1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2001, 2002 Sistina Software (UK) Limited. 4 * Copyright (C) 2004 - 2006 Red Hat, Inc. All rights reserved. 5 * 6 * This file is released under the GPL. 7 */ 8 9 #include "dm-core.h" 10 #include "dm-ima.h" 11 #include <linux/module.h> 12 #include <linux/vmalloc.h> 13 #include <linux/miscdevice.h> 14 #include <linux/sched/mm.h> 15 #include <linux/init.h> 16 #include <linux/wait.h> 17 #include <linux/slab.h> 18 #include <linux/rbtree.h> 19 #include <linux/dm-ioctl.h> 20 #include <linux/hdreg.h> 21 #include <linux/compat.h> 22 #include <linux/nospec.h> 23 24 #include <linux/uaccess.h> 25 #include <linux/ima.h> 26 27 #define DM_MSG_PREFIX "ioctl" 28 #define DM_DRIVER_EMAIL "dm-devel@redhat.com" 29 30 struct dm_file { 31 /* 32 * poll will wait until the global event number is greater than 33 * this value. 34 */ 35 volatile unsigned int global_event_nr; 36 }; 37 38 /* 39 *--------------------------------------------------------------- 40 * The ioctl interface needs to be able to look up devices by 41 * name or uuid. 42 *--------------------------------------------------------------- 43 */ 44 struct hash_cell { 45 struct rb_node name_node; 46 struct rb_node uuid_node; 47 bool name_set; 48 bool uuid_set; 49 50 char *name; 51 char *uuid; 52 struct mapped_device *md; 53 struct dm_table *new_map; 54 }; 55 56 struct vers_iter { 57 size_t param_size; 58 struct dm_target_versions *vers, *old_vers; 59 char *end; 60 uint32_t flags; 61 }; 62 63 64 static struct rb_root name_rb_tree = RB_ROOT; 65 static struct rb_root uuid_rb_tree = RB_ROOT; 66 67 static void dm_hash_remove_all(bool keep_open_devices, bool mark_deferred, bool only_deferred); 68 69 /* 70 * Guards access to both hash tables. 71 */ 72 static DECLARE_RWSEM(_hash_lock); 73 74 /* 75 * Protects use of mdptr to obtain hash cell name and uuid from mapped device. 76 */ 77 static DEFINE_MUTEX(dm_hash_cells_mutex); 78 79 static void dm_hash_exit(void) 80 { 81 dm_hash_remove_all(false, false, false); 82 } 83 84 /* 85 *--------------------------------------------------------------- 86 * Code for looking up a device by name 87 *--------------------------------------------------------------- 88 */ 89 static struct hash_cell *__get_name_cell(const char *str) 90 { 91 struct rb_node *n = name_rb_tree.rb_node; 92 93 while (n) { 94 struct hash_cell *hc = container_of(n, struct hash_cell, name_node); 95 int c; 96 97 c = strcmp(hc->name, str); 98 if (!c) { 99 dm_get(hc->md); 100 return hc; 101 } 102 n = c >= 0 ? n->rb_left : n->rb_right; 103 } 104 105 return NULL; 106 } 107 108 static struct hash_cell *__get_uuid_cell(const char *str) 109 { 110 struct rb_node *n = uuid_rb_tree.rb_node; 111 112 while (n) { 113 struct hash_cell *hc = container_of(n, struct hash_cell, uuid_node); 114 int c; 115 116 c = strcmp(hc->uuid, str); 117 if (!c) { 118 dm_get(hc->md); 119 return hc; 120 } 121 n = c >= 0 ? n->rb_left : n->rb_right; 122 } 123 124 return NULL; 125 } 126 127 static void __unlink_name(struct hash_cell *hc) 128 { 129 if (hc->name_set) { 130 hc->name_set = false; 131 rb_erase(&hc->name_node, &name_rb_tree); 132 } 133 } 134 135 static void __unlink_uuid(struct hash_cell *hc) 136 { 137 if (hc->uuid_set) { 138 hc->uuid_set = false; 139 rb_erase(&hc->uuid_node, &uuid_rb_tree); 140 } 141 } 142 143 static void __link_name(struct hash_cell *new_hc) 144 { 145 struct rb_node **n, *parent; 146 147 __unlink_name(new_hc); 148 149 new_hc->name_set = true; 150 151 n = &name_rb_tree.rb_node; 152 parent = NULL; 153 154 while (*n) { 155 struct hash_cell *hc = container_of(*n, struct hash_cell, name_node); 156 int c; 157 158 c = strcmp(hc->name, new_hc->name); 159 BUG_ON(!c); 160 parent = *n; 161 n = c >= 0 ? &hc->name_node.rb_left : &hc->name_node.rb_right; 162 } 163 164 rb_link_node(&new_hc->name_node, parent, n); 165 rb_insert_color(&new_hc->name_node, &name_rb_tree); 166 } 167 168 static void __link_uuid(struct hash_cell *new_hc) 169 { 170 struct rb_node **n, *parent; 171 172 __unlink_uuid(new_hc); 173 174 new_hc->uuid_set = true; 175 176 n = &uuid_rb_tree.rb_node; 177 parent = NULL; 178 179 while (*n) { 180 struct hash_cell *hc = container_of(*n, struct hash_cell, uuid_node); 181 int c; 182 183 c = strcmp(hc->uuid, new_hc->uuid); 184 BUG_ON(!c); 185 parent = *n; 186 n = c > 0 ? &hc->uuid_node.rb_left : &hc->uuid_node.rb_right; 187 } 188 189 rb_link_node(&new_hc->uuid_node, parent, n); 190 rb_insert_color(&new_hc->uuid_node, &uuid_rb_tree); 191 } 192 193 static struct hash_cell *__get_dev_cell(uint64_t dev) 194 { 195 struct mapped_device *md; 196 struct hash_cell *hc; 197 198 md = dm_get_md(huge_decode_dev(dev)); 199 if (!md) 200 return NULL; 201 202 hc = dm_get_mdptr(md); 203 if (!hc) { 204 dm_put(md); 205 return NULL; 206 } 207 208 return hc; 209 } 210 211 /* 212 *--------------------------------------------------------------- 213 * Inserting, removing and renaming a device. 214 *--------------------------------------------------------------- 215 */ 216 static struct hash_cell *alloc_cell(const char *name, const char *uuid, 217 struct mapped_device *md) 218 { 219 struct hash_cell *hc; 220 221 hc = kmalloc(sizeof(*hc), GFP_KERNEL); 222 if (!hc) 223 return NULL; 224 225 hc->name = kstrdup(name, GFP_KERNEL); 226 if (!hc->name) { 227 kfree(hc); 228 return NULL; 229 } 230 231 if (!uuid) 232 hc->uuid = NULL; 233 234 else { 235 hc->uuid = kstrdup(uuid, GFP_KERNEL); 236 if (!hc->uuid) { 237 kfree(hc->name); 238 kfree(hc); 239 return NULL; 240 } 241 } 242 243 hc->name_set = hc->uuid_set = false; 244 hc->md = md; 245 hc->new_map = NULL; 246 return hc; 247 } 248 249 static void free_cell(struct hash_cell *hc) 250 { 251 if (hc) { 252 kfree(hc->name); 253 kfree(hc->uuid); 254 kfree(hc); 255 } 256 } 257 258 /* 259 * The kdev_t and uuid of a device can never change once it is 260 * initially inserted. 261 */ 262 static int dm_hash_insert(const char *name, const char *uuid, struct mapped_device *md) 263 { 264 struct hash_cell *cell, *hc; 265 266 /* 267 * Allocate the new cells. 268 */ 269 cell = alloc_cell(name, uuid, md); 270 if (!cell) 271 return -ENOMEM; 272 273 /* 274 * Insert the cell into both hash tables. 275 */ 276 down_write(&_hash_lock); 277 hc = __get_name_cell(name); 278 if (hc) { 279 dm_put(hc->md); 280 goto bad; 281 } 282 283 __link_name(cell); 284 285 if (uuid) { 286 hc = __get_uuid_cell(uuid); 287 if (hc) { 288 __unlink_name(cell); 289 dm_put(hc->md); 290 goto bad; 291 } 292 __link_uuid(cell); 293 } 294 dm_get(md); 295 mutex_lock(&dm_hash_cells_mutex); 296 dm_set_mdptr(md, cell); 297 mutex_unlock(&dm_hash_cells_mutex); 298 up_write(&_hash_lock); 299 300 return 0; 301 302 bad: 303 up_write(&_hash_lock); 304 free_cell(cell); 305 return -EBUSY; 306 } 307 308 static struct dm_table *__hash_remove(struct hash_cell *hc) 309 { 310 struct dm_table *table; 311 int srcu_idx; 312 313 lockdep_assert_held(&_hash_lock); 314 315 /* remove from the dev trees */ 316 __unlink_name(hc); 317 __unlink_uuid(hc); 318 mutex_lock(&dm_hash_cells_mutex); 319 dm_set_mdptr(hc->md, NULL); 320 mutex_unlock(&dm_hash_cells_mutex); 321 322 table = dm_get_live_table(hc->md, &srcu_idx); 323 if (table) 324 dm_table_event(table); 325 dm_put_live_table(hc->md, srcu_idx); 326 327 table = NULL; 328 if (hc->new_map) 329 table = hc->new_map; 330 dm_put(hc->md); 331 free_cell(hc); 332 333 return table; 334 } 335 336 static void dm_hash_remove_all(bool keep_open_devices, bool mark_deferred, bool only_deferred) 337 { 338 int dev_skipped; 339 struct rb_node *n; 340 struct hash_cell *hc; 341 struct mapped_device *md; 342 struct dm_table *t; 343 344 retry: 345 dev_skipped = 0; 346 347 down_write(&_hash_lock); 348 349 for (n = rb_first(&name_rb_tree); n; n = rb_next(n)) { 350 hc = container_of(n, struct hash_cell, name_node); 351 md = hc->md; 352 dm_get(md); 353 354 if (keep_open_devices && 355 dm_lock_for_deletion(md, mark_deferred, only_deferred)) { 356 dm_put(md); 357 dev_skipped++; 358 continue; 359 } 360 361 t = __hash_remove(hc); 362 363 up_write(&_hash_lock); 364 365 if (t) { 366 dm_sync_table(md); 367 dm_table_destroy(t); 368 } 369 dm_ima_measure_on_device_remove(md, true); 370 dm_put(md); 371 if (likely(keep_open_devices)) 372 dm_destroy(md); 373 else 374 dm_destroy_immediate(md); 375 376 /* 377 * Some mapped devices may be using other mapped 378 * devices, so repeat until we make no further 379 * progress. If a new mapped device is created 380 * here it will also get removed. 381 */ 382 goto retry; 383 } 384 385 up_write(&_hash_lock); 386 387 if (dev_skipped) 388 DMWARN("remove_all left %d open device(s)", dev_skipped); 389 } 390 391 /* 392 * Set the uuid of a hash_cell that isn't already set. 393 */ 394 static void __set_cell_uuid(struct hash_cell *hc, char *new_uuid) 395 { 396 mutex_lock(&dm_hash_cells_mutex); 397 hc->uuid = new_uuid; 398 mutex_unlock(&dm_hash_cells_mutex); 399 400 __link_uuid(hc); 401 } 402 403 /* 404 * Changes the name of a hash_cell and returns the old name for 405 * the caller to free. 406 */ 407 static char *__change_cell_name(struct hash_cell *hc, char *new_name) 408 { 409 char *old_name; 410 411 /* 412 * Rename and move the name cell. 413 */ 414 __unlink_name(hc); 415 old_name = hc->name; 416 417 mutex_lock(&dm_hash_cells_mutex); 418 hc->name = new_name; 419 mutex_unlock(&dm_hash_cells_mutex); 420 421 __link_name(hc); 422 423 return old_name; 424 } 425 426 static struct mapped_device *dm_hash_rename(struct dm_ioctl *param, 427 const char *new) 428 { 429 char *new_data, *old_name = NULL; 430 struct hash_cell *hc; 431 struct dm_table *table; 432 struct mapped_device *md; 433 unsigned int change_uuid = (param->flags & DM_UUID_FLAG) ? 1 : 0; 434 int srcu_idx; 435 436 /* 437 * duplicate new. 438 */ 439 new_data = kstrdup(new, GFP_KERNEL); 440 if (!new_data) 441 return ERR_PTR(-ENOMEM); 442 443 down_write(&_hash_lock); 444 445 /* 446 * Is new free ? 447 */ 448 if (change_uuid) 449 hc = __get_uuid_cell(new); 450 else 451 hc = __get_name_cell(new); 452 453 if (hc) { 454 DMERR("Unable to change %s on mapped device %s to one that already exists: %s", 455 change_uuid ? "uuid" : "name", 456 param->name, new); 457 dm_put(hc->md); 458 up_write(&_hash_lock); 459 kfree(new_data); 460 return ERR_PTR(-EBUSY); 461 } 462 463 /* 464 * Is there such a device as 'old' ? 465 */ 466 hc = __get_name_cell(param->name); 467 if (!hc) { 468 DMERR("Unable to rename non-existent device, %s to %s%s", 469 param->name, change_uuid ? "uuid " : "", new); 470 up_write(&_hash_lock); 471 kfree(new_data); 472 return ERR_PTR(-ENXIO); 473 } 474 475 /* 476 * Does this device already have a uuid? 477 */ 478 if (change_uuid && hc->uuid) { 479 DMERR("Unable to change uuid of mapped device %s to %s " 480 "because uuid is already set to %s", 481 param->name, new, hc->uuid); 482 dm_put(hc->md); 483 up_write(&_hash_lock); 484 kfree(new_data); 485 return ERR_PTR(-EINVAL); 486 } 487 488 if (change_uuid) 489 __set_cell_uuid(hc, new_data); 490 else 491 old_name = __change_cell_name(hc, new_data); 492 493 /* 494 * Wake up any dm event waiters. 495 */ 496 table = dm_get_live_table(hc->md, &srcu_idx); 497 if (table) 498 dm_table_event(table); 499 dm_put_live_table(hc->md, srcu_idx); 500 501 if (!dm_kobject_uevent(hc->md, KOBJ_CHANGE, param->event_nr, false)) 502 param->flags |= DM_UEVENT_GENERATED_FLAG; 503 504 md = hc->md; 505 506 dm_ima_measure_on_device_rename(md); 507 508 up_write(&_hash_lock); 509 kfree(old_name); 510 511 return md; 512 } 513 514 void dm_deferred_remove(void) 515 { 516 dm_hash_remove_all(true, false, true); 517 } 518 519 /* 520 *--------------------------------------------------------------- 521 * Implementation of the ioctl commands 522 *--------------------------------------------------------------- 523 */ 524 /* 525 * All the ioctl commands get dispatched to functions with this 526 * prototype. 527 */ 528 typedef int (*ioctl_fn)(struct file *filp, struct dm_ioctl *param, size_t param_size); 529 530 static int remove_all(struct file *filp, struct dm_ioctl *param, size_t param_size) 531 { 532 dm_hash_remove_all(true, !!(param->flags & DM_DEFERRED_REMOVE), false); 533 param->data_size = 0; 534 return 0; 535 } 536 537 /* 538 * Round up the ptr to an 8-byte boundary. 539 */ 540 #define ALIGN_MASK 7 541 static inline size_t align_val(size_t val) 542 { 543 return (val + ALIGN_MASK) & ~ALIGN_MASK; 544 } 545 static inline void *align_ptr(void *ptr) 546 { 547 return (void *)align_val((size_t)ptr); 548 } 549 550 /* 551 * Retrieves the data payload buffer from an already allocated 552 * struct dm_ioctl. 553 */ 554 static void *get_result_buffer(struct dm_ioctl *param, size_t param_size, 555 size_t *len) 556 { 557 param->data_start = align_ptr(param + 1) - (void *) param; 558 559 if (param->data_start < param_size) 560 *len = param_size - param->data_start; 561 else 562 *len = 0; 563 564 return ((void *) param) + param->data_start; 565 } 566 567 static bool filter_device(struct hash_cell *hc, const char *pfx_name, const char *pfx_uuid) 568 { 569 const char *val; 570 size_t val_len, pfx_len; 571 572 val = hc->name; 573 val_len = strlen(val); 574 pfx_len = strnlen(pfx_name, DM_NAME_LEN); 575 if (pfx_len > val_len) 576 return false; 577 if (memcmp(val, pfx_name, pfx_len)) 578 return false; 579 580 val = hc->uuid ? hc->uuid : ""; 581 val_len = strlen(val); 582 pfx_len = strnlen(pfx_uuid, DM_UUID_LEN); 583 if (pfx_len > val_len) 584 return false; 585 if (memcmp(val, pfx_uuid, pfx_len)) 586 return false; 587 588 return true; 589 } 590 591 static int list_devices(struct file *filp, struct dm_ioctl *param, size_t param_size) 592 { 593 struct rb_node *n; 594 struct hash_cell *hc; 595 size_t len, needed = 0; 596 struct gendisk *disk; 597 struct dm_name_list *orig_nl, *nl, *old_nl = NULL; 598 uint32_t *event_nr; 599 600 down_write(&_hash_lock); 601 602 /* 603 * Loop through all the devices working out how much 604 * space we need. 605 */ 606 for (n = rb_first(&name_rb_tree); n; n = rb_next(n)) { 607 hc = container_of(n, struct hash_cell, name_node); 608 if (!filter_device(hc, param->name, param->uuid)) 609 continue; 610 needed += align_val(offsetof(struct dm_name_list, name) + strlen(hc->name) + 1); 611 needed += align_val(sizeof(uint32_t) * 2); 612 if (param->flags & DM_UUID_FLAG && hc->uuid) 613 needed += align_val(strlen(hc->uuid) + 1); 614 } 615 616 /* 617 * Grab our output buffer. 618 */ 619 nl = orig_nl = get_result_buffer(param, param_size, &len); 620 if (len < needed || len < sizeof(nl->dev)) { 621 param->flags |= DM_BUFFER_FULL_FLAG; 622 goto out; 623 } 624 param->data_size = param->data_start + needed; 625 626 nl->dev = 0; /* Flags no data */ 627 628 /* 629 * Now loop through filling out the names. 630 */ 631 for (n = rb_first(&name_rb_tree); n; n = rb_next(n)) { 632 void *uuid_ptr; 633 634 hc = container_of(n, struct hash_cell, name_node); 635 if (!filter_device(hc, param->name, param->uuid)) 636 continue; 637 if (old_nl) 638 old_nl->next = (uint32_t) ((void *) nl - 639 (void *) old_nl); 640 disk = dm_disk(hc->md); 641 nl->dev = huge_encode_dev(disk_devt(disk)); 642 nl->next = 0; 643 strcpy(nl->name, hc->name); 644 645 old_nl = nl; 646 event_nr = align_ptr(nl->name + strlen(hc->name) + 1); 647 event_nr[0] = dm_get_event_nr(hc->md); 648 event_nr[1] = 0; 649 uuid_ptr = align_ptr(event_nr + 2); 650 if (param->flags & DM_UUID_FLAG) { 651 if (hc->uuid) { 652 event_nr[1] |= DM_NAME_LIST_FLAG_HAS_UUID; 653 strcpy(uuid_ptr, hc->uuid); 654 uuid_ptr = align_ptr(uuid_ptr + strlen(hc->uuid) + 1); 655 } else { 656 event_nr[1] |= DM_NAME_LIST_FLAG_DOESNT_HAVE_UUID; 657 } 658 } 659 nl = uuid_ptr; 660 } 661 /* 662 * If mismatch happens, security may be compromised due to buffer 663 * overflow, so it's better to crash. 664 */ 665 BUG_ON((char *)nl - (char *)orig_nl != needed); 666 667 out: 668 up_write(&_hash_lock); 669 return 0; 670 } 671 672 static void list_version_get_needed(struct target_type *tt, void *needed_param) 673 { 674 size_t *needed = needed_param; 675 676 *needed += sizeof(struct dm_target_versions); 677 *needed += strlen(tt->name) + 1; 678 *needed += ALIGN_MASK; 679 } 680 681 static void list_version_get_info(struct target_type *tt, void *param) 682 { 683 struct vers_iter *info = param; 684 685 /* Check space - it might have changed since the first iteration */ 686 if ((char *)info->vers + sizeof(tt->version) + strlen(tt->name) + 1 > info->end) { 687 info->flags = DM_BUFFER_FULL_FLAG; 688 return; 689 } 690 691 if (info->old_vers) 692 info->old_vers->next = (uint32_t) ((void *)info->vers - (void *)info->old_vers); 693 694 info->vers->version[0] = tt->version[0]; 695 info->vers->version[1] = tt->version[1]; 696 info->vers->version[2] = tt->version[2]; 697 info->vers->next = 0; 698 strcpy(info->vers->name, tt->name); 699 700 info->old_vers = info->vers; 701 info->vers = align_ptr((void *)(info->vers + 1) + strlen(tt->name) + 1); 702 } 703 704 static int __list_versions(struct dm_ioctl *param, size_t param_size, const char *name) 705 { 706 size_t len, needed = 0; 707 struct dm_target_versions *vers; 708 struct vers_iter iter_info; 709 struct target_type *tt = NULL; 710 711 if (name) { 712 tt = dm_get_target_type(name); 713 if (!tt) 714 return -EINVAL; 715 } 716 717 /* 718 * Loop through all the devices working out how much 719 * space we need. 720 */ 721 if (!tt) 722 dm_target_iterate(list_version_get_needed, &needed); 723 else 724 list_version_get_needed(tt, &needed); 725 726 /* 727 * Grab our output buffer. 728 */ 729 vers = get_result_buffer(param, param_size, &len); 730 if (len < needed) { 731 param->flags |= DM_BUFFER_FULL_FLAG; 732 goto out; 733 } 734 param->data_size = param->data_start + needed; 735 736 iter_info.param_size = param_size; 737 iter_info.old_vers = NULL; 738 iter_info.vers = vers; 739 iter_info.flags = 0; 740 iter_info.end = (char *)vers + needed; 741 742 /* 743 * Now loop through filling out the names & versions. 744 */ 745 if (!tt) 746 dm_target_iterate(list_version_get_info, &iter_info); 747 else 748 list_version_get_info(tt, &iter_info); 749 param->flags |= iter_info.flags; 750 751 out: 752 if (tt) 753 dm_put_target_type(tt); 754 return 0; 755 } 756 757 static int list_versions(struct file *filp, struct dm_ioctl *param, size_t param_size) 758 { 759 return __list_versions(param, param_size, NULL); 760 } 761 762 static int get_target_version(struct file *filp, struct dm_ioctl *param, size_t param_size) 763 { 764 return __list_versions(param, param_size, param->name); 765 } 766 767 static int check_name(const char *name) 768 { 769 if (strchr(name, '/')) { 770 DMERR("invalid device name"); 771 return -EINVAL; 772 } 773 774 return 0; 775 } 776 777 /* 778 * On successful return, the caller must not attempt to acquire 779 * _hash_lock without first calling dm_put_live_table, because dm_table_destroy 780 * waits for this dm_put_live_table and could be called under this lock. 781 */ 782 static struct dm_table *dm_get_inactive_table(struct mapped_device *md, int *srcu_idx) 783 { 784 struct hash_cell *hc; 785 struct dm_table *table = NULL; 786 787 /* increment rcu count, we don't care about the table pointer */ 788 dm_get_live_table(md, srcu_idx); 789 790 down_read(&_hash_lock); 791 hc = dm_get_mdptr(md); 792 if (!hc) { 793 DMERR("device has been removed from the dev hash table."); 794 goto out; 795 } 796 797 table = hc->new_map; 798 799 out: 800 up_read(&_hash_lock); 801 802 return table; 803 } 804 805 static struct dm_table *dm_get_live_or_inactive_table(struct mapped_device *md, 806 struct dm_ioctl *param, 807 int *srcu_idx) 808 { 809 return (param->flags & DM_QUERY_INACTIVE_TABLE_FLAG) ? 810 dm_get_inactive_table(md, srcu_idx) : dm_get_live_table(md, srcu_idx); 811 } 812 813 /* 814 * Fills in a dm_ioctl structure, ready for sending back to 815 * userland. 816 */ 817 static void __dev_status(struct mapped_device *md, struct dm_ioctl *param) 818 { 819 struct gendisk *disk = dm_disk(md); 820 struct dm_table *table; 821 int srcu_idx; 822 823 param->flags &= ~(DM_SUSPEND_FLAG | DM_READONLY_FLAG | 824 DM_ACTIVE_PRESENT_FLAG | DM_INTERNAL_SUSPEND_FLAG); 825 826 if (dm_suspended_md(md)) 827 param->flags |= DM_SUSPEND_FLAG; 828 829 if (dm_suspended_internally_md(md)) 830 param->flags |= DM_INTERNAL_SUSPEND_FLAG; 831 832 if (dm_test_deferred_remove_flag(md)) 833 param->flags |= DM_DEFERRED_REMOVE; 834 835 param->dev = huge_encode_dev(disk_devt(disk)); 836 837 /* 838 * Yes, this will be out of date by the time it gets back 839 * to userland, but it is still very useful for 840 * debugging. 841 */ 842 param->open_count = dm_open_count(md); 843 844 param->event_nr = dm_get_event_nr(md); 845 param->target_count = 0; 846 847 table = dm_get_live_table(md, &srcu_idx); 848 if (table) { 849 if (!(param->flags & DM_QUERY_INACTIVE_TABLE_FLAG)) { 850 if (get_disk_ro(disk)) 851 param->flags |= DM_READONLY_FLAG; 852 param->target_count = table->num_targets; 853 } 854 855 param->flags |= DM_ACTIVE_PRESENT_FLAG; 856 } 857 dm_put_live_table(md, srcu_idx); 858 859 if (param->flags & DM_QUERY_INACTIVE_TABLE_FLAG) { 860 int srcu_idx; 861 862 table = dm_get_inactive_table(md, &srcu_idx); 863 if (table) { 864 if (!(dm_table_get_mode(table) & FMODE_WRITE)) 865 param->flags |= DM_READONLY_FLAG; 866 param->target_count = table->num_targets; 867 } 868 dm_put_live_table(md, srcu_idx); 869 } 870 } 871 872 static int dev_create(struct file *filp, struct dm_ioctl *param, size_t param_size) 873 { 874 int r, m = DM_ANY_MINOR; 875 struct mapped_device *md; 876 877 r = check_name(param->name); 878 if (r) 879 return r; 880 881 if (param->flags & DM_PERSISTENT_DEV_FLAG) 882 m = MINOR(huge_decode_dev(param->dev)); 883 884 r = dm_create(m, &md); 885 if (r) 886 return r; 887 888 r = dm_hash_insert(param->name, *param->uuid ? param->uuid : NULL, md); 889 if (r) { 890 dm_put(md); 891 dm_destroy(md); 892 return r; 893 } 894 895 param->flags &= ~DM_INACTIVE_PRESENT_FLAG; 896 897 __dev_status(md, param); 898 899 dm_put(md); 900 901 return 0; 902 } 903 904 /* 905 * Always use UUID for lookups if it's present, otherwise use name or dev. 906 */ 907 static struct hash_cell *__find_device_hash_cell(struct dm_ioctl *param) 908 { 909 struct hash_cell *hc = NULL; 910 911 if (*param->uuid) { 912 if (*param->name || param->dev) { 913 DMERR("Invalid ioctl structure: uuid %s, name %s, dev %llx", 914 param->uuid, param->name, (unsigned long long)param->dev); 915 return NULL; 916 } 917 918 hc = __get_uuid_cell(param->uuid); 919 if (!hc) 920 return NULL; 921 } else if (*param->name) { 922 if (param->dev) { 923 DMERR("Invalid ioctl structure: name %s, dev %llx", 924 param->name, (unsigned long long)param->dev); 925 return NULL; 926 } 927 928 hc = __get_name_cell(param->name); 929 if (!hc) 930 return NULL; 931 } else if (param->dev) { 932 hc = __get_dev_cell(param->dev); 933 if (!hc) 934 return NULL; 935 } else 936 return NULL; 937 938 /* 939 * Sneakily write in both the name and the uuid 940 * while we have the cell. 941 */ 942 strscpy(param->name, hc->name, sizeof(param->name)); 943 if (hc->uuid) 944 strscpy(param->uuid, hc->uuid, sizeof(param->uuid)); 945 else 946 param->uuid[0] = '\0'; 947 948 if (hc->new_map) 949 param->flags |= DM_INACTIVE_PRESENT_FLAG; 950 else 951 param->flags &= ~DM_INACTIVE_PRESENT_FLAG; 952 953 return hc; 954 } 955 956 static struct mapped_device *find_device(struct dm_ioctl *param) 957 { 958 struct hash_cell *hc; 959 struct mapped_device *md = NULL; 960 961 down_read(&_hash_lock); 962 hc = __find_device_hash_cell(param); 963 if (hc) 964 md = hc->md; 965 up_read(&_hash_lock); 966 967 return md; 968 } 969 970 static int dev_remove(struct file *filp, struct dm_ioctl *param, size_t param_size) 971 { 972 struct hash_cell *hc; 973 struct mapped_device *md; 974 int r; 975 struct dm_table *t; 976 977 down_write(&_hash_lock); 978 hc = __find_device_hash_cell(param); 979 980 if (!hc) { 981 DMDEBUG_LIMIT("device doesn't appear to be in the dev hash table."); 982 up_write(&_hash_lock); 983 return -ENXIO; 984 } 985 986 md = hc->md; 987 988 /* 989 * Ensure the device is not open and nothing further can open it. 990 */ 991 r = dm_lock_for_deletion(md, !!(param->flags & DM_DEFERRED_REMOVE), false); 992 if (r) { 993 if (r == -EBUSY && param->flags & DM_DEFERRED_REMOVE) { 994 up_write(&_hash_lock); 995 dm_put(md); 996 return 0; 997 } 998 DMDEBUG_LIMIT("unable to remove open device %s", hc->name); 999 up_write(&_hash_lock); 1000 dm_put(md); 1001 return r; 1002 } 1003 1004 t = __hash_remove(hc); 1005 up_write(&_hash_lock); 1006 1007 if (t) { 1008 dm_sync_table(md); 1009 dm_table_destroy(t); 1010 } 1011 1012 param->flags &= ~DM_DEFERRED_REMOVE; 1013 1014 dm_ima_measure_on_device_remove(md, false); 1015 1016 if (!dm_kobject_uevent(md, KOBJ_REMOVE, param->event_nr, false)) 1017 param->flags |= DM_UEVENT_GENERATED_FLAG; 1018 1019 dm_put(md); 1020 dm_destroy(md); 1021 return 0; 1022 } 1023 1024 /* 1025 * Check a string doesn't overrun the chunk of 1026 * memory we copied from userland. 1027 */ 1028 static int invalid_str(char *str, void *end) 1029 { 1030 while ((void *) str < end) 1031 if (!*str++) 1032 return 0; 1033 1034 return -EINVAL; 1035 } 1036 1037 static int dev_rename(struct file *filp, struct dm_ioctl *param, size_t param_size) 1038 { 1039 int r; 1040 char *new_data = (char *) param + param->data_start; 1041 struct mapped_device *md; 1042 unsigned int change_uuid = (param->flags & DM_UUID_FLAG) ? 1 : 0; 1043 1044 if (new_data < param->data || 1045 invalid_str(new_data, (void *) param + param_size) || !*new_data || 1046 strlen(new_data) > (change_uuid ? DM_UUID_LEN - 1 : DM_NAME_LEN - 1)) { 1047 DMERR("Invalid new mapped device name or uuid string supplied."); 1048 return -EINVAL; 1049 } 1050 1051 if (!change_uuid) { 1052 r = check_name(new_data); 1053 if (r) 1054 return r; 1055 } 1056 1057 md = dm_hash_rename(param, new_data); 1058 if (IS_ERR(md)) 1059 return PTR_ERR(md); 1060 1061 __dev_status(md, param); 1062 dm_put(md); 1063 1064 return 0; 1065 } 1066 1067 static int dev_set_geometry(struct file *filp, struct dm_ioctl *param, size_t param_size) 1068 { 1069 int r = -EINVAL, x; 1070 struct mapped_device *md; 1071 struct hd_geometry geometry; 1072 unsigned long indata[4]; 1073 char *geostr = (char *) param + param->data_start; 1074 char dummy; 1075 1076 md = find_device(param); 1077 if (!md) 1078 return -ENXIO; 1079 1080 if (geostr < param->data || 1081 invalid_str(geostr, (void *) param + param_size)) { 1082 DMERR("Invalid geometry supplied."); 1083 goto out; 1084 } 1085 1086 x = sscanf(geostr, "%lu %lu %lu %lu%c", indata, 1087 indata + 1, indata + 2, indata + 3, &dummy); 1088 1089 if (x != 4) { 1090 DMERR("Unable to interpret geometry settings."); 1091 goto out; 1092 } 1093 1094 if (indata[0] > 65535 || indata[1] > 255 || indata[2] > 255) { 1095 DMERR("Geometry exceeds range limits."); 1096 goto out; 1097 } 1098 1099 geometry.cylinders = indata[0]; 1100 geometry.heads = indata[1]; 1101 geometry.sectors = indata[2]; 1102 geometry.start = indata[3]; 1103 1104 r = dm_set_geometry(md, &geometry); 1105 1106 param->data_size = 0; 1107 1108 out: 1109 dm_put(md); 1110 return r; 1111 } 1112 1113 static int do_suspend(struct dm_ioctl *param) 1114 { 1115 int r = 0; 1116 unsigned int suspend_flags = DM_SUSPEND_LOCKFS_FLAG; 1117 struct mapped_device *md; 1118 1119 md = find_device(param); 1120 if (!md) 1121 return -ENXIO; 1122 1123 if (param->flags & DM_SKIP_LOCKFS_FLAG) 1124 suspend_flags &= ~DM_SUSPEND_LOCKFS_FLAG; 1125 if (param->flags & DM_NOFLUSH_FLAG) 1126 suspend_flags |= DM_SUSPEND_NOFLUSH_FLAG; 1127 1128 if (!dm_suspended_md(md)) { 1129 r = dm_suspend(md, suspend_flags); 1130 if (r) 1131 goto out; 1132 } 1133 1134 __dev_status(md, param); 1135 1136 out: 1137 dm_put(md); 1138 1139 return r; 1140 } 1141 1142 static int do_resume(struct dm_ioctl *param) 1143 { 1144 int r = 0; 1145 unsigned int suspend_flags = DM_SUSPEND_LOCKFS_FLAG; 1146 struct hash_cell *hc; 1147 struct mapped_device *md; 1148 struct dm_table *new_map, *old_map = NULL; 1149 bool need_resize_uevent = false; 1150 1151 down_write(&_hash_lock); 1152 1153 hc = __find_device_hash_cell(param); 1154 if (!hc) { 1155 DMDEBUG_LIMIT("device doesn't appear to be in the dev hash table."); 1156 up_write(&_hash_lock); 1157 return -ENXIO; 1158 } 1159 1160 md = hc->md; 1161 1162 new_map = hc->new_map; 1163 hc->new_map = NULL; 1164 param->flags &= ~DM_INACTIVE_PRESENT_FLAG; 1165 1166 up_write(&_hash_lock); 1167 1168 /* Do we need to load a new map ? */ 1169 if (new_map) { 1170 sector_t old_size, new_size; 1171 1172 /* Suspend if it isn't already suspended */ 1173 if (param->flags & DM_SKIP_LOCKFS_FLAG) 1174 suspend_flags &= ~DM_SUSPEND_LOCKFS_FLAG; 1175 if (param->flags & DM_NOFLUSH_FLAG) 1176 suspend_flags |= DM_SUSPEND_NOFLUSH_FLAG; 1177 if (!dm_suspended_md(md)) 1178 dm_suspend(md, suspend_flags); 1179 1180 old_size = dm_get_size(md); 1181 old_map = dm_swap_table(md, new_map); 1182 if (IS_ERR(old_map)) { 1183 dm_sync_table(md); 1184 dm_table_destroy(new_map); 1185 dm_put(md); 1186 return PTR_ERR(old_map); 1187 } 1188 new_size = dm_get_size(md); 1189 if (old_size && new_size && old_size != new_size) 1190 need_resize_uevent = true; 1191 1192 if (dm_table_get_mode(new_map) & FMODE_WRITE) 1193 set_disk_ro(dm_disk(md), 0); 1194 else 1195 set_disk_ro(dm_disk(md), 1); 1196 } 1197 1198 if (dm_suspended_md(md)) { 1199 r = dm_resume(md); 1200 if (!r) { 1201 dm_ima_measure_on_device_resume(md, new_map ? true : false); 1202 1203 if (!dm_kobject_uevent(md, KOBJ_CHANGE, param->event_nr, need_resize_uevent)) 1204 param->flags |= DM_UEVENT_GENERATED_FLAG; 1205 } 1206 } 1207 1208 /* 1209 * Since dm_swap_table synchronizes RCU, nobody should be in 1210 * read-side critical section already. 1211 */ 1212 if (old_map) 1213 dm_table_destroy(old_map); 1214 1215 if (!r) 1216 __dev_status(md, param); 1217 1218 dm_put(md); 1219 return r; 1220 } 1221 1222 /* 1223 * Set or unset the suspension state of a device. 1224 * If the device already is in the requested state we just return its status. 1225 */ 1226 static int dev_suspend(struct file *filp, struct dm_ioctl *param, size_t param_size) 1227 { 1228 if (param->flags & DM_SUSPEND_FLAG) 1229 return do_suspend(param); 1230 1231 return do_resume(param); 1232 } 1233 1234 /* 1235 * Copies device info back to user space, used by 1236 * the create and info ioctls. 1237 */ 1238 static int dev_status(struct file *filp, struct dm_ioctl *param, size_t param_size) 1239 { 1240 struct mapped_device *md; 1241 1242 md = find_device(param); 1243 if (!md) 1244 return -ENXIO; 1245 1246 __dev_status(md, param); 1247 dm_put(md); 1248 1249 return 0; 1250 } 1251 1252 /* 1253 * Build up the status struct for each target 1254 */ 1255 static void retrieve_status(struct dm_table *table, 1256 struct dm_ioctl *param, size_t param_size) 1257 { 1258 unsigned int i, num_targets; 1259 struct dm_target_spec *spec; 1260 char *outbuf, *outptr; 1261 status_type_t type; 1262 size_t remaining, len, used = 0; 1263 unsigned int status_flags = 0; 1264 1265 outptr = outbuf = get_result_buffer(param, param_size, &len); 1266 1267 if (param->flags & DM_STATUS_TABLE_FLAG) 1268 type = STATUSTYPE_TABLE; 1269 else if (param->flags & DM_IMA_MEASUREMENT_FLAG) 1270 type = STATUSTYPE_IMA; 1271 else 1272 type = STATUSTYPE_INFO; 1273 1274 /* Get all the target info */ 1275 num_targets = table->num_targets; 1276 for (i = 0; i < num_targets; i++) { 1277 struct dm_target *ti = dm_table_get_target(table, i); 1278 size_t l; 1279 1280 remaining = len - (outptr - outbuf); 1281 if (remaining <= sizeof(struct dm_target_spec)) { 1282 param->flags |= DM_BUFFER_FULL_FLAG; 1283 break; 1284 } 1285 1286 spec = (struct dm_target_spec *) outptr; 1287 1288 spec->status = 0; 1289 spec->sector_start = ti->begin; 1290 spec->length = ti->len; 1291 strncpy(spec->target_type, ti->type->name, 1292 sizeof(spec->target_type) - 1); 1293 1294 outptr += sizeof(struct dm_target_spec); 1295 remaining = len - (outptr - outbuf); 1296 if (remaining <= 0) { 1297 param->flags |= DM_BUFFER_FULL_FLAG; 1298 break; 1299 } 1300 1301 /* Get the status/table string from the target driver */ 1302 if (ti->type->status) { 1303 if (param->flags & DM_NOFLUSH_FLAG) 1304 status_flags |= DM_STATUS_NOFLUSH_FLAG; 1305 ti->type->status(ti, type, status_flags, outptr, remaining); 1306 } else 1307 outptr[0] = '\0'; 1308 1309 l = strlen(outptr) + 1; 1310 if (l == remaining) { 1311 param->flags |= DM_BUFFER_FULL_FLAG; 1312 break; 1313 } 1314 1315 outptr += l; 1316 used = param->data_start + (outptr - outbuf); 1317 1318 outptr = align_ptr(outptr); 1319 spec->next = outptr - outbuf; 1320 } 1321 1322 if (used) 1323 param->data_size = used; 1324 1325 param->target_count = num_targets; 1326 } 1327 1328 /* 1329 * Wait for a device to report an event 1330 */ 1331 static int dev_wait(struct file *filp, struct dm_ioctl *param, size_t param_size) 1332 { 1333 int r = 0; 1334 struct mapped_device *md; 1335 struct dm_table *table; 1336 int srcu_idx; 1337 1338 md = find_device(param); 1339 if (!md) 1340 return -ENXIO; 1341 1342 /* 1343 * Wait for a notification event 1344 */ 1345 if (dm_wait_event(md, param->event_nr)) { 1346 r = -ERESTARTSYS; 1347 goto out; 1348 } 1349 1350 /* 1351 * The userland program is going to want to know what 1352 * changed to trigger the event, so we may as well tell 1353 * him and save an ioctl. 1354 */ 1355 __dev_status(md, param); 1356 1357 table = dm_get_live_or_inactive_table(md, param, &srcu_idx); 1358 if (table) 1359 retrieve_status(table, param, param_size); 1360 dm_put_live_table(md, srcu_idx); 1361 1362 out: 1363 dm_put(md); 1364 1365 return r; 1366 } 1367 1368 /* 1369 * Remember the global event number and make it possible to poll 1370 * for further events. 1371 */ 1372 static int dev_arm_poll(struct file *filp, struct dm_ioctl *param, size_t param_size) 1373 { 1374 struct dm_file *priv = filp->private_data; 1375 1376 priv->global_event_nr = atomic_read(&dm_global_event_nr); 1377 1378 return 0; 1379 } 1380 1381 static inline fmode_t get_mode(struct dm_ioctl *param) 1382 { 1383 fmode_t mode = FMODE_READ | FMODE_WRITE; 1384 1385 if (param->flags & DM_READONLY_FLAG) 1386 mode = FMODE_READ; 1387 1388 return mode; 1389 } 1390 1391 static int next_target(struct dm_target_spec *last, uint32_t next, void *end, 1392 struct dm_target_spec **spec, char **target_params) 1393 { 1394 *spec = (struct dm_target_spec *) ((unsigned char *) last + next); 1395 *target_params = (char *) (*spec + 1); 1396 1397 if (*spec < (last + 1)) 1398 return -EINVAL; 1399 1400 return invalid_str(*target_params, end); 1401 } 1402 1403 static int populate_table(struct dm_table *table, 1404 struct dm_ioctl *param, size_t param_size) 1405 { 1406 int r; 1407 unsigned int i = 0; 1408 struct dm_target_spec *spec = (struct dm_target_spec *) param; 1409 uint32_t next = param->data_start; 1410 void *end = (void *) param + param_size; 1411 char *target_params; 1412 1413 if (!param->target_count) { 1414 DMERR("%s: no targets specified", __func__); 1415 return -EINVAL; 1416 } 1417 1418 for (i = 0; i < param->target_count; i++) { 1419 1420 r = next_target(spec, next, end, &spec, &target_params); 1421 if (r) { 1422 DMERR("unable to find target"); 1423 return r; 1424 } 1425 1426 r = dm_table_add_target(table, spec->target_type, 1427 (sector_t) spec->sector_start, 1428 (sector_t) spec->length, 1429 target_params); 1430 if (r) { 1431 DMERR("error adding target to table"); 1432 return r; 1433 } 1434 1435 next = spec->next; 1436 } 1437 1438 return dm_table_complete(table); 1439 } 1440 1441 static bool is_valid_type(enum dm_queue_mode cur, enum dm_queue_mode new) 1442 { 1443 if (cur == new || 1444 (cur == DM_TYPE_BIO_BASED && new == DM_TYPE_DAX_BIO_BASED)) 1445 return true; 1446 1447 return false; 1448 } 1449 1450 static int table_load(struct file *filp, struct dm_ioctl *param, size_t param_size) 1451 { 1452 int r; 1453 struct hash_cell *hc; 1454 struct dm_table *t, *old_map = NULL; 1455 struct mapped_device *md; 1456 struct target_type *immutable_target_type; 1457 1458 md = find_device(param); 1459 if (!md) 1460 return -ENXIO; 1461 1462 r = dm_table_create(&t, get_mode(param), param->target_count, md); 1463 if (r) 1464 goto err; 1465 1466 /* Protect md->type and md->queue against concurrent table loads. */ 1467 dm_lock_md_type(md); 1468 r = populate_table(t, param, param_size); 1469 if (r) 1470 goto err_unlock_md_type; 1471 1472 dm_ima_measure_on_table_load(t, STATUSTYPE_IMA); 1473 1474 immutable_target_type = dm_get_immutable_target_type(md); 1475 if (immutable_target_type && 1476 (immutable_target_type != dm_table_get_immutable_target_type(t)) && 1477 !dm_table_get_wildcard_target(t)) { 1478 DMERR("can't replace immutable target type %s", 1479 immutable_target_type->name); 1480 r = -EINVAL; 1481 goto err_unlock_md_type; 1482 } 1483 1484 if (dm_get_md_type(md) == DM_TYPE_NONE) { 1485 /* setup md->queue to reflect md's type (may block) */ 1486 r = dm_setup_md_queue(md, t); 1487 if (r) { 1488 DMERR("unable to set up device queue for new table."); 1489 goto err_unlock_md_type; 1490 } 1491 } else if (!is_valid_type(dm_get_md_type(md), dm_table_get_type(t))) { 1492 DMERR("can't change device type (old=%u vs new=%u) after initial table load.", 1493 dm_get_md_type(md), dm_table_get_type(t)); 1494 r = -EINVAL; 1495 goto err_unlock_md_type; 1496 } 1497 1498 dm_unlock_md_type(md); 1499 1500 /* stage inactive table */ 1501 down_write(&_hash_lock); 1502 hc = dm_get_mdptr(md); 1503 if (!hc) { 1504 DMERR("device has been removed from the dev hash table."); 1505 up_write(&_hash_lock); 1506 r = -ENXIO; 1507 goto err_destroy_table; 1508 } 1509 1510 if (hc->new_map) 1511 old_map = hc->new_map; 1512 hc->new_map = t; 1513 up_write(&_hash_lock); 1514 1515 param->flags |= DM_INACTIVE_PRESENT_FLAG; 1516 __dev_status(md, param); 1517 1518 if (old_map) { 1519 dm_sync_table(md); 1520 dm_table_destroy(old_map); 1521 } 1522 1523 dm_put(md); 1524 1525 return 0; 1526 1527 err_unlock_md_type: 1528 dm_unlock_md_type(md); 1529 err_destroy_table: 1530 dm_table_destroy(t); 1531 err: 1532 dm_put(md); 1533 1534 return r; 1535 } 1536 1537 static int table_clear(struct file *filp, struct dm_ioctl *param, size_t param_size) 1538 { 1539 struct hash_cell *hc; 1540 struct mapped_device *md; 1541 struct dm_table *old_map = NULL; 1542 bool has_new_map = false; 1543 1544 down_write(&_hash_lock); 1545 1546 hc = __find_device_hash_cell(param); 1547 if (!hc) { 1548 DMDEBUG_LIMIT("device doesn't appear to be in the dev hash table."); 1549 up_write(&_hash_lock); 1550 return -ENXIO; 1551 } 1552 1553 if (hc->new_map) { 1554 old_map = hc->new_map; 1555 hc->new_map = NULL; 1556 has_new_map = true; 1557 } 1558 1559 param->flags &= ~DM_INACTIVE_PRESENT_FLAG; 1560 1561 __dev_status(hc->md, param); 1562 md = hc->md; 1563 up_write(&_hash_lock); 1564 if (old_map) { 1565 dm_sync_table(md); 1566 dm_table_destroy(old_map); 1567 } 1568 dm_ima_measure_on_table_clear(md, has_new_map); 1569 dm_put(md); 1570 1571 return 0; 1572 } 1573 1574 /* 1575 * Retrieves a list of devices used by a particular dm device. 1576 */ 1577 static void retrieve_deps(struct dm_table *table, 1578 struct dm_ioctl *param, size_t param_size) 1579 { 1580 unsigned int count = 0; 1581 struct list_head *tmp; 1582 size_t len, needed; 1583 struct dm_dev_internal *dd; 1584 struct dm_target_deps *deps; 1585 1586 deps = get_result_buffer(param, param_size, &len); 1587 1588 /* 1589 * Count the devices. 1590 */ 1591 list_for_each(tmp, dm_table_get_devices(table)) 1592 count++; 1593 1594 /* 1595 * Check we have enough space. 1596 */ 1597 needed = struct_size(deps, dev, count); 1598 if (len < needed) { 1599 param->flags |= DM_BUFFER_FULL_FLAG; 1600 return; 1601 } 1602 1603 /* 1604 * Fill in the devices. 1605 */ 1606 deps->count = count; 1607 count = 0; 1608 list_for_each_entry(dd, dm_table_get_devices(table), list) 1609 deps->dev[count++] = huge_encode_dev(dd->dm_dev->bdev->bd_dev); 1610 1611 param->data_size = param->data_start + needed; 1612 } 1613 1614 static int table_deps(struct file *filp, struct dm_ioctl *param, size_t param_size) 1615 { 1616 struct mapped_device *md; 1617 struct dm_table *table; 1618 int srcu_idx; 1619 1620 md = find_device(param); 1621 if (!md) 1622 return -ENXIO; 1623 1624 __dev_status(md, param); 1625 1626 table = dm_get_live_or_inactive_table(md, param, &srcu_idx); 1627 if (table) 1628 retrieve_deps(table, param, param_size); 1629 dm_put_live_table(md, srcu_idx); 1630 1631 dm_put(md); 1632 1633 return 0; 1634 } 1635 1636 /* 1637 * Return the status of a device as a text string for each 1638 * target. 1639 */ 1640 static int table_status(struct file *filp, struct dm_ioctl *param, size_t param_size) 1641 { 1642 struct mapped_device *md; 1643 struct dm_table *table; 1644 int srcu_idx; 1645 1646 md = find_device(param); 1647 if (!md) 1648 return -ENXIO; 1649 1650 __dev_status(md, param); 1651 1652 table = dm_get_live_or_inactive_table(md, param, &srcu_idx); 1653 if (table) 1654 retrieve_status(table, param, param_size); 1655 dm_put_live_table(md, srcu_idx); 1656 1657 dm_put(md); 1658 1659 return 0; 1660 } 1661 1662 /* 1663 * Process device-mapper dependent messages. Messages prefixed with '@' 1664 * are processed by the DM core. All others are delivered to the target. 1665 * Returns a number <= 1 if message was processed by device mapper. 1666 * Returns 2 if message should be delivered to the target. 1667 */ 1668 static int message_for_md(struct mapped_device *md, unsigned int argc, char **argv, 1669 char *result, unsigned int maxlen) 1670 { 1671 int r; 1672 1673 if (**argv != '@') 1674 return 2; /* no '@' prefix, deliver to target */ 1675 1676 if (!strcasecmp(argv[0], "@cancel_deferred_remove")) { 1677 if (argc != 1) { 1678 DMERR("Invalid arguments for @cancel_deferred_remove"); 1679 return -EINVAL; 1680 } 1681 return dm_cancel_deferred_remove(md); 1682 } 1683 1684 r = dm_stats_message(md, argc, argv, result, maxlen); 1685 if (r < 2) 1686 return r; 1687 1688 DMERR("Unsupported message sent to DM core: %s", argv[0]); 1689 return -EINVAL; 1690 } 1691 1692 /* 1693 * Pass a message to the target that's at the supplied device offset. 1694 */ 1695 static int target_message(struct file *filp, struct dm_ioctl *param, size_t param_size) 1696 { 1697 int r, argc; 1698 char **argv; 1699 struct mapped_device *md; 1700 struct dm_table *table; 1701 struct dm_target *ti; 1702 struct dm_target_msg *tmsg = (void *) param + param->data_start; 1703 size_t maxlen; 1704 char *result = get_result_buffer(param, param_size, &maxlen); 1705 int srcu_idx; 1706 1707 md = find_device(param); 1708 if (!md) 1709 return -ENXIO; 1710 1711 if (tmsg < (struct dm_target_msg *) param->data || 1712 invalid_str(tmsg->message, (void *) param + param_size)) { 1713 DMERR("Invalid target message parameters."); 1714 r = -EINVAL; 1715 goto out; 1716 } 1717 1718 r = dm_split_args(&argc, &argv, tmsg->message); 1719 if (r) { 1720 DMERR("Failed to split target message parameters"); 1721 goto out; 1722 } 1723 1724 if (!argc) { 1725 DMERR("Empty message received."); 1726 r = -EINVAL; 1727 goto out_argv; 1728 } 1729 1730 r = message_for_md(md, argc, argv, result, maxlen); 1731 if (r <= 1) 1732 goto out_argv; 1733 1734 table = dm_get_live_table(md, &srcu_idx); 1735 if (!table) 1736 goto out_table; 1737 1738 if (dm_deleting_md(md)) { 1739 r = -ENXIO; 1740 goto out_table; 1741 } 1742 1743 ti = dm_table_find_target(table, tmsg->sector); 1744 if (!ti) { 1745 DMERR("Target message sector outside device."); 1746 r = -EINVAL; 1747 } else if (ti->type->message) 1748 r = ti->type->message(ti, argc, argv, result, maxlen); 1749 else { 1750 DMERR("Target type does not support messages"); 1751 r = -EINVAL; 1752 } 1753 1754 out_table: 1755 dm_put_live_table(md, srcu_idx); 1756 out_argv: 1757 kfree(argv); 1758 out: 1759 if (r >= 0) 1760 __dev_status(md, param); 1761 1762 if (r == 1) { 1763 param->flags |= DM_DATA_OUT_FLAG; 1764 if (dm_message_test_buffer_overflow(result, maxlen)) 1765 param->flags |= DM_BUFFER_FULL_FLAG; 1766 else 1767 param->data_size = param->data_start + strlen(result) + 1; 1768 r = 0; 1769 } 1770 1771 dm_put(md); 1772 return r; 1773 } 1774 1775 /* 1776 * The ioctl parameter block consists of two parts, a dm_ioctl struct 1777 * followed by a data buffer. This flag is set if the second part, 1778 * which has a variable size, is not used by the function processing 1779 * the ioctl. 1780 */ 1781 #define IOCTL_FLAGS_NO_PARAMS 1 1782 #define IOCTL_FLAGS_ISSUE_GLOBAL_EVENT 2 1783 1784 /* 1785 *--------------------------------------------------------------- 1786 * Implementation of open/close/ioctl on the special char device. 1787 *--------------------------------------------------------------- 1788 */ 1789 static ioctl_fn lookup_ioctl(unsigned int cmd, int *ioctl_flags) 1790 { 1791 static const struct { 1792 int cmd; 1793 int flags; 1794 ioctl_fn fn; 1795 } _ioctls[] = { 1796 {DM_VERSION_CMD, 0, NULL}, /* version is dealt with elsewhere */ 1797 {DM_REMOVE_ALL_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, remove_all}, 1798 {DM_LIST_DEVICES_CMD, 0, list_devices}, 1799 1800 {DM_DEV_CREATE_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_create}, 1801 {DM_DEV_REMOVE_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_remove}, 1802 {DM_DEV_RENAME_CMD, IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_rename}, 1803 {DM_DEV_SUSPEND_CMD, IOCTL_FLAGS_NO_PARAMS, dev_suspend}, 1804 {DM_DEV_STATUS_CMD, IOCTL_FLAGS_NO_PARAMS, dev_status}, 1805 {DM_DEV_WAIT_CMD, 0, dev_wait}, 1806 1807 {DM_TABLE_LOAD_CMD, 0, table_load}, 1808 {DM_TABLE_CLEAR_CMD, IOCTL_FLAGS_NO_PARAMS, table_clear}, 1809 {DM_TABLE_DEPS_CMD, 0, table_deps}, 1810 {DM_TABLE_STATUS_CMD, 0, table_status}, 1811 1812 {DM_LIST_VERSIONS_CMD, 0, list_versions}, 1813 1814 {DM_TARGET_MSG_CMD, 0, target_message}, 1815 {DM_DEV_SET_GEOMETRY_CMD, 0, dev_set_geometry}, 1816 {DM_DEV_ARM_POLL_CMD, IOCTL_FLAGS_NO_PARAMS, dev_arm_poll}, 1817 {DM_GET_TARGET_VERSION_CMD, 0, get_target_version}, 1818 }; 1819 1820 if (unlikely(cmd >= ARRAY_SIZE(_ioctls))) 1821 return NULL; 1822 1823 cmd = array_index_nospec(cmd, ARRAY_SIZE(_ioctls)); 1824 *ioctl_flags = _ioctls[cmd].flags; 1825 return _ioctls[cmd].fn; 1826 } 1827 1828 /* 1829 * As well as checking the version compatibility this always 1830 * copies the kernel interface version out. 1831 */ 1832 static int check_version(unsigned int cmd, struct dm_ioctl __user *user) 1833 { 1834 uint32_t version[3]; 1835 int r = 0; 1836 1837 if (copy_from_user(version, user->version, sizeof(version))) 1838 return -EFAULT; 1839 1840 if ((version[0] != DM_VERSION_MAJOR) || 1841 (version[1] > DM_VERSION_MINOR)) { 1842 DMERR("ioctl interface mismatch: kernel(%u.%u.%u), user(%u.%u.%u), cmd(%d)", 1843 DM_VERSION_MAJOR, DM_VERSION_MINOR, 1844 DM_VERSION_PATCHLEVEL, 1845 version[0], version[1], version[2], cmd); 1846 r = -EINVAL; 1847 } 1848 1849 /* 1850 * Fill in the kernel version. 1851 */ 1852 version[0] = DM_VERSION_MAJOR; 1853 version[1] = DM_VERSION_MINOR; 1854 version[2] = DM_VERSION_PATCHLEVEL; 1855 if (copy_to_user(user->version, version, sizeof(version))) 1856 return -EFAULT; 1857 1858 return r; 1859 } 1860 1861 #define DM_PARAMS_MALLOC 0x0001 /* Params allocated with kvmalloc() */ 1862 #define DM_WIPE_BUFFER 0x0010 /* Wipe input buffer before returning from ioctl */ 1863 1864 static void free_params(struct dm_ioctl *param, size_t param_size, int param_flags) 1865 { 1866 if (param_flags & DM_WIPE_BUFFER) 1867 memset(param, 0, param_size); 1868 1869 if (param_flags & DM_PARAMS_MALLOC) 1870 kvfree(param); 1871 } 1872 1873 static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kernel, 1874 int ioctl_flags, struct dm_ioctl **param, int *param_flags) 1875 { 1876 struct dm_ioctl *dmi; 1877 int secure_data; 1878 const size_t minimum_data_size = offsetof(struct dm_ioctl, data); 1879 unsigned int noio_flag; 1880 1881 if (copy_from_user(param_kernel, user, minimum_data_size)) 1882 return -EFAULT; 1883 1884 if (param_kernel->data_size < minimum_data_size) { 1885 DMERR("Invalid data size in the ioctl structure: %u", 1886 param_kernel->data_size); 1887 return -EINVAL; 1888 } 1889 1890 secure_data = param_kernel->flags & DM_SECURE_DATA_FLAG; 1891 1892 *param_flags = secure_data ? DM_WIPE_BUFFER : 0; 1893 1894 if (ioctl_flags & IOCTL_FLAGS_NO_PARAMS) { 1895 dmi = param_kernel; 1896 dmi->data_size = minimum_data_size; 1897 goto data_copied; 1898 } 1899 1900 /* 1901 * Use __GFP_HIGH to avoid low memory issues when a device is 1902 * suspended and the ioctl is needed to resume it. 1903 * Use kmalloc() rather than vmalloc() when we can. 1904 */ 1905 dmi = NULL; 1906 noio_flag = memalloc_noio_save(); 1907 dmi = kvmalloc(param_kernel->data_size, GFP_KERNEL | __GFP_HIGH); 1908 memalloc_noio_restore(noio_flag); 1909 1910 if (!dmi) { 1911 if (secure_data && clear_user(user, param_kernel->data_size)) 1912 return -EFAULT; 1913 return -ENOMEM; 1914 } 1915 1916 *param_flags |= DM_PARAMS_MALLOC; 1917 1918 /* Copy from param_kernel (which was already copied from user) */ 1919 memcpy(dmi, param_kernel, minimum_data_size); 1920 1921 if (copy_from_user(&dmi->data, (char __user *)user + minimum_data_size, 1922 param_kernel->data_size - minimum_data_size)) 1923 goto bad; 1924 data_copied: 1925 /* Wipe the user buffer so we do not return it to userspace */ 1926 if (secure_data && clear_user(user, param_kernel->data_size)) 1927 goto bad; 1928 1929 *param = dmi; 1930 return 0; 1931 1932 bad: 1933 free_params(dmi, param_kernel->data_size, *param_flags); 1934 1935 return -EFAULT; 1936 } 1937 1938 static int validate_params(uint cmd, struct dm_ioctl *param) 1939 { 1940 /* Always clear this flag */ 1941 param->flags &= ~DM_BUFFER_FULL_FLAG; 1942 param->flags &= ~DM_UEVENT_GENERATED_FLAG; 1943 param->flags &= ~DM_SECURE_DATA_FLAG; 1944 param->flags &= ~DM_DATA_OUT_FLAG; 1945 1946 /* Ignores parameters */ 1947 if (cmd == DM_REMOVE_ALL_CMD || 1948 cmd == DM_LIST_DEVICES_CMD || 1949 cmd == DM_LIST_VERSIONS_CMD) 1950 return 0; 1951 1952 if (cmd == DM_DEV_CREATE_CMD) { 1953 if (!*param->name) { 1954 DMERR("name not supplied when creating device"); 1955 return -EINVAL; 1956 } 1957 } else if (*param->uuid && *param->name) { 1958 DMERR("only supply one of name or uuid, cmd(%u)", cmd); 1959 return -EINVAL; 1960 } 1961 1962 /* Ensure strings are terminated */ 1963 param->name[DM_NAME_LEN - 1] = '\0'; 1964 param->uuid[DM_UUID_LEN - 1] = '\0'; 1965 1966 return 0; 1967 } 1968 1969 static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *user) 1970 { 1971 int r = 0; 1972 int ioctl_flags; 1973 int param_flags; 1974 unsigned int cmd; 1975 struct dm_ioctl *param; 1976 ioctl_fn fn = NULL; 1977 size_t input_param_size; 1978 struct dm_ioctl param_kernel; 1979 1980 /* only root can play with this */ 1981 if (!capable(CAP_SYS_ADMIN)) 1982 return -EACCES; 1983 1984 if (_IOC_TYPE(command) != DM_IOCTL) 1985 return -ENOTTY; 1986 1987 cmd = _IOC_NR(command); 1988 1989 /* 1990 * Check the interface version passed in. This also 1991 * writes out the kernel's interface version. 1992 */ 1993 r = check_version(cmd, user); 1994 if (r) 1995 return r; 1996 1997 /* 1998 * Nothing more to do for the version command. 1999 */ 2000 if (cmd == DM_VERSION_CMD) 2001 return 0; 2002 2003 fn = lookup_ioctl(cmd, &ioctl_flags); 2004 if (!fn) { 2005 DMERR("dm_ctl_ioctl: unknown command 0x%x", command); 2006 return -ENOTTY; 2007 } 2008 2009 /* 2010 * Copy the parameters into kernel space. 2011 */ 2012 r = copy_params(user, ¶m_kernel, ioctl_flags, ¶m, ¶m_flags); 2013 2014 if (r) 2015 return r; 2016 2017 input_param_size = param->data_size; 2018 r = validate_params(cmd, param); 2019 if (r) 2020 goto out; 2021 2022 param->data_size = offsetof(struct dm_ioctl, data); 2023 r = fn(file, param, input_param_size); 2024 2025 if (unlikely(param->flags & DM_BUFFER_FULL_FLAG) && 2026 unlikely(ioctl_flags & IOCTL_FLAGS_NO_PARAMS)) 2027 DMERR("ioctl %d tried to output some data but has IOCTL_FLAGS_NO_PARAMS set", cmd); 2028 2029 if (!r && ioctl_flags & IOCTL_FLAGS_ISSUE_GLOBAL_EVENT) 2030 dm_issue_global_event(); 2031 2032 /* 2033 * Copy the results back to userland. 2034 */ 2035 if (!r && copy_to_user(user, param, param->data_size)) 2036 r = -EFAULT; 2037 2038 out: 2039 free_params(param, input_param_size, param_flags); 2040 return r; 2041 } 2042 2043 static long dm_ctl_ioctl(struct file *file, uint command, ulong u) 2044 { 2045 return (long)ctl_ioctl(file, command, (struct dm_ioctl __user *)u); 2046 } 2047 2048 #ifdef CONFIG_COMPAT 2049 static long dm_compat_ctl_ioctl(struct file *file, uint command, ulong u) 2050 { 2051 return (long)dm_ctl_ioctl(file, command, (ulong) compat_ptr(u)); 2052 } 2053 #else 2054 #define dm_compat_ctl_ioctl NULL 2055 #endif 2056 2057 static int dm_open(struct inode *inode, struct file *filp) 2058 { 2059 int r; 2060 struct dm_file *priv; 2061 2062 r = nonseekable_open(inode, filp); 2063 if (unlikely(r)) 2064 return r; 2065 2066 priv = filp->private_data = kmalloc(sizeof(struct dm_file), GFP_KERNEL); 2067 if (!priv) 2068 return -ENOMEM; 2069 2070 priv->global_event_nr = atomic_read(&dm_global_event_nr); 2071 2072 return 0; 2073 } 2074 2075 static int dm_release(struct inode *inode, struct file *filp) 2076 { 2077 kfree(filp->private_data); 2078 return 0; 2079 } 2080 2081 static __poll_t dm_poll(struct file *filp, poll_table *wait) 2082 { 2083 struct dm_file *priv = filp->private_data; 2084 __poll_t mask = 0; 2085 2086 poll_wait(filp, &dm_global_eventq, wait); 2087 2088 if ((int)(atomic_read(&dm_global_event_nr) - priv->global_event_nr) > 0) 2089 mask |= EPOLLIN; 2090 2091 return mask; 2092 } 2093 2094 static const struct file_operations _ctl_fops = { 2095 .open = dm_open, 2096 .release = dm_release, 2097 .poll = dm_poll, 2098 .unlocked_ioctl = dm_ctl_ioctl, 2099 .compat_ioctl = dm_compat_ctl_ioctl, 2100 .owner = THIS_MODULE, 2101 .llseek = noop_llseek, 2102 }; 2103 2104 static struct miscdevice _dm_misc = { 2105 .minor = MAPPER_CTRL_MINOR, 2106 .name = DM_NAME, 2107 .nodename = DM_DIR "/" DM_CONTROL_NODE, 2108 .fops = &_ctl_fops 2109 }; 2110 2111 MODULE_ALIAS_MISCDEV(MAPPER_CTRL_MINOR); 2112 MODULE_ALIAS("devname:" DM_DIR "/" DM_CONTROL_NODE); 2113 2114 /* 2115 * Create misc character device and link to DM_DIR/control. 2116 */ 2117 int __init dm_interface_init(void) 2118 { 2119 int r; 2120 2121 r = misc_register(&_dm_misc); 2122 if (r) { 2123 DMERR("misc_register failed for control device"); 2124 return r; 2125 } 2126 2127 DMINFO("%d.%d.%d%s initialised: %s", DM_VERSION_MAJOR, 2128 DM_VERSION_MINOR, DM_VERSION_PATCHLEVEL, DM_VERSION_EXTRA, 2129 DM_DRIVER_EMAIL); 2130 return 0; 2131 } 2132 2133 void dm_interface_exit(void) 2134 { 2135 misc_deregister(&_dm_misc); 2136 dm_hash_exit(); 2137 } 2138 2139 /** 2140 * dm_copy_name_and_uuid - Copy mapped device name & uuid into supplied buffers 2141 * @md: Pointer to mapped_device 2142 * @name: Buffer (size DM_NAME_LEN) for name 2143 * @uuid: Buffer (size DM_UUID_LEN) for uuid or empty string if uuid not defined 2144 */ 2145 int dm_copy_name_and_uuid(struct mapped_device *md, char *name, char *uuid) 2146 { 2147 int r = 0; 2148 struct hash_cell *hc; 2149 2150 if (!md) 2151 return -ENXIO; 2152 2153 mutex_lock(&dm_hash_cells_mutex); 2154 hc = dm_get_mdptr(md); 2155 if (!hc) { 2156 r = -ENXIO; 2157 goto out; 2158 } 2159 2160 if (name) 2161 strcpy(name, hc->name); 2162 if (uuid) 2163 strcpy(uuid, hc->uuid ? : ""); 2164 2165 out: 2166 mutex_unlock(&dm_hash_cells_mutex); 2167 2168 return r; 2169 } 2170 EXPORT_SYMBOL_GPL(dm_copy_name_and_uuid); 2171 2172 /** 2173 * dm_early_create - create a mapped device in early boot. 2174 * 2175 * @dmi: Contains main information of the device mapping to be created. 2176 * @spec_array: array of pointers to struct dm_target_spec. Describes the 2177 * mapping table of the device. 2178 * @target_params_array: array of strings with the parameters to a specific 2179 * target. 2180 * 2181 * Instead of having the struct dm_target_spec and the parameters for every 2182 * target embedded at the end of struct dm_ioctl (as performed in a normal 2183 * ioctl), pass them as arguments, so the caller doesn't need to serialize them. 2184 * The size of the spec_array and target_params_array is given by 2185 * @dmi->target_count. 2186 * This function is supposed to be called in early boot, so locking mechanisms 2187 * to protect against concurrent loads are not required. 2188 */ 2189 int __init dm_early_create(struct dm_ioctl *dmi, 2190 struct dm_target_spec **spec_array, 2191 char **target_params_array) 2192 { 2193 int r, m = DM_ANY_MINOR; 2194 struct dm_table *t, *old_map; 2195 struct mapped_device *md; 2196 unsigned int i; 2197 2198 if (!dmi->target_count) 2199 return -EINVAL; 2200 2201 r = check_name(dmi->name); 2202 if (r) 2203 return r; 2204 2205 if (dmi->flags & DM_PERSISTENT_DEV_FLAG) 2206 m = MINOR(huge_decode_dev(dmi->dev)); 2207 2208 /* alloc dm device */ 2209 r = dm_create(m, &md); 2210 if (r) 2211 return r; 2212 2213 /* hash insert */ 2214 r = dm_hash_insert(dmi->name, *dmi->uuid ? dmi->uuid : NULL, md); 2215 if (r) 2216 goto err_destroy_dm; 2217 2218 /* alloc table */ 2219 r = dm_table_create(&t, get_mode(dmi), dmi->target_count, md); 2220 if (r) 2221 goto err_hash_remove; 2222 2223 /* add targets */ 2224 for (i = 0; i < dmi->target_count; i++) { 2225 r = dm_table_add_target(t, spec_array[i]->target_type, 2226 (sector_t) spec_array[i]->sector_start, 2227 (sector_t) spec_array[i]->length, 2228 target_params_array[i]); 2229 if (r) { 2230 DMERR("error adding target to table"); 2231 goto err_destroy_table; 2232 } 2233 } 2234 2235 /* finish table */ 2236 r = dm_table_complete(t); 2237 if (r) 2238 goto err_destroy_table; 2239 2240 /* setup md->queue to reflect md's type (may block) */ 2241 r = dm_setup_md_queue(md, t); 2242 if (r) { 2243 DMERR("unable to set up device queue for new table."); 2244 goto err_destroy_table; 2245 } 2246 2247 /* Set new map */ 2248 dm_suspend(md, 0); 2249 old_map = dm_swap_table(md, t); 2250 if (IS_ERR(old_map)) { 2251 r = PTR_ERR(old_map); 2252 goto err_destroy_table; 2253 } 2254 set_disk_ro(dm_disk(md), !!(dmi->flags & DM_READONLY_FLAG)); 2255 2256 /* resume device */ 2257 r = dm_resume(md); 2258 if (r) 2259 goto err_destroy_table; 2260 2261 DMINFO("%s (%s) is ready", md->disk->disk_name, dmi->name); 2262 dm_put(md); 2263 return 0; 2264 2265 err_destroy_table: 2266 dm_table_destroy(t); 2267 err_hash_remove: 2268 down_write(&_hash_lock); 2269 (void) __hash_remove(__get_name_cell(dmi->name)); 2270 up_write(&_hash_lock); 2271 /* release reference from __get_name_cell */ 2272 dm_put(md); 2273 err_destroy_dm: 2274 dm_put(md); 2275 dm_destroy(md); 2276 return r; 2277 } 2278