[PATCH v2 2/4] dm ioctl: Allow userspace to provide expected diskseq

From: Demi Marie Obenour
Date: Sat Jun 24 2023 - 19:10:19 EST

Next message: Demi Marie Obenour: "[PATCH v2 4/4] dm ioctl: inform caller about already-existing device"
Previous message: Demi Marie Obenour: "[PATCH v2 3/4] dm ioctl: Allow userspace to suppress uevent generation"
In reply to: Milan Broz: "Re: [dm-devel] [PATCH v2 3/4] dm ioctl: Allow userspace to suppress uevent generation"
Next in thread: Demi Marie Obenour: "Re: [PATCH v2 2/4] dm ioctl: Allow userspace to provide expected diskseq"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This can be used to avoid race conditions in which a device is destroyed
and recreated with the same major/minor, name, or UUID. diskseqs are
only honored if strict parameter checking is on, to avoid any risk of
breaking old userspace.

Signed-off-by: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>
---
drivers/md/dm-ioctl.c | 41 +++++++++++++++++++++++++++++------
include/uapi/linux/dm-ioctl.h | 31 ++++++++++++++++++++++++--
2 files changed, 63 insertions(+), 9 deletions(-)

diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
index e7693479c0cd974ddde69b3b1c4c67abc2ae3ad6..7abaeec33f1884d4588e8563fb02e9ea1a6782c8 100644
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -878,6 +878,9 @@ static void __dev_status(struct mapped_device *md, struct dm_ioctl *param)
}
dm_put_live_table(md, srcu_idx);
}
+
+ if (param->version[0] >= DM_VERSION_MAJOR_STRICT)
+ dm_set_diskseq(param, disk->diskseq);
}

static int dev_create(struct file *filp, struct dm_ioctl *param, size_t param_size)
@@ -918,6 +921,9 @@ static int dev_create(struct file *filp, struct dm_ioctl *param, size_t param_si
static struct hash_cell *__find_device_hash_cell(struct dm_ioctl *param)
{
struct hash_cell *hc = NULL;
+ static_assert(offsetof(struct dm_ioctl, diskseq_high) ==
+ offsetof(struct dm_ioctl, data) + 3,
+ "diskseq_high field misplaced");

if (*param->uuid) {
if (*param->name || param->dev) {
@@ -946,6 +952,27 @@ static struct hash_cell *__find_device_hash_cell(struct dm_ioctl *param)
} else
return NULL;

+ if (param->version[0] >= DM_VERSION_MAJOR_STRICT) {
+ u64 expected_diskseq = dm_get_diskseq(param);
+ u64 diskseq;
+ struct mapped_device *md = hc->md;
+
+ if (WARN_ON_ONCE(md->disk == NULL))
+ return NULL;
+ diskseq = md->disk->diskseq;
+ if (WARN_ON_ONCE(diskseq == 0))
+ return NULL;
+ if (expected_diskseq != 0) {
+ if (expected_diskseq != diskseq) {
+ DMERR("Diskseq mismatch: expected %llu actual %llu",
+ expected_diskseq, diskseq);
+ return NULL;
+ }
+ } else {
+ dm_set_diskseq(param, diskseq);
+ }
+ }
+
/*
* Sneakily write in both the name and the uuid
* while we have the cell.
@@ -2139,6 +2166,12 @@ static int validate_params(uint cmd, struct dm_ioctl *param,
return 0;
}

+ if (param->data_size < sizeof(struct dm_ioctl)) {
+ DMERR("Entire struct dm_ioctl (size %zu) must be valid, but only %u was valid",
+ sizeof(struct dm_ioctl), param->data_size);
+ return -EINVAL;
+ }
+
/* Check that strings are terminated */
if (!no_non_nul_after_nul(param->name, DM_NAME_LEN, cmd, "Name") ||
!no_non_nul_after_nul(param->uuid, DM_UUID_LEN, cmd, "UUID"))
@@ -2148,7 +2181,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param,
* This also checks the last byte of the UUID field, but that was
* checked to be zero above.
*/
- if (*(const u64 *)((const char *)param + (sizeof(*param) - 8)) != 0) {
+ if (*(const u32 *)((const char *)param + (sizeof(*param) - 8)) != 0) {
DMERR("second padding field not zeroed in strict mode (cmd %u)", cmd);
return -EINVAL;
}
@@ -2159,12 +2192,6 @@ static int validate_params(uint cmd, struct dm_ioctl *param,
return -EINVAL;
}

- if (param->padding != 0) {
- DMERR("padding not zeroed in strict mode (got %u, cmd %u)",
- param->padding, cmd);
- return -EINVAL;
- }
-
if (param->open_count != 0) {
DMERR("open_count not zeroed in strict mode (got %d, cmd %u)",
param->open_count, cmd);
diff --git a/include/uapi/linux/dm-ioctl.h b/include/uapi/linux/dm-ioctl.h
index 62bfdc95ebccb2f1c20c24496a449fe3e2a76113..1d33109aece2ff9854e752066baa96fdf7d85857 100644
--- a/include/uapi/linux/dm-ioctl.h
+++ b/include/uapi/linux/dm-ioctl.h
@@ -146,16 +146,43 @@ struct dm_ioctl {
* For output, the ioctls return the event number, not the cookie.
*/
__u32 event_nr; /* in/out */
- __u32 padding;
+
+ union {
+ /* valid if DM_VERSION_MAJOR is used */
+ __u32 padding; /* padding */
+ /* valid if DM_VERSION_MAJOR_STRICT is used */
+ __u32 diskseq_low; /* in/out: low 4 bytes of the diskseq */
+ };

__u64 dev; /* in/out */

char name[DM_NAME_LEN]; /* device name */
char uuid[DM_UUID_LEN]; /* unique identifier for
* the block device */
- char data[7]; /* padding or data, must be zero in strict mode */
+ union {
+ /* valid if DM_VERSION_MAJOR is used */
+ char data[7]; /* padding or data */
+ /* valid if DM_VERSION_MAJOR_STRICT is used */
+ struct {
+ char _padding[3]; /* padding, must be zeroed */
+ __u32 diskseq_high; /* in/out: high 4 bytes of the diskseq */
+ } __attribute__((packed));
+ };
};

+__attribute__((always_inline)) static inline __u64
+dm_get_diskseq(const struct dm_ioctl *_i)
+{
+ return (__u64)_i->diskseq_high << 32 | (__u64)_i->diskseq_low;
+}
+
+__attribute__((always_inline)) static inline void
+dm_set_diskseq(struct dm_ioctl *_i, __u64 _diskseq)
+{
+ _i->diskseq_low = (__u32)(_diskseq & 0xFFFFFFFFU);
+ _i->diskseq_high = (__u32)(_diskseq >> 32);
+}
+
/*
* Used to specify tables. These structures appear after the
* dm_ioctl.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab

Next message: Demi Marie Obenour: "[PATCH v2 4/4] dm ioctl: inform caller about already-existing device"
Previous message: Demi Marie Obenour: "[PATCH v2 3/4] dm ioctl: Allow userspace to suppress uevent generation"
In reply to: Milan Broz: "Re: [dm-devel] [PATCH v2 3/4] dm ioctl: Allow userspace to suppress uevent generation"
Next in thread: Demi Marie Obenour: "Re: [PATCH v2 2/4] dm ioctl: Allow userspace to provide expected diskseq"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]