shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-09 01:18:19 +03:00
Code

Merge pull request #24749 from yuwata/dissect-image-file

Browse Source 
dissect-image: introduce dissect_image_file() which works for regular file instead of block device
This commit is contained in:
Luca Boccassi 2022-09-30 20:02:19 +01:00 committed by GitHub
commit e2ee0c0327
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 186 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
mkosi.default.d/debian/10-mkosi.debian
View File

@ -10,6 +10,7 @@ Release=testing
[Content]
Packages=
cryptsetup-bin
fdisk
iproute2
isc-dhcp-server
libbpf0

1
mkosi.default.d/ubuntu/10-mkosi.ubuntu
View File

@ -11,6 +11,7 @@ Repositories=main,universe
[Content]
Packages=
cryptsetup-bin
fdisk
iproute2
isc-dhcp-server
libbpf0

143
src/shared/dissect-image.c
View File

@ -126,6 +126,38 @@ not_found:
}
#if HAVE_BLKID
static int dissected_image_probe_filesystem(DissectedImage *m) {
int r;
assert(m);
/* Fill in file system types if we don't know them yet. */
for (PartitionDesignator i = 0; i < _PARTITION_DESIGNATOR_MAX; i++) {
DissectedPartition *p = m->partitions + i;
if (!p->found)
continue;
if (!p->fstype && p->node) {
r = probe_filesystem(p->node, &p->fstype);
if (r < 0 && r != -EUCLEAN)
return r;
}
if (streq_ptr(p->fstype, "crypto_LUKS"))
m->encrypted = true;
if (p->fstype && fstype_is_ro(p->fstype))
p->rw = false;
if (!p->rw)
p->growfs = false;
}
return 0;
}
static void check_partition_flags(
const char *node,
unsigned long long pflags,
@ -231,24 +263,20 @@ static int make_partition_devname(
return asprintf(ret, "%s%s%i", whole_devname, need_p ? "p" : "", nr);
}
#endif
int dissect_image(
static int dissect_image(
DissectedImage *m,
int fd,
const char *devname,
const char *image_path,
const VeritySettings *verity,
const MountOptions *mount_options,
DissectImageFlags flags,
DissectedImage **ret) {
DissectImageFlags flags) {
#if HAVE_BLKID
sd_id128_t root_uuid = SD_ID128_NULL, root_verity_uuid = SD_ID128_NULL;
sd_id128_t usr_uuid = SD_ID128_NULL, usr_verity_uuid = SD_ID128_NULL;
bool is_gpt, is_mbr, multiple_generic = false,
generic_rw = false, /* initialize to appease gcc */
generic_growfs = false;
_cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
_cleanup_(blkid_free_probep) blkid_probe b = NULL;
_cleanup_free_ char *generic_node = NULL;
sd_id128_t generic_uuid = SD_ID128_NULL;
@ -256,9 +284,9 @@ int dissect_image(
blkid_partlist pl;
int r, generic_nr = -1, n_partitions;
assert(m);
assert(fd >= 0);
assert(devname);
assert(ret);
assert(!verity || verity->designator < 0 || IN_SET(verity->designator, PARTITION_ROOT, PARTITION_USR));
assert(!verity || verity->root_hash || verity->root_hash_size == 0);
assert(!verity || verity->root_hash_sig || verity->root_hash_sig_size == 0);
@ -326,10 +354,6 @@ int dissect_image(
if (r != 0)
return errno_or_else(EIO);
r = dissected_image_new(image_path, &m);
if (r < 0)
return r;
if ((!(flags & DISSECT_IMAGE_GPT_ONLY) &&
(flags & DISSECT_IMAGE_GENERIC_ROOT)) ||
(flags & DISSECT_IMAGE_NO_PARTITION_TABLE)) {
@ -386,7 +410,6 @@ int dissect_image(
.size = UINT64_MAX,
};
*ret = TAKE_PTR(m);
return 0;
}
}
@ -405,13 +428,15 @@ int dissect_image(
if (verity && verity->data_path)
return -EBADR;
/* Safety check: refuse block devices that carry a partition table but for which the kernel doesn't
* do partition scanning. */
r = blockdev_partscan_enabled(fd);
if (r < 0)
return r;
if (r == 0)
return -EPROTONOSUPPORT;
if (FLAGS_SET(flags, DISSECT_IMAGE_MANAGE_PARTITION_DEVICES)) {
/* Safety check: refuse block devices that carry a partition table but for which the kernel doesn't
* do partition scanning. */
r = blockdev_partscan_enabled(fd);
if (r < 0)
return r;
if (r == 0)
return -EPROTONOSUPPORT;
}
errno = 0;
pl = blkid_probe_get_partitions(b);
@ -472,14 +497,16 @@ int dissect_image(
* Kernel returns EBUSY if there's already a partition by that number or an overlapping
* partition already existent. */
r = block_device_add_partition(fd, node, nr, (uint64_t) start * 512, (uint64_t) size * 512);
if (r < 0) {
if (r != -EBUSY)
return log_debug_errno(r, "BLKPG_ADD_PARTITION failed: %m");
if (FLAGS_SET(flags, DISSECT_IMAGE_MANAGE_PARTITION_DEVICES)) {
r = block_device_add_partition(fd, node, nr, (uint64_t) start * 512, (uint64_t) size * 512);
if (r < 0) {
if (r != -EBUSY)
return log_debug_errno(r, "BLKPG_ADD_PARTITION failed: %m");
log_debug_errno(r, "Kernel was quicker than us in adding partition %i.", nr);
} else
log_debug("We were quicker than kernel in adding partition %i.", nr);
log_debug_errno(r, "Kernel was quicker than us in adding partition %i.", nr);
} else
log_debug("We were quicker than kernel in adding partition %i.", nr);
}
if (is_gpt) {
PartitionDesignator designator = _PARTITION_DESIGNATOR_INVALID;
@ -1105,31 +1132,41 @@ int dissect_image(
}
}
blkid_free_probe(b);
b = NULL;
return 0;
}
#endif
/* Fill in file system types if we don't know them yet. */
for (PartitionDesignator i = 0; i < _PARTITION_DESIGNATOR_MAX; i++) {
DissectedPartition *p = m->partitions + i;
int dissect_image_file(
const char *path,
const VeritySettings *verity,
const MountOptions *mount_options,
DissectImageFlags flags,
DissectedImage **ret) {
if (!p->found)
continue;
#if HAVE_BLKID
_cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
_cleanup_close_ int fd = -1;
int r;
if (!p->fstype && p->node) {
r = probe_filesystem(p->node, &p->fstype);
if (r < 0 && r != -EUCLEAN)
return r;
}
assert(path);
assert((flags & DISSECT_IMAGE_BLOCK_DEVICE) == 0);
assert(ret);
if (streq_ptr(p->fstype, "crypto_LUKS"))
m->encrypted = true;
fd = open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
if (fd < 0)
return -errno;
if (p->fstype && fstype_is_ro(p->fstype))
p->rw = false;
r = fd_verify_regular(fd);
if (r < 0)
return r;
if (!p->rw)
p->growfs = false;
}
r = dissected_image_new(path, &m);
if (r < 0)
return r;
r = dissect_image(m, fd, path, verity, mount_options, flags);
if (r < 0)
return r;
*ret = TAKE_PTR(m);
return 0;
@ -2854,20 +2891,32 @@ int dissect_loop_device(
DissectImageFlags flags,
DissectedImage **ret) {
#if HAVE_BLKID
_cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
int r;
assert(loop);
assert(ret);
r = dissect_image(loop->fd, loop->node, loop->backing_file ?: loop->node, verity, mount_options, flags, &m);
r = dissected_image_new(loop->backing_file ?: loop->node, &m);
if (r < 0)
return r;
m->loop = loop_device_ref(loop);
r = dissect_image(m, loop->fd, loop->node, verity, mount_options, flags | DISSECT_IMAGE_BLOCK_DEVICE);
if (r < 0)
return r;
r = dissected_image_probe_filesystem(m);
if (r < 0)
return r;
*ret = TAKE_PTR(m);
return 0;
#else
return -EOPNOTSUPP;
#endif
}
int dissect_loop_device_and_warn(

58
src/shared/dissect-image.h
View File

@ -181,31 +181,33 @@ static inline PartitionDesignator PARTITION_USR_OF_ARCH(Architecture arch) {
}
typedef enum DissectImageFlags {
DISSECT_IMAGE_DEVICE_READ_ONLY = 1 << 0, /* Make device read-only */
DISSECT_IMAGE_DISCARD_ON_LOOP = 1 << 1, /* Turn on "discard" if on a loop device and file system supports it */
DISSECT_IMAGE_DISCARD = 1 << 2, /* Turn on "discard" if file system supports it, on all block devices */
DISSECT_IMAGE_DISCARD_ON_CRYPTO = 1 << 3, /* Turn on "discard" also on crypto devices */
DISSECT_IMAGE_DISCARD_ANY = DISSECT_IMAGE_DISCARD_ON_LOOP |
DISSECT_IMAGE_DISCARD |
DISSECT_IMAGE_DISCARD_ON_CRYPTO,
DISSECT_IMAGE_GPT_ONLY = 1 << 4, /* Only recognize images with GPT partition tables */
DISSECT_IMAGE_GENERIC_ROOT = 1 << 5, /* If no partition table or only single generic partition, assume it's the root fs */
DISSECT_IMAGE_MOUNT_ROOT_ONLY = 1 << 6, /* Mount only the root and /usr partitions */
DISSECT_IMAGE_MOUNT_NON_ROOT_ONLY = 1 << 7, /* Mount only the non-root and non-/usr partitions */
DISSECT_IMAGE_VALIDATE_OS = 1 << 8, /* Refuse mounting images that aren't identifiable as OS images */
DISSECT_IMAGE_VALIDATE_OS_EXT = 1 << 9, /* Refuse mounting images that aren't identifiable as OS extension images */
DISSECT_IMAGE_RELAX_VAR_CHECK = 1 << 10, /* Don't insist that the UUID of /var is hashed from /etc/machine-id */
DISSECT_IMAGE_FSCK = 1 << 11, /* File system check the partition before mounting (no effect when combined with DISSECT_IMAGE_READ_ONLY) */
DISSECT_IMAGE_NO_PARTITION_TABLE = 1 << 12, /* Only recognize single file system images */
DISSECT_IMAGE_VERITY_SHARE = 1 << 13, /* When activating a verity device, reuse existing one if already open */
DISSECT_IMAGE_MKDIR = 1 << 14, /* Make top-level directory to mount right before mounting, if missing */
DISSECT_IMAGE_USR_NO_ROOT = 1 << 15, /* If no root fs is in the image, but /usr is, then allow this (so that we can mount the rootfs as tmpfs or so */
DISSECT_IMAGE_REQUIRE_ROOT = 1 << 16, /* Don't accept disks without root partition (or at least /usr partition if DISSECT_IMAGE_USR_NO_ROOT is set) */
DISSECT_IMAGE_MOUNT_READ_ONLY = 1 << 17, /* Make mounts read-only */
DISSECT_IMAGE_READ_ONLY = DISSECT_IMAGE_DEVICE_READ_ONLY |
DISSECT_IMAGE_MOUNT_READ_ONLY,
DISSECT_IMAGE_GROWFS = 1 << 18, /* Grow file systems in partitions marked for that to the size of the partitions after mount */
DISSECT_IMAGE_MOUNT_IDMAPPED = 1 << 19, /* Mount mounts with kernel 5.12-style userns ID mapping, if file system type doesn't support uid=/gid= */
DISSECT_IMAGE_DEVICE_READ_ONLY = 1 << 0, /* Make device read-only */
DISSECT_IMAGE_DISCARD_ON_LOOP = 1 << 1, /* Turn on "discard" if on a loop device and file system supports it */
DISSECT_IMAGE_DISCARD = 1 << 2, /* Turn on "discard" if file system supports it, on all block devices */
DISSECT_IMAGE_DISCARD_ON_CRYPTO = 1 << 3, /* Turn on "discard" also on crypto devices */
DISSECT_IMAGE_DISCARD_ANY = DISSECT_IMAGE_DISCARD_ON_LOOP |
DISSECT_IMAGE_DISCARD |
DISSECT_IMAGE_DISCARD_ON_CRYPTO,
DISSECT_IMAGE_GPT_ONLY = 1 << 4, /* Only recognize images with GPT partition tables */
DISSECT_IMAGE_GENERIC_ROOT = 1 << 5, /* If no partition table or only single generic partition, assume it's the root fs */
DISSECT_IMAGE_MOUNT_ROOT_ONLY = 1 << 6, /* Mount only the root and /usr partitions */
DISSECT_IMAGE_MOUNT_NON_ROOT_ONLY = 1 << 7, /* Mount only the non-root and non-/usr partitions */
DISSECT_IMAGE_VALIDATE_OS = 1 << 8, /* Refuse mounting images that aren't identifiable as OS images */
DISSECT_IMAGE_VALIDATE_OS_EXT = 1 << 9, /* Refuse mounting images that aren't identifiable as OS extension images */
DISSECT_IMAGE_RELAX_VAR_CHECK = 1 << 10, /* Don't insist that the UUID of /var is hashed from /etc/machine-id */
DISSECT_IMAGE_FSCK = 1 << 11, /* File system check the partition before mounting (no effect when combined with DISSECT_IMAGE_READ_ONLY) */
DISSECT_IMAGE_NO_PARTITION_TABLE = 1 << 12, /* Only recognize single file system images */
DISSECT_IMAGE_VERITY_SHARE = 1 << 13, /* When activating a verity device, reuse existing one if already open */
DISSECT_IMAGE_MKDIR = 1 << 14, /* Make top-level directory to mount right before mounting, if missing */
DISSECT_IMAGE_USR_NO_ROOT = 1 << 15, /* If no root fs is in the image, but /usr is, then allow this (so that we can mount the rootfs as tmpfs or so */
DISSECT_IMAGE_REQUIRE_ROOT = 1 << 16, /* Don't accept disks without root partition (or at least /usr partition if DISSECT_IMAGE_USR_NO_ROOT is set) */
DISSECT_IMAGE_MOUNT_READ_ONLY = 1 << 17, /* Make mounts read-only */
DISSECT_IMAGE_READ_ONLY = DISSECT_IMAGE_DEVICE_READ_ONLY |
DISSECT_IMAGE_MOUNT_READ_ONLY,
DISSECT_IMAGE_GROWFS = 1 << 18, /* Grow file systems in partitions marked for that to the size of the partitions after mount */
DISSECT_IMAGE_MOUNT_IDMAPPED = 1 << 19, /* Mount mounts with kernel 5.12-style userns ID mapping, if file system type doesn't support uid=/gid= */
DISSECT_IMAGE_MANAGE_PARTITION_DEVICES = 1 << 20, /* Manage partition devices, e.g. probe each partition in more detail */
DISSECT_IMAGE_BLOCK_DEVICE = DISSECT_IMAGE_MANAGE_PARTITION_DEVICES,
} DissectImageFlags;
struct DissectedImage {
@ -261,10 +263,8 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(MountOptions*, mount_options_free_all);
const char* mount_options_from_designator(const MountOptions *options, PartitionDesignator designator);
int probe_filesystem(const char *node, char **ret_fstype);
int dissect_image(
int fd,
const char *devname,
const char *image_path,
int dissect_image_file(
const char *path,
const VeritySettings *verity,
const MountOptions *mount_options,
DissectImageFlags flags,

112
src/test/test-loop-block.c
View File

@ -6,6 +6,7 @@
#include <sys/file.h>
#include "alloc-util.h"
#include "capability-util.h"
#include "dissect-image.h"
#include "fd-util.h"
#include "fileio.h"
@ -17,6 +18,7 @@
#include "mount-util.h"
#include "namespace-util.h"
#include "parse-util.h"
#include "path-util.h"
#include "string-util.h"
#include "strv.h"
#include "tests.h"
@ -31,6 +33,17 @@ static usec_t arg_timeout = 0;
#if HAVE_BLKID
static usec_t end = 0;
static void verify_dissected_image(DissectedImage *dissected) {
assert_se(dissected->partitions[PARTITION_ESP].found);
assert_se(dissected->partitions[PARTITION_ESP].node);
assert_se(dissected->partitions[PARTITION_XBOOTLDR].found);
assert_se(dissected->partitions[PARTITION_XBOOTLDR].node);
assert_se(dissected->partitions[PARTITION_ROOT].found);
assert_se(dissected->partitions[PARTITION_ROOT].node);
assert_se(dissected->partitions[PARTITION_HOME].found);
assert_se(dissected->partitions[PARTITION_HOME].node);
}
static void* thread_func(void *ptr) {
int fd = PTR_TO_FD(ptr);
int r;
@ -75,14 +88,7 @@ static void* thread_func(void *ptr) {
partition_designator_to_string(d));
}
assert_se(dissected->partitions[PARTITION_ESP].found);
assert_se(dissected->partitions[PARTITION_ESP].node);
assert_se(dissected->partitions[PARTITION_XBOOTLDR].found);
assert_se(dissected->partitions[PARTITION_XBOOTLDR].node);
assert_se(dissected->partitions[PARTITION_ROOT].found);
assert_se(dissected->partitions[PARTITION_ROOT].node);
assert_se(dissected->partitions[PARTITION_HOME].found);
assert_se(dissected->partitions[PARTITION_HOME].node);
verify_dissected_image(dissected);
r = dissected_image_mount(dissected, mounted, UID_INVALID, UID_INVALID, DISSECT_IMAGE_READ_ONLY);
log_notice_errno(r, "Mounted %s → %s: %m", loop->node, mounted);
@ -119,6 +125,12 @@ static bool have_root_gpt_type(void) {
}
static int run(int argc, char *argv[]) {
#if HAVE_BLKID
_cleanup_(dissected_image_unrefp) DissectedImage *dissected = NULL;
_cleanup_(umount_and_rmdir_and_freep) char *mounted = NULL;
pthread_t threads[arg_n_threads];
sd_id128_t id;
#endif
_cleanup_free_ char *p = NULL, *cmd = NULL;
_cleanup_(pclosep) FILE *sfdisk = NULL;
_cleanup_(loop_device_unrefp) LoopDevice *loop = NULL;
@ -155,37 +167,12 @@ static int run(int argc, char *argv[]) {
if (argc >= 5)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Too many arguments (expected 3 at max).");
if (!have_root_gpt_type()) {
log_tests_skipped("No root partition GPT defined for this architecture, exiting.");
return EXIT_TEST_SKIP;
}
if (!have_root_gpt_type())
return log_tests_skipped("No root partition GPT defined for this architecture");
if (detect_container() > 0) {
log_tests_skipped("Test not supported in a container, requires udev/uevent notifications.");
return EXIT_TEST_SKIP;
}
/* This is a test for the loopback block device setup code and it's use by the image dissection
* logic: since the kernel APIs are hard use and prone to races, let's test this in a heavy duty
* test: we open a bunch of threads and repeatedly allocate and deallocate loopback block devices in
* them in parallel, with an image file with a number of partitions. */
r = detach_mount_namespace();
if (ERRNO_IS_PRIVILEGE(r)) {
log_tests_skipped("Lacking privileges");
return EXIT_TEST_SKIP;
}
FOREACH_STRING(fs, "vfat", "ext4") {
r = mkfs_exists(fs);
assert_se(r >= 0);
if (!r) {
log_tests_skipped("mkfs.{vfat|ext4} not installed");
return EXIT_TEST_SKIP;
}
}
assert_se(r >= 0);
r = find_executable("sfdisk", NULL);
if (r < 0)
return log_tests_skipped_errno(r, "Could not find sfdisk command");
assert_se(tempfn_random_child("/var/tmp", "sfdisk", &p) >= 0);
fd = open(p, O_CREAT|O_EXCL|O_RDWR|O_CLOEXEC|O_NOFOLLOW, 0666);
@ -214,24 +201,37 @@ static int run(int argc, char *argv[]) {
assert_se(pclose(sfdisk) == 0);
sfdisk = NULL;
#if HAVE_BLKID
assert_se(dissect_image_file(p, NULL, NULL, 0, &dissected) >= 0);
verify_dissected_image(dissected);
dissected = dissected_image_unref(dissected);
#endif
if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0) {
log_tests_skipped("not running privileged");
return 0;
}
if (detect_container() > 0) {
log_tests_skipped("Test not supported in a container, requires udev/uevent notifications");
return 0;
}
assert_se(loop_device_make(fd, O_RDWR, 0, UINT64_MAX, LO_FLAGS_PARTSCAN, LOCK_EX, &loop) >= 0);
#if HAVE_BLKID
_cleanup_(dissected_image_unrefp) DissectedImage *dissected = NULL;
_cleanup_(umount_and_rmdir_and_freep) char *mounted = NULL;
pthread_t threads[arg_n_threads];
sd_id128_t id;
assert_se(dissect_loop_device(loop, NULL, NULL, 0, &dissected) >= 0);
verify_dissected_image(dissected);
assert_se(dissected->partitions[PARTITION_ESP].found);
assert_se(dissected->partitions[PARTITION_ESP].node);
assert_se(dissected->partitions[PARTITION_XBOOTLDR].found);
assert_se(dissected->partitions[PARTITION_XBOOTLDR].node);
assert_se(dissected->partitions[PARTITION_ROOT].found);
assert_se(dissected->partitions[PARTITION_ROOT].node);
assert_se(dissected->partitions[PARTITION_HOME].found);
assert_se(dissected->partitions[PARTITION_HOME].node);
FOREACH_STRING(fs, "vfat", "ext4") {
r = mkfs_exists(fs);
assert_se(r >= 0);
if (!r) {
log_tests_skipped("mkfs.{vfat|ext4} not installed");
return 0;
}
}
assert_se(r >= 0);
assert_se(sd_id128_randomize(&id) >= 0);
assert_se(make_filesystem(dissected->partitions[PARTITION_ESP].node, "vfat", "EFI", NULL, id, true) >= 0);
@ -247,6 +247,7 @@ static int run(int argc, char *argv[]) {
dissected = dissected_image_unref(dissected);
assert_se(dissect_loop_device(loop, NULL, NULL, 0, &dissected) >= 0);
verify_dissected_image(dissected);
assert_se(mkdtemp_malloc(NULL, &mounted) >= 0);
@ -257,6 +258,12 @@ static int run(int argc, char *argv[]) {
* it. */
assert_se(loop_device_flock(loop, LOCK_SH) >= 0);
/* This is a test for the loopback block device setup code and it's use by the image dissection
* logic: since the kernel APIs are hard use and prone to races, let's test this in a heavy duty
* test: we open a bunch of threads and repeatedly allocate and deallocate loopback block devices in
* them in parallel, with an image file with a number of partitions. */
assert_se(detach_mount_namespace() >= 0);
/* This first (writable) mount will initialize the mount point dirs, so that the subsequent read-only ones can work */
assert_se(dissected_image_mount(dissected, mounted, UID_INVALID, UID_INVALID, 0) >= 0);
@ -290,7 +297,7 @@ static int run(int argc, char *argv[]) {
void *k;
assert_se(pthread_join(threads[i], &k) == 0);
assert_se(k == NULL);
assert_se(!k);
log_notice("Joined thread #%u.", i);
}
@ -299,7 +306,6 @@ static int run(int argc, char *argv[]) {
#else
log_notice("Cutting test short, since we do not have libblkid.");
#endif
return 0;
}