loop-util: track CLOCK_MONOTONIC timestamp immediately before attaching a loopback device

This is similar to the preceding work to store the uevent seqnum, but this stores the CLOCK_MONOTONIC timestamp. Why? This allows to validate udev database entries, to determine if they were created *after* we attached the device. The uevent seqnum logic allows us to validate uevent, and the timestamp database entries, hence together we should be able to validate both sources of truth for us. (note that this is all racy, just a bit less racy, since we cannot atomically attach loopback devices and get the timestamp for it, the same way we can't get the uevent seqnum. Thus is shortens the race window, but doesn#t close it).
2025-03-21 02:50:18 +03:00 · 2021-04-20 16:08:43 +02:00 · 2021-04-20 16:08:43 +02:00 · 8ede1e86b2
commit 8ede1e86b2
parent 8626b43be4
2 changed files with 16 additions and 2 deletions
--- a/src/shared/loop-util.c
+++ b/src/shared/loop-util.c
@ -132,12 +132,14 @@ static int loop_configure(
                int nr,
                const struct loop_config *c,
                bool *try_loop_configure,
-                uint64_t *ret_seqnum_not_before) {
+                uint64_t *ret_seqnum_not_before,
+                usec_t *ret_timestamp_not_before) {

        _cleanup_(sd_device_unrefp) sd_device *d = NULL;
        _cleanup_free_ char *sysname = NULL;
        _cleanup_close_ int lock_fd = -1;
        uint64_t seqnum;
+        usec_t timestamp;
        int r;

        assert(fd >= 0);
@ -195,6 +197,7 @@ static int loop_configure(
                r = get_current_uevent_seqnum(&seqnum);
                if (r < 0)
                        return r;
+                timestamp = now(CLOCK_MONOTONIC);

                if (ioctl(fd, LOOP_CONFIGURE, c) < 0) {
                        /* Do fallback only if LOOP_CONFIGURE is not supported, propagate all other
@ -255,6 +258,8 @@ static int loop_configure(

                        if (ret_seqnum_not_before)
                                *ret_seqnum_not_before = seqnum;
+                        if (ret_timestamp_not_before)
+                                *ret_timestamp_not_before = timestamp;

                        return 0;
                }
@ -264,6 +269,7 @@ static int loop_configure(
        r = get_current_uevent_seqnum(&seqnum);
        if (r < 0)
                return r;
+        timestamp = now(CLOCK_MONOTONIC);

        /* Since kernel commit 5db470e229e22b7eda6e23b5566e532c96fb5bc3 (kernel v5.0) the LOOP_SET_STATUS64
         * ioctl can return EAGAIN in case we change the lo_offset field, if someone else is accessing the
@ -294,6 +300,8 @@ static int loop_configure(

        if (ret_seqnum_not_before)
                *ret_seqnum_not_before = seqnum;
+        if (ret_timestamp_not_before)
+                *ret_timestamp_not_before = timestamp;

        return 0;

@ -353,6 +361,7 @@ int loop_device_make(
        struct loop_config config;
        LoopDevice *d = NULL;
        uint64_t seqnum = UINT64_MAX;
+        usec_t timestamp = USEC_INFINITY;
        struct stat st;
        int nr = -1, r;

@ -396,6 +405,7 @@ int loop_device_make(
                                .relinquished = true, /* It's not allocated by us, don't destroy it when this object is freed */
                                .devno = st.st_rdev,
                                .uevent_seqnum_not_before = UINT64_MAX,
+                                .timestamp_not_before = USEC_INFINITY,
                        };

                        *ret = d;
@ -443,7 +453,7 @@ int loop_device_make(
                        if (!IN_SET(errno, ENOENT, ENXIO))
                                return -errno;
                } else {
-                        r = loop_configure(loop, nr, &config, &try_loop_configure, &seqnum);
+                        r = loop_configure(loop, nr, &config, &try_loop_configure, &seqnum, &timestamp);
                        if (r >= 0) {
                                loop_with_fd = TAKE_FD(loop);
                                break;
@ -481,6 +491,7 @@ int loop_device_make(
                .nr = nr,
                .devno = st.st_rdev,
                .uevent_seqnum_not_before = seqnum,
+                .timestamp_not_before = timestamp,
        };

        *ret = d;
@ -617,6 +628,7 @@ int loop_device_open(const char *loop_path, int open_flags, LoopDevice **ret) {
                .relinquished = true, /* It's not ours, don't try to destroy it when this object is freed */
                .devno = st.st_dev,
                .uevent_seqnum_not_before = UINT64_MAX,
+                .timestamp_not_before = USEC_INFINITY,
        };

        *ret = d;
--- a/src/shared/loop-util.h
+++ b/src/shared/loop-util.h
@ -2,6 +2,7 @@
 #pragma once

 #include "macro.h"
+#include "time-util.h"

 typedef struct LoopDevice LoopDevice;

@ -14,6 +15,7 @@ struct LoopDevice {
        char *node;
        bool relinquished;
        uint64_t uevent_seqnum_not_before; /* uevent sequm right before we attached the loopback device, or UINT64_MAX if we don't know */
+        usec_t timestamp_not_before; /* CLOCK_MONOTONIC timestamp taken immediately before attaching the loopback device, or USEC_INFINITY if we don't know */
 };

 int loop_device_make(int fd, int open_flags, uint64_t offset, uint64_t size, uint32_t loop_flags, LoopDevice **ret);