[4]; 1073 char *geostr = (char *) param + param->data_start; 1074 char dummy; 1075 1076 md = find_device(param); 1077 if (!md) 1078 return -ENXIO; 1079 1080 if (geostr < param->data || 1081 invalid_str(geostr, (void *) param + param_size)) { 1082 DMERR("Invalid geometry supplied."); 1083 goto out; 1084 } 1085 1086 x = sscanf(geostr, "%lu %lu %lu %lu%c", indata, 1087 indata + 1, indata + 2, indata + 3, &dummy); 1088 1089 if (x != 4) { 1090 DMERR("Unable to interpret geometry settings."); 1091 goto out; 1092 } 1093 1094 if (indata[0] > 65535 || indata[1] > 255 || indata[2] > 255) { 1095 DMERR("Geometry exceeds range limits."); 1096 goto out; 1097 } 1098 1099 geometry.cylinders = indata[0]; 1100 geometry.heads = indata[1]; 1101 geometry.sectors = indata[2]; 1102 geometry.start = indata[3]; 1103 1104 r = dm_set_geometry(md, &geometry); 1105 1106 param->data_size = 0; 1107 1108 out: 1109 dm_put(md); 1110 return r; 1111 } 1112 1113 static int do_suspend(struct dm_ioctl *param) 1114 { 1115 int r = 0; 1116 unsigned int suspend_flags = DM_SUSPEND_LOCKFS_FLAG; 1117 struct mapped_device *md; 1118 1119 md = find_device(param); 1120 if (!md) 1121 return -ENXIO; 1122 1123 if (param->flags & DM_SKIP_LOCKFS_FLAG) 1124 suspend_flags &= ~DM_SUSPEND_LOCKFS_FLAG; 1125 if (param->flags & DM_NOFLUSH_FLAG) 1126 suspend_flags |= DM_SUSPEND_NOFLUSH_FLAG; 1127 1128 if (!dm_suspended_md(md)) { 1129 r = dm_suspend(md, suspend_flags); 1130 if (r) 1131 goto out; 1132 } 1133 1134 __dev_status(md, param); 1135 1136 out: 1137 dm_put(md); 1138 1139 return r; 1140 } 1141 1142 static int do_resume(struct dm_ioctl *param) 1143 { 1144 int r = 0; 1145 unsigned int suspend_flags = DM_SUSPEND_LOCKFS_FLAG; 1146 struct hash_cell *hc; 1147 struct mapped_device *md; 1148 struct dm_table *new_map, *old_map = NULL; 1149 bool need_resize_uevent = false; 1150 1151 down_write(&_hash_lock); 1152 1153 hc = __find_device_hash_cell(param); 1154 if (!hc) { 1155 DMDEBUG_LIMIT("device doesn't appear to be in the dev hash table."); 1156 up_write(&_hash_lock); 1157 return -ENXIO; 1158 } 1159 1160 md = hc->md; 1161 1162 new_map = hc->new_map; 1163 hc->new_map = NULL; 1164 param->flags &= ~DM_INACTIVE_PRESENT_FLAG; 1165 1166 up_write(&_hash_lock); 1167 1168 /* Do we need to load a new map ? */ 1169 if (new_map) { 1170 sector_t old_size, new_size; 1171 int srcu_idx; 1172 1173 /* Suspend if it isn't already suspended */ 1174 old_map = dm_get_live_table(md, &srcu_idx); 1175 if ((param->flags & DM_SKIP_LOCKFS_FLAG) || !old_map) 1176 suspend_flags &= ~DM_SUSPEND_LOCKFS_FLAG; 1177 dm_put_live_table(md, srcu_idx); 1178 if (param->flags & DM_NOFLUSH_FLAG) 1179 suspend_flags |= DM_SUSPEND_NOFLUSH_FLAG; 1180 if (!dm_suspended_md(md)) 1181 dm_suspend(md, suspend_flags); 1182 1183 old_size = dm_get_size(md); 1184 old_map = dm_swap_table(md, new_map); 1185 if (IS_ERR(old_map)) { 1186 dm_sync_table(md); 1187 dm_table_destroy(new_map); 1188 dm_put(md); 1189 return PTR_ERR(old_map); 1190 } 1191 new_size = dm_get_size(md); 1192 if (old_size && new_size && old_size != new_size) 1193 need_resize_uevent = true; 1194 1195 if (dm_table_get_mode(new_map) & FMODE_WRITE) 1196 set_disk_ro(dm_disk(md), 0); 1197 else 1198 set_disk_ro(dm_disk(md), 1); 1199 } 1200 1201 if (dm_suspended_md(md)) { 1202 r = dm_resume(md); 1203 if (!r) { 1204 dm_ima_measure_on_device_resume(md, new_map ? true : false); 1205 1206 if (!dm_kobject_uevent(md, KOBJ_CHANGE, param->event_nr, need_resize_uevent)) 1207 param->flags |= DM_UEVENT_GENERATED_FLAG; 1208 } 1209 } 1210 1211 /* 1212 * Since dm_swap_table synchronizes RCU, nobody should be in 1213 * read-side critical section already. 1214 */ 1215 if (old_map) 1216 dm_table_destroy(old_map); 1217 1218 if (!r) 1219 __dev_status(md, param); 1220 1221 dm_put(md); 1222 return r; 1223 } 1224 1225 /* 1226 * Set or unset the suspension state of a device. 1227 * If the device already is in the requested state we just return its status. 1228 */ 1229 static int dev_suspend(struct file *filp, struct dm_ioctl *param, size_t param_size) 1230 { 1231 if (param->flags & DM_SUSPEND_FLAG) 1232 return do_suspend(param); 1233 1234 return do_resume(param); 1235 } 1236 1237 /* 1238 * Copies device info back to user space, used by 1239 * the create and info ioctls. 1240 */ 1241 static int dev_status(struct file *filp, struct dm_ioctl *param, size_t param_size) 1242 { 1243 struct mapped_device *md; 1244 1245 md = find_device(param); 1246 if (!md) 1247 return -ENXIO; 1248 1249 __dev_status(md, param); 1250 dm_put(md); 1251 1252 return 0; 1253 } 1254 1255 /* 1256 * Build up the status struct for each target 1257 */ 1258 static void retrieve_status(struct dm_table *table, 1259 struct dm_ioctl *param, size_t param_size) 1260 { 1261 unsigned int i, num_targets; 1262 struct dm_target_spec *spec; 1263 char *outbuf, *outptr; 1264 status_type_t type; 1265 size_t remaining, len, used = 0; 1266 unsigned int status_flags = 0; 1267 1268 outptr = outbuf = get_result_buffer(param, param_size, &len); 1269 1270 if (param->flags & DM_STATUS_TABLE_FLAG) 1271 type = STATUSTYPE_TABLE; 1272 else if (param->flags & DM_IMA_MEASUREMENT_FLAG) 1273 type = STATUSTYPE_IMA; 1274 else 1275 type = STATUSTYPE_INFO; 1276 1277 /* Get all the target info */ 1278 num_targets = table->num_targets; 1279 for (i = 0; i < num_targets; i++) { 1280 struct dm_target *ti = dm_table_get_target(table, i); 1281 size_t l; 1282 1283 remaining = len - (outptr - outbuf); 1284 if (remaining <= sizeof(struct dm_target_spec)) { 1285 param->flags |= DM_BUFFER_FULL_FLAG; 1286 break; 1287 } 1288 1289 spec = (struct dm_target_spec *) outptr; 1290 1291 spec->status = 0; 1292 spec->sector_start = ti->begin; 1293 spec->length = ti->len; 1294 strncpy(spec->target_type, ti->type->name, 1295 sizeof(spec->target_type) - 1); 1296 1297 outptr += sizeof(struct dm_target_spec); 1298 remaining = len - (outptr - outbuf); 1299 if (remaining <= 0) { 1300 param->flags |= DM_BUFFER_FULL_FLAG; 1301 break; 1302 } 1303 1304 /* Get the status/table string from the target driver */ 1305 if (ti->type->status) { 1306 if (param->flags & DM_NOFLUSH_FLAG) 1307 status_flags |= DM_STATUS_NOFLUSH_FLAG; 1308 ti->type->status(ti, type, status_flags, outptr, remaining); 1309 } else 1310 outptr[0] = '\0'; 1311 1312 l = strlen(outptr) + 1; 1313 if (l == remaining) { 1314 param->flags |= DM_BUFFER_FULL_FLAG; 1315 break; 1316 } 1317 1318 outptr += l; 1319 used = param->data_start + (outptr - outbuf); 1320 1321 outptr = align_ptr(outptr); 1322 spec->next = outptr - outbuf; 1323 } 1324 1325 if (used) 1326 param->data_size = used; 1327 1328 param->target_count = num_targets; 1329 } 1330 1331 /* 1332 * Wait for a device to report an event 1333 */ 1334 static int dev_wait(struct file *filp, struct dm_ioctl *param, size_t param_size) 1335 { 1336 int r = 0; 1337 struct mapped_device *md; 1338 struct dm_table *table; 1339 int srcu_idx; 1340 1341 md = find_device(param); 1342 if (!md) 1343 return -ENXIO; 1344 1345 /* 1346 * Wait for a notification event 1347 */ 1348 if (dm_wait_event(md, param->event_nr)) { 1349 r = -ERESTARTSYS; 1350 goto out; 1351 } 1352 1353 /* 1354 * The userland program is going to want to know what 1355 * changed to trigger the event, so we may as well tell 1356 * him and save an ioctl. 1357 */ 1358 __dev_status(md, param); 1359 1360 table = dm_get_live_or_inactive_table(md, param, &srcu_idx); 1361 if (table) 1362 retrieve_status(table, param, param_size); 1363 dm_put_live_table(md, srcu_idx); 1364 1365 out: 1366 dm_put(md); 1367 1368 return r; 1369 } 1370 1371 /* 1372 * Remember the global event number and make it possible to poll 1373 * for further events. 1374 */ 1375 static int dev_arm_poll(struct file *filp, struct dm_ioctl *param, size_t param_size) 1376 { 1377 struct dm_file *priv = filp->private_data; 1378 1379 priv->global_event_nr = atomic_read(&dm_global_event_nr); 1380 1381 return 0; 1382 } 1383 1384 static inline fmode_t get_mode(struct dm_ioctl *param) 1385 { 1386 fmode_t mode = FMODE_READ | FMODE_WRITE; 1387 1388 if (param->flags & DM_READONLY_FLAG) 1389 mode = FMODE_READ; 1390 1391 return mode; 1392 } 1393 1394 static int next_target(struct dm_target_spec *last, uint32_t next, void *end, 1395 struct dm_target_spec **spec, char **target_params) 1396 { 1397 *spec = (struct dm_target_spec *) ((unsigned char *) last + next); 1398 *target_params = (char *) (*spec + 1); 1399 1400 if (*spec < (last + 1)) 1401 return -EINVAL; 1402 1403 return invalid_str(*target_params, end); 1404 } 1405 1406 static int populate_table(struct dm_table *table, 1407 struct dm_ioctl *param, size_t param_size) 1408 { 1409 int r; 1410 unsigned int i = 0; 1411 struct dm_target_spec *spec = (struct dm_target_spec *) param; 1412 uint32_t next = param->data_start; 1413 void *end = (void *) param + param_size; 1414 char *target_params; 1415 1416 if (!param->target_count) { 1417 DMERR("%s: no targets specified", __func__); 1418 return -EINVAL; 1419 } 1420 1421 for (i = 0; i < param->target_count; i++) { 1422 1423 r = next_target(spec, next, end, &spec, &target_params); 1424 if (r) { 1425 DMERR("unable to find target"); 1426 return r; 1427 } 1428 1429 r = dm_table_add_target(table, spec->target_type, 1430 (sector_t) spec->sector_start, 1431 (sector_t) spec->length, 1432 target_params); 1433 if (r) { 1434 DMERR("error adding target to table"); 1435 return r; 1436 } 1437 1438 next = spec->next; 1439 } 1440 1441 return dm_table_complete(table); 1442 } 1443 1444 static bool is_valid_type(enum dm_queue_mode cur, enum dm_queue_mode new) 1445 { 1446 if (cur == new || 1447 (cur == DM_TYPE_BIO_BASED && new == DM_TYPE_DAX_BIO_BASED)) 1448 return true; 1449 1450 return false; 1451 } 1452 1453 static int table_load(struct file *filp, struct dm_ioctl *param, size_t param_size) 1454 { 1455 int r; 1456 struct hash_cell *hc; 1457 struct dm_table *t, *old_map = NULL; 1458 struct mapped_device *md; 1459 struct target_type *immutable_target_type; 1460 1461 md = find_device(param); 1462 if (!md) 1463 return -ENXIO; 1464 1465 r = dm_table_create(&t, get_mode(param), param->target_count, md); 1466 if (r) 1467 goto err; 1468 1469 /* Protect md->type and md->queue against concurrent table loads. */ 1470 dm_lock_md_type(md); 1471 r = populate_table(t, param, param_size); 1472 if (r) 1473 goto err_unlock_md_type; 1474 1475 dm_ima_measure_on_table_load(t, STATUSTYPE_IMA); 1476 1477 immutable_target_type = dm_get_immutable_target_type(md); 1478 if (immutable_target_type && 1479 (immutable_target_type != dm_table_get_immutable_target_type(t)) && 1480 !dm_table_get_wildcard_target(t)) { 1481 DMERR("can't replace immutable target type %s", 1482 immutable_target_type->name); 1483 r = -EINVAL; 1484 goto err_unlock_md_type; 1485 } 1486 1487 if (dm_get_md_type(md) == DM_TYPE_NONE) { 1488 /* setup md->queue to reflect md's type (may block) */ 1489 r = dm_setup_md_queue(md, t); 1490 if (r) { 1491 DMERR("unable to set up device queue for new table."); 1492 goto err_unlock_md_type; 1493 } 1494 } else if (!is_valid_type(dm_get_md_type(md), dm_table_get_type(t))) { 1495 DMERR("can't change device type (old=%u vs new=%u) after initial table load.", 1496 dm_get_md_type(md), dm_table_get_type(t)); 1497 r = -EINVAL; 1498 goto err_unlock_md_type; 1499 } 1500 1501 dm_unlock_md_type(md); 1502 1503 /* stage inactive table */ 1504 down_write(&_hash_lock); 1505 hc = dm_get_mdptr(md); 1506 if (!hc) { 1507 DMERR("device has been removed from the dev hash table."); 1508 up_write(&_hash_lock); 1509 r = -ENXIO; 1510 goto err_destroy_table; 1511 } 1512 1513 if (hc->new_map) 1514 old_map = hc->new_map; 1515 hc->new_map = t; 1516 up_write(&_hash_lock); 1517 1518 param->flags |= DM_INACTIVE_PRESENT_FLAG; 1519 __dev_status(md, param); 1520 1521 if (old_map) { 1522 dm_sync_table(md); 1523 dm_table_destroy(old_map); 1524 } 1525 1526 dm_put(md); 1527 1528 return 0; 1529 1530 err_unlock_md_type: 1531 dm_unlock_md_type(md); 1532 err_destroy_table: 1533 dm_table_destroy(t); 1534 err: 1535 dm_put(md); 1536 1537 return r; 1538 } 1539 1540 static int table_clear(struct file *filp, struct dm_ioctl *param, size_t param_size) 1541 { 1542 struct hash_cell *hc; 1543 struct mapped_device *md; 1544 struct dm_table *old_map = NULL; 1545 bool has_new_map = false; 1546 1547 down_write(&_hash_lock); 1548 1549 hc = __find_device_hash_cell(param); 1550 if (!hc) { 1551 DMDEBUG_LIMIT("device doesn't appear to be in the dev hash table."); 1552 up_write(&_hash_lock); 1553 return -ENXIO; 1554 } 1555 1556 if (hc->new_map) { 1557 old_map = hc->new_map; 1558 hc->new_map = NULL; 1559 has_new_map = true; 1560 } 1561 1562 md = hc->md; 1563 up_write(&_hash_lock); 1564 1565 param->flags &= ~DM_INACTIVE_PRESENT_FLAG; 1566 __dev_status(md, param); 1567 1568 if (old_map) { 1569 dm_sync_table(md); 1570 dm_table_destroy(old_map); 1571 } 1572 dm_ima_measure_on_table_clear(md, has_new_map); 1573 dm_put(md); 1574 1575 return 0; 1576 } 1577 1578 /* 1579 * Retrieves a list of devices used by a particular dm device. 1580 */ 1581 static void retrieve_deps(struct dm_table *table, 1582 struct dm_ioctl *param, size_t param_size) 1583 { 1584 unsigned int count = 0; 1585 struct list_head *tmp; 1586 size_t len, needed; 1587 struct dm_dev_internal *dd; 1588 struct dm_target_deps *deps; 1589 1590 deps = get_result_buffer(param, param_size, &len); 1591 1592 /* 1593 * Count the devices. 1594 */ 1595 list_for_each(tmp, dm_table_get_devices(table)) 1596 count++; 1597 1598 /* 1599 * Check we have enough space. 1600 */ 1601 needed = struct_size(deps, dev, count); 1602 if (len < needed) { 1603 param->flags |= DM_BUFFER_FULL_FLAG; 1604 return; 1605 } 1606 1607 /* 1608 * Fill in the devices. 1609 */ 1610 deps->count = count; 1611 count = 0; 1612 list_for_each_entry(dd, dm_table_get_devices(table), list) 1613 deps->dev[count++] = huge_encode_dev(dd->dm_dev->bdev->bd_dev); 1614 1615 param->data_size = param->data_start + needed; 1616 } 1617 1618 static int table_deps(struct file *filp, struct dm_ioctl *param, size_t param_size) 1619 { 1620 struct mapped_device *md; 1621 struct dm_table *table; 1622 int srcu_idx; 1623 1624 md = find_device(param); 1625 if (!md) 1626 return -ENXIO; 1627 1628 __dev_status(md, param); 1629 1630 table = dm_get_live_or_inactive_table(md, param, &srcu_idx); 1631 if (table) 1632 retrieve_deps(table, param, param_size); 1633 dm_put_live_table(md, srcu_idx); 1634 1635 dm_put(md); 1636 1637 return 0; 1638 } 1639 1640 /* 1641 * Return the status of a device as a text string for each 1642 * target. 1643 */ 1644 static int table_status(struct file *filp, struct dm_ioctl *param, size_t param_size) 1645 { 1646 struct mapped_device *md; 1647 struct dm_table *table; 1648 int srcu_idx; 1649 1650 md = find_device(param); 1651 if (!md) 1652 return -ENXIO; 1653 1654 __dev_status(md, param); 1655 1656 table = dm_get_live_or_inactive_table(md, param, &srcu_idx); 1657 if (table) 1658 retrieve_status(table, param, param_size); 1659 dm_put_live_table(md, srcu_idx); 1660 1661 dm_put(md); 1662 1663 return 0; 1664 } 1665 1666 /* 1667 * Process device-mapper dependent messages. Messages prefixed with '@' 1668 * are processed by the DM core. All others are delivered to the target. 1669 * Returns a number <= 1 if message was processed by device mapper. 1670 * Returns 2 if message should be delivered to the target. 1671 */ 1672 static int message_for_md(struct mapped_device *md, unsigned int argc, char **argv, 1673 char *result, unsigned int maxlen) 1674 { 1675 int r; 1676 1677 if (**argv != '@') 1678 return 2; /* no '@' prefix, deliver to target */ 1679 1680 if (!strcasecmp(argv[0], "@cancel_deferred_remove")) { 1681 if (argc != 1) { 1682 DMERR("Invalid arguments for @cancel_deferred_remove"); 1683 return -EINVAL; 1684 } 1685 return dm_cancel_deferred_remove(md); 1686 } 1687 1688 r = dm_stats_message(md, argc, argv, result, maxlen); 1689 if (r < 2) 1690 return r; 1691 1692 DMERR("Unsupported message sent to DM core: %s", argv[0]); 1693 return -EINVAL; 1694 } 1695 1696 /* 1697 * Pass a message to the target that's at the supplied device offset. 1698 */ 1699 static int target_message(struct file *filp, struct dm_ioctl *param, size_t param_size) 1700 { 1701 int r, argc; 1702 char **argv; 1703 struct mapped_device *md; 1704 struct dm_table *table; 1705 struct dm_target *ti; 1706 struct dm_target_msg *tmsg = (void *) param + param->data_start; 1707 size_t maxlen; 1708 char *result = get_result_buffer(param, param_size, &maxlen); 1709 int srcu_idx; 1710 1711 md = find_device(param); 1712 if (!md) 1713 return -ENXIO; 1714 1715 if (tmsg < (struct dm_target_msg *) param->data || 1716 invalid_str(tmsg->message, (void *) param + param_size)) { 1717 DMERR("Invalid target message parameters."); 1718 r = -EINVAL; 1719 goto out; 1720 } 1721 1722 r = dm_split_args(&argc, &argv, tmsg->message); 1723 if (r) { 1724 DMERR("Failed to split target message parameters"); 1725 goto out; 1726 } 1727 1728 if (!argc) { 1729 DMERR("Empty message received."); 1730 r = -EINVAL; 1731 goto out_argv; 1732 } 1733 1734 r = message_for_md(md, argc, argv, result, maxlen); 1735 if (r <= 1) 1736 goto out_argv; 1737 1738 table = dm_get_live_table(md, &srcu_idx); 1739 if (!table) 1740 goto out_table; 1741 1742 if (dm_deleting_md(md)) { 1743 r = -ENXIO; 1744 goto out_table; 1745 } 1746 1747 ti = dm_table_find_target(table, tmsg->sector); 1748 if (!ti) { 1749 DMERR("Target message sector outside device."); 1750 r = -EINVAL; 1751 } else if (ti->type->message) 1752 r = ti->type->message(ti, argc, argv, result, maxlen); 1753 else { 1754 DMERR("Target type does not support messages"); 1755 r = -EINVAL; 1756 } 1757 1758 out_table: 1759 dm_put_live_table(md, srcu_idx); 1760 out_argv: 1761 kfree(argv); 1762 out: 1763 if (r >= 0) 1764 __dev_status(md, param); 1765 1766 if (r == 1) { 1767 param->flags |= DM_DATA_OUT_FLAG; 1768 if (dm_message_test_buffer_overflow(result, maxlen)) 1769 param->flags |= DM_BUFFER_FULL_FLAG; 1770 else 1771 param->data_size = param->data_start + strlen(result) + 1; 1772 r = 0; 1773 } 1774 1775 dm_put(md); 1776 return r; 1777 } 1778 1779 /* 1780 * The ioctl parameter block consists of two parts, a dm_ioctl struct 1781 * followed by a data buffer. This flag is set if the second part, 1782 * which has a variable size, is not used by the function processing 1783 * the ioctl. 1784 */ 1785 #define IOCTL_FLAGS_NO_PARAMS 1 1786 #define IOCTL_FLAGS_ISSUE_GLOBAL_EVENT 2 1787 1788 /* 1789 *--------------------------------------------------------------- 1790 * Implementation of open/close/ioctl on the special char device. 1791 *--------------------------------------------------------------- 1792 */ 1793 static ioctl_fn lookup_ioctl(unsigned int cmd, int *ioctl_flags) 1794 { 1795 static const struct { 1796 int cmd; 1797 int flags; 1798 ioctl_fn fn; 1799 } _ioctls[] = { 1800 {DM_VERSION_CMD, 0, NULL}, /* version is dealt with elsewhere */ 1801 {DM_REMOVE_ALL_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, remove_all}, 1802 {DM_LIST_DEVICES_CMD, 0, list_devices}, 1803 1804 {DM_DEV_CREATE_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_create}, 1805 {DM_DEV_REMOVE_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_remove}, 1806 {DM_DEV_RENAME_CMD, IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_rename}, 1807 {DM_DEV_SUSPEND_CMD, IOCTL_FLAGS_NO_PARAMS, dev_suspend}, 1808 {DM_DEV_STATUS_CMD, IOCTL_FLAGS_NO_PARAMS, dev_status}, 1809 {DM_DEV_WAIT_CMD, 0, dev_wait}, 1810 1811 {DM_TABLE_LOAD_CMD, 0, table_load}, 1812 {DM_TABLE_CLEAR_CMD, IOCTL_FLAGS_NO_PARAMS, table_clear}, 1813 {DM_TABLE_DEPS_CMD, 0, table_deps}, 1814 {DM_TABLE_STATUS_CMD, 0, table_status}, 1815 1816 {DM_LIST_VERSIONS_CMD, 0, list_versions}, 1817 1818 {DM_TARGET_MSG_CMD, 0, target_message}, 1819 {DM_DEV_SET_GEOMETRY_CMD, 0, dev_set_geometry}, 1820 {DM_DEV_ARM_POLL_CMD, IOCTL_FLAGS_NO_PARAMS, dev_arm_poll}, 1821 {DM_GET_TARGET_VERSION_CMD, 0, get_target_version}, 1822 }; 1823 1824 if (unlikely(cmd >= ARRAY_SIZE(_ioctls))) 1825 return NULL; 1826 1827 cmd = array_index_nospec(cmd, ARRAY_SIZE(_ioctls)); 1828 *ioctl_flags = _ioctls[cmd].flags; 1829 return _ioctls[cmd].fn; 1830 } 1831 1832 /* 1833 * As well as checking the version compatibility this always 1834 * copies the kernel interface version out. 1835 */ 1836 static int check_version(unsigned int cmd, struct dm_ioctl __user *user) 1837 { 1838 uint32_t version[3]; 1839 int r = 0; 1840 1841 if (copy_from_user(version, user->version, sizeof(version))) 1842 return -EFAULT; 1843 1844 if ((version[0] != DM_VERSION_MAJOR) || 1845 (version[1] > DM_VERSION_MINOR)) { 1846 DMERR("ioctl interface mismatch: kernel(%u.%u.%u), user(%u.%u.%u), cmd(%d)", 1847 DM_VERSION_MAJOR, DM_VERSION_MINOR, 1848 DM_VERSION_PATCHLEVEL, 1849 version[0], version[1], version[2], cmd); 1850 r = -EINVAL; 1851 } 1852 1853 /* 1854 * Fill in the kernel version. 1855 */ 1856 version[0] = DM_VERSION_MAJOR; 1857 version[1] = DM_VERSION_MINOR; 1858 version[2] = DM_VERSION_PATCHLEVEL; 1859 if (copy_to_user(user->version, version, sizeof(version))) 1860 return -EFAULT; 1861 1862 return r; 1863 } 1864 1865 #define DM_PARAMS_MALLOC 0x0001 /* Params allocated with kvmalloc() */ 1866 #define DM_WIPE_BUFFER 0x0010 /* Wipe input buffer before returning from ioctl */ 1867 1868 static void free_params(struct dm_ioctl *param, size_t param_size, int param_flags) 1869 { 1870 if (param_flags & DM_WIPE_BUFFER) 1871 memset(param, 0, param_size); 1872 1873 if (param_flags & DM_PARAMS_MALLOC) 1874 kvfree(param); 1875 } 1876 1877 static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kernel, 1878 int ioctl_flags, struct dm_ioctl **param, int *param_flags) 1879 { 1880 struct dm_ioctl *dmi; 1881 int secure_data; 1882 const size_t minimum_data_size = offsetof(struct dm_ioctl, data); 1883 unsigned int noio_flag; 1884 1885 if (copy_from_user(param_kernel, user, minimum_data_size)) 1886 return -EFAULT; 1887 1888 if (param_kernel->data_size < minimum_data_size) { 1889 DMERR("Invalid data size in the ioctl structure: %u", 1890 param_kernel->data_size); 1891 return -EINVAL; 1892 } 1893 1894 secure_data = param_kernel->flags & DM_SECURE_DATA_FLAG; 1895 1896 *param_flags = secure_data ? DM_WIPE_BUFFER : 0; 1897 1898 if (ioctl_flags & IOCTL_FLAGS_NO_PARAMS) { 1899 dmi = param_kernel; 1900 dmi->data_size = minimum_data_size; 1901 goto data_copied; 1902 } 1903 1904 /* 1905 * Use __GFP_HIGH to avoid low memory issues when a device is 1906 * suspended and the ioctl is needed to resume it. 1907 * Use kmalloc() rather than vmalloc() when we can. 1908 */ 1909 dmi = NULL; 1910 noio_flag = memalloc_noio_save(); 1911 dmi = kvmalloc(param_kernel->data_size, GFP_KERNEL | __GFP_HIGH); 1912 memalloc_noio_restore(noio_flag); 1913 1914 if (!dmi) { 1915 if (secure_data && clear_user(user, param_kernel->data_size)) 1916 return -EFAULT; 1917 return -ENOMEM; 1918 } 1919 1920 *param_flags |= DM_PARAMS_MALLOC; 1921 1922 /* Copy from param_kernel (which was already copied from user) */ 1923 memcpy(dmi, param_kernel, minimum_data_size); 1924 1925 if (copy_from_user(&dmi->data, (char __user *)user + minimum_data_size, 1926 param_kernel->data_size - minimum_data_size)) 1927 goto bad; 1928 data_copied: 1929 /* Wipe the user buffer so we do not return it to userspace */ 1930 if (secure_data && clear_user(user, param_kernel->data_size)) 1931 goto bad; 1932 1933 *param = dmi; 1934 return 0; 1935 1936 bad: 1937 free_params(dmi, param_kernel->data_size, *param_flags); 1938 1939 return -EFAULT; 1940 } 1941 1942 static int validate_params(uint cmd, struct dm_ioctl *param) 1943 { 1944 /* Always clear this flag */ 1945 param->flags &= ~DM_BUFFER_FULL_FLAG; 1946 param->flags &= ~DM_UEVENT_GENERATED_FLAG; 1947 param->flags &= ~DM_SECURE_DATA_FLAG; 1948 param->flags &= ~DM_DATA_OUT_FLAG; 1949 1950 /* Ignores parameters */ 1951 if (cmd == DM_REMOVE_ALL_CMD || 1952 cmd == DM_LIST_DEVICES_CMD || 1953 cmd == DM_LIST_VERSIONS_CMD) 1954 return 0; 1955 1956 if (cmd == DM_DEV_CREATE_CMD) { 1957 if (!*param->name) { 1958 DMERR("name not supplied when creating device"); 1959 return -EINVAL; 1960 } 1961 } else if (*param->uuid && *param->name) { 1962 DMERR("only supply one of name or uuid, cmd(%u)", cmd); 1963 return -EINVAL; 1964 } 1965 1966 /* Ensure strings are terminated */ 1967 param->name[DM_NAME_LEN - 1] = '\0'; 1968 param->uuid[DM_UUID_LEN - 1] = '\0'; 1969 1970 return 0; 1971 } 1972 1973 static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *user) 1974 { 1975 int r = 0; 1976 int ioctl_flags; 1977 int param_flags; 1978 unsigned int cmd; 1979 struct dm_ioctl *param; 1980 ioctl_fn fn = NULL; 1981 size_t input_param_size; 1982 struct dm_ioctl param_kernel; 1983 1984 /* only root can play with this */ 1985 if (!capable(CAP_SYS_ADMIN)) 1986 return -EACCES; 1987 1988 if (_IOC_TYPE(command) != DM_IOCTL) 1989 return -ENOTTY; 1990 1991 cmd = _IOC_NR(command); 1992 1993 /* 1994 * Check the interface version passed in. This also 1995 * writes out the kernel's interface version. 1996 */ 1997 r = check_version(cmd, user); 1998 if (r) 1999 return r; 2000 2001 /* 2002 * Nothing more to do for the version command. 2003 */ 2004 if (cmd == DM_VERSION_CMD) 2005 return 0; 2006 2007 fn = lookup_ioctl(cmd, &ioctl_flags); 2008 if (!fn) { 2009 DMERR("dm_ctl_ioctl: unknown command 0x%x", command); 2010 return -ENOTTY; 2011 } 2012 2013 /* 2014 * Copy the parameters into kernel space. 2015 */ 2016 r = copy_params(user, ¶m_kernel, ioctl_flags, ¶m, ¶m_flags); 2017 2018 if (r) 2019 return r; 2020 2021 input_param_size = param->data_size; 2022 r = validate_params(cmd, param); 2023 if (r) 2024 goto out; 2025 2026 param->data_size = offsetof(struct dm_ioctl, data); 2027 r = fn(file, param, input_param_size); 2028 2029 if (unlikely(param->flags & DM_BUFFER_FULL_FLAG) && 2030 unlikely(ioctl_flags & IOCTL_FLAGS_NO_PARAMS)) 2031 DMERR("ioctl %d tried to output some data but has IOCTL_FLAGS_NO_PARAMS set", cmd); 2032 2033 if (!r && ioctl_flags & IOCTL_FLAGS_ISSUE_GLOBAL_EVENT) 2034 dm_issue_global_event(); 2035 2036 /* 2037 * Copy the results back to userland. 2038 */ 2039 if (!r && copy_to_user(user, param, param->data_size)) 2040 r = -EFAULT; 2041 2042 out: 2043 free_params(param, input_param_size, param_flags); 2044 return r; 2045 } 2046 2047 static long dm_ctl_ioctl(struct file *file, uint command, ulong u) 2048 { 2049 return (long)ctl_ioctl(file, command, (struct dm_ioctl __user *)u); 2050 } 2051 2052 #ifdef CONFIG_COMPAT 2053 static long dm_compat_ctl_ioctl(struct file *file, uint command, ulong u) 2054 { 2055 return (long)dm_ctl_ioctl(file, command, (ulong) compat_ptr(u)); 2056 } 2057 #else 2058 #define dm_compat_ctl_ioctl NULL 2059 #endif 2060 2061 static int dm_open(struct inode *inode, struct file *filp) 2062 { 2063 int r; 2064 struct dm_file *priv; 2065 2066 r = nonseekable_open(inode, filp); 2067 if (unlikely(r)) 2068 return r; 2069 2070 priv = filp->private_data = kmalloc(sizeof(struct dm_file), GFP_KERNEL); 2071 if (!priv) 2072 return -ENOMEM; 2073 2074 priv->global_event_nr = atomic_read(&dm_global_event_nr); 2075 2076 return 0; 2077 } 2078 2079 static int dm_release(struct inode *inode, struct file *filp) 2080 { 2081 kfree(filp->private_data); 2082 return 0; 2083 } 2084 2085 static __poll_t dm_poll(struct file *filp, poll_table *wait) 2086 { 2087 struct dm_file *priv = filp->private_data; 2088 __poll_t mask = 0; 2089 2090 poll_wait(filp, &dm_global_eventq, wait); 2091 2092 if ((int)(atomic_read(&dm_global_event_nr) - priv->global_event_nr) > 0) 2093 mask |= EPOLLIN; 2094 2095 return mask; 2096 } 2097 2098 static const struct file_operations _ctl_fops = { 2099 .open = dm_open, 2100 .release = dm_release, 2101 .poll = dm_poll, 2102 .unlocked_ioctl = dm_ctl_ioctl, 2103 .compat_ioctl = dm_compat_ctl_ioctl, 2104 .owner = THIS_MODULE, 2105 .llseek = noop_llseek, 2106 }; 2107 2108 static struct miscdevice _dm_misc = { 2109 .minor = MAPPER_CTRL_MINOR, 2110 .name = DM_NAME, 2111 .nodename = DM_DIR "/" DM_CONTROL_NODE, 2112 .fops = &_ctl_fops 2113 }; 2114 2115 MODULE_ALIAS_MISCDEV(MAPPER_CTRL_MINOR); 2116 MODULE_ALIAS("devname:" DM_DIR "/" DM_CONTROL_NODE); 2117 2118 /* 2119 * Create misc character device and link to DM_DIR/control. 2120 */ 2121 int __init dm_interface_init(void) 2122 { 2123 int r; 2124 2125 r = misc_register(&_dm_misc); 2126 if (r) { 2127 DMERR("misc_register failed for control device"); 2128 return r; 2129 } 2130 2131 DMINFO("%d.%d.%d%s initialised: %s", DM_VERSION_MAJOR, 2132 DM_VERSION_MINOR, DM_VERSION_PATCHLEVEL, DM_VERSION_EXTRA, 2133 DM_DRIVER_EMAIL); 2134 return 0; 2135 } 2136 2137 void dm_interface_exit(void) 2138 { 2139 misc_deregister(&_dm_misc); 2140 dm_hash_exit(); 2141 } 2142 2143 /** 2144 * dm_copy_name_and_uuid - Copy mapped device name & uuid into supplied buffers 2145 * @md: Pointer to mapped_device 2146 * @name: Buffer (size DM_NAME_LEN) for name 2147 * @uuid: Buffer (size DM_UUID_LEN) for uuid or empty string if uuid not defined 2148 */ 2149 int dm_copy_name_and_uuid(struct mapped_device *md, char *name, char *uuid) 2150 { 2151 int r = 0; 2152 struct hash_cell *hc; 2153 2154 if (!md) 2155 return -ENXIO; 2156 2157 mutex_lock(&dm_hash_cells_mutex); 2158 hc = dm_get_mdptr(md); 2159 if (!hc) { 2160 r = -ENXIO; 2161 goto out; 2162 } 2163 2164 if (name) 2165 strcpy(name, hc->name); 2166 if (uuid) 2167 strcpy(uuid, hc->uuid ? : ""); 2168 2169 out: 2170 mutex_unlock(&dm_hash_cells_mutex); 2171 2172 return r; 2173 } 2174 EXPORT_SYMBOL_GPL(dm_copy_name_and_uuid); 2175 2176 /** 2177 * dm_early_create - create a mapped device in early boot. 2178 * 2179 * @dmi: Contains main information of the device mapping to be created. 2180 * @spec_array: array of pointers to struct dm_target_spec. Describes the 2181 * mapping table of the device. 2182 * @target_params_array: array of strings with the parameters to a specific 2183 * target. 2184 * 2185 * Instead of having the struct dm_target_spec and the parameters for every 2186 * target embedded at the end of struct dm_ioctl (as performed in a normal 2187 * ioctl), pass them as arguments, so the caller doesn't need to serialize them. 2188 * The size of the spec_array and target_params_array is given by 2189 * @dmi->target_count. 2190 * This function is supposed to be called in early boot, so locking mechanisms 2191 * to protect against concurrent loads are not required. 2192 */ 2193 int __init dm_early_create(struct dm_ioctl *dmi, 2194 struct dm_target_spec **spec_array, 2195 char **target_params_array) 2196 { 2197 int r, m = DM_ANY_MINOR; 2198 struct dm_table *t, *old_map; 2199 struct mapped_device *md; 2200 unsigned int i; 2201 2202 if (!dmi->target_count) 2203 return -EINVAL; 2204 2205 r = check_name(dmi->name); 2206 if (r) 2207 return r; 2208 2209 if (dmi->flags & DM_PERSISTENT_DEV_FLAG) 2210 m = MINOR(huge_decode_dev(dmi->dev)); 2211 2212 /* alloc dm device */ 2213 r = dm_create(m, &md); 2214 if (r) 2215 return r; 2216 2217 /* hash insert */ 2218 r = dm_hash_insert(dmi->name, *dmi->uuid ? dmi->uuid : NULL, md); 2219 if (r) 2220 goto err_destroy_dm; 2221 2222 /* alloc table */ 2223 r = dm_table_create(&t, get_mode(dmi), dmi->target_count, md); 2224 if (r) 2225 goto err_hash_remove; 2226 2227 /* add targets */ 2228 for (i = 0; i < dmi->target_count; i++) { 2229 r = dm_table_add_target(t, spec_array[i]->target_type, 2230 (sector_t) spec_array[i]->sector_start, 2231 (sector_t) spec_array[i]->length, 2232 target_params_array[i]); 2233 if (r) { 2234 DMERR("error adding target to table"); 2235 goto err_destroy_table; 2236 } 2237 } 2238 2239 /* finish table */ 2240 r = dm_table_complete(t); 2241 if (r) 2242 goto err_destroy_table; 2243 2244 /* setup md->queue to reflect md's type (may block) */ 2245 r = dm_setup_md_queue(md, t); 2246 if (r) { 2247 DMERR("unable to set up device queue for new table."); 2248 goto err_destroy_table; 2249 } 2250 2251 /* Set new map */ 2252 dm_suspend(md, 0); 2253 old_map = dm_swap_table(md, t); 2254 if (IS_ERR(old_map)) { 2255 r = PTR_ERR(old_map); 2256 goto err_destroy_table; 2257 } 2258 set_disk_ro(dm_disk(md), !!(dmi->flags & DM_READONLY_FLAG)); 2259 2260 /* resume device */ 2261 r = dm_resume(md); 2262 if (r) 2263 goto err_destroy_table; 2264 2265 DMINFO("%s (%s) is ready", md->disk->disk_name, dmi->name); 2266 dm_put(md); 2267 return 0; 2268 2269 err_destroy_table: 2270 dm_table_destroy(t); 2271 err_hash_remove: 2272 down_write(&_hash_lock); 2273 (void) __hash_remove(__get_name_cell(dmi->name)); 2274 up_write(&_hash_lock); 2275 /* release reference from __get_name_cell */ 2276 dm_put(md); 2277 err_destroy_dm: 2278 dm_put(md); 2279 dm_destroy(md); 2280 return r; 2281 } 2282