X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fshared%2Fbtrfs-util.c;h=49528dbf0152e119d6ee1d9f3ed7acaa0f067b41;hp=34ebaece027e2875a78e3b9bb38530a3cba22b0f;hb=6ec9b87c4ecf5144b5ea845a53a352dd9f2d173a;hpb=01dcca794a4f546ec2ec109d0b2eb27204e7b16e diff --git a/src/shared/btrfs-util.c b/src/shared/btrfs-util.c index 34ebaece0..49528dbf0 100644 --- a/src/shared/btrfs-util.c +++ b/src/shared/btrfs-util.c @@ -38,6 +38,14 @@ #include "btrfs-ctree.h" #include "btrfs-util.h" +/* WARNING: Be careful with file system ioctls! When we get an fd, we + * need to make sure it either refers to only a regular file or + * directory, or that it is located on btrfs, before invoking any + * btrfs ioctls. The ioctl numbers are reused by some device drivers + * (such as DRM), and hence might have bad effects when invoked on + * device nodes (that reference drivers) rather than fds to normal + * files or directories. */ + static int validate_subvolume_name(const char *name) { if (!filename_is_valid(name)) @@ -83,17 +91,10 @@ static int extract_subvolume_name(const char *path, const char **subvolume) { return 0; } -int btrfs_is_snapshot(int fd) { - struct stat st; +int btrfs_is_filesystem(int fd) { struct statfs sfs; - /* On btrfs subvolumes always have the inode 256 */ - - if (fstat(fd, &st) < 0) - return -errno; - - if (!S_ISDIR(st.st_mode) || st.st_ino != 256) - return 0; + assert(fd >= 0); if (fstatfs(fd, &sfs) < 0) return -errno; @@ -101,72 +102,20 @@ int btrfs_is_snapshot(int fd) { return F_TYPE_EQUAL(sfs.f_type, BTRFS_SUPER_MAGIC); } -int btrfs_subvol_snapshot_fd(int old_fd, const char *new_path, BtrfsSnapshotFlags flags) { - struct btrfs_ioctl_vol_args_v2 args = { - .flags = flags & BTRFS_SNAPSHOT_READ_ONLY ? BTRFS_SUBVOL_RDONLY : 0, - }; - _cleanup_close_ int new_fd = -1; - const char *subvolume; - int r; - - assert(new_path); - - r = btrfs_is_snapshot(old_fd); - if (r < 0) - return r; - if (r == 0) { - if (!(flags & BTRFS_SNAPSHOT_FALLBACK_COPY)) - return -EISDIR; - - r = btrfs_subvol_make(new_path); - if (r < 0) - return r; - - r = copy_directory_fd(old_fd, new_path, true); - if (r < 0) { - btrfs_subvol_remove(new_path, false); - return r; - } - - if (flags & BTRFS_SNAPSHOT_READ_ONLY) { - r = btrfs_subvol_set_read_only(new_path, true); - if (r < 0) { - btrfs_subvol_remove(new_path, false); - return r; - } - } - - return 0; - } - - r = extract_subvolume_name(new_path, &subvolume); - if (r < 0) - return r; +int btrfs_is_subvol(int fd) { + struct stat st; - new_fd = open_parent(new_path, O_RDONLY|O_NOCTTY|O_CLOEXEC|O_DIRECTORY); - if (new_fd < 0) - return new_fd; + assert(fd >= 0); - strncpy(args.name, subvolume, sizeof(args.name)-1); - args.fd = old_fd; + /* On btrfs subvolumes always have the inode 256 */ - if (ioctl(new_fd, BTRFS_IOC_SNAP_CREATE_V2, &args) < 0) + if (fstat(fd, &st) < 0) return -errno; - return 0; -} - -int btrfs_subvol_snapshot(const char *old_path, const char *new_path, BtrfsSnapshotFlags flags) { - _cleanup_close_ int old_fd = -1; - - assert(old_path); - assert(new_path); - - old_fd = open(old_path, O_RDONLY|O_NOCTTY|O_CLOEXEC|O_DIRECTORY); - if (old_fd < 0) - return -errno; + if (!S_ISDIR(st.st_mode) || st.st_ino != 256) + return 0; - return btrfs_subvol_snapshot_fd(old_fd, new_path, flags); + return btrfs_is_filesystem(fd); } int btrfs_subvol_make(const char *path) { @@ -252,6 +201,15 @@ int btrfs_subvol_set_read_only(const char *path, bool b) { int btrfs_subvol_get_read_only_fd(int fd) { uint64_t flags; + struct stat st; + + assert(fd >= 0); + + if (fstat(fd, &st) < 0) + return -errno; + + if (!S_ISDIR(st.st_mode) || st.st_ino != 256) + return -EINVAL; if (ioctl(fd, BTRFS_IOC_SUBVOL_GETFLAGS, &flags) < 0) return -errno; @@ -260,11 +218,21 @@ int btrfs_subvol_get_read_only_fd(int fd) { } int btrfs_reflink(int infd, int outfd) { + struct stat st; int r; assert(infd >= 0); assert(outfd >= 0); + /* Make sure we invoke the ioctl on a regular file, so that no + * device driver accidentally gets it. */ + + if (fstat(outfd, &st) < 0) + return -errno; + + if (!S_ISREG(st.st_mode)) + return -EINVAL; + r = ioctl(outfd, BTRFS_IOC_CLONE, infd); if (r < 0) return -errno; @@ -279,12 +247,19 @@ int btrfs_clone_range(int infd, uint64_t in_offset, int outfd, uint64_t out_offs .src_length = sz, .dest_offset = out_offset, }; + struct stat st; int r; assert(infd >= 0); assert(outfd >= 0); assert(sz > 0); + if (fstat(outfd, &st) < 0) + return -errno; + + if (!S_ISREG(st.st_mode)) + return -EINVAL; + r = ioctl(outfd, BTRFS_IOC_CLONE_RANGE, &args); if (r < 0) return -errno; @@ -295,10 +270,17 @@ int btrfs_clone_range(int infd, uint64_t in_offset, int outfd, uint64_t out_offs int btrfs_get_block_device_fd(int fd, dev_t *dev) { struct btrfs_ioctl_fs_info_args fsi = {}; uint64_t id; + int r; assert(fd >= 0); assert(dev); + r = btrfs_is_filesystem(fd); + if (r < 0) + return r; + if (!r) + return -ENOTTY; + if (ioctl(fd, BTRFS_IOC_FS_INFO, &fsi) < 0) return -errno; @@ -352,10 +334,17 @@ int btrfs_subvol_get_id_fd(int fd, uint64_t *ret) { struct btrfs_ioctl_ino_lookup_args args = { .objectid = BTRFS_FIRST_FREE_OBJECTID }; + int r; assert(fd >= 0); assert(ret); + r = btrfs_is_filesystem(fd); + if (r < 0) + return r; + if (!r) + return -ENOTTY; + if (ioctl(fd, BTRFS_IOC_INO_LOOKUP, &args) < 0) return -errno; @@ -621,8 +610,16 @@ finish: } int btrfs_defrag_fd(int fd) { + struct stat st; + assert(fd >= 0); + if (fstat(fd, &st) < 0) + return -errno; + + if (!S_ISREG(st.st_mode)) + return -EINVAL; + if (ioctl(fd, BTRFS_IOC_DEFRAG, NULL) < 0) return -errno; @@ -643,9 +640,16 @@ int btrfs_quota_enable_fd(int fd, bool b) { struct btrfs_ioctl_quota_ctl_args args = { .cmd = b ? BTRFS_QUOTA_CTL_ENABLE : BTRFS_QUOTA_CTL_DISABLE, }; + int r; assert(fd >= 0); + r = btrfs_is_filesystem(fd); + if (r < 0) + return r; + if (!r) + return -ENOTTY; + if (ioctl(fd, BTRFS_IOC_QUOTA_CTL, &args) < 0) return -errno; @@ -669,9 +673,16 @@ int btrfs_quota_limit_fd(int fd, uint64_t referenced_max) { referenced_max == 0 ? 1 : referenced_max, .lim.flags = BTRFS_QGROUP_LIMIT_MAX_RFER, }; + int r; assert(fd >= 0); + r = btrfs_is_filesystem(fd); + if (r < 0) + return r; + if (!r) + return -ENOTTY; + if (ioctl(fd, BTRFS_IOC_QGROUP_LIMIT, &args) < 0) return -errno; @@ -791,11 +802,19 @@ static int subvol_remove_children(int fd, const char *subvolume, uint64_t subvol struct btrfs_ioctl_vol_args vol_args = {}; _cleanup_close_ int subvol_fd = -1; + struct stat st; + bool made_writable = false; int r; assert(fd >= 0); assert(subvolume); + if (fstat(fd, &st) < 0) + return -errno; + + if (!S_ISDIR(st.st_mode)) + return -EINVAL; + /* First, try to remove the subvolume. If it happens to be * already empty, this will just work. */ strncpy(vol_args.name, subvolume, sizeof(vol_args.name)-1); @@ -849,11 +868,19 @@ static int subvol_remove_children(int fd, const char *subvolume, uint64_t subvol zero(ino_args); ino_args.treeid = subvol_id; - ino_args.objectid = ref->dirid; + ino_args.objectid = htole64(ref->dirid); if (ioctl(fd, BTRFS_IOC_INO_LOOKUP, &ino_args) < 0) return -errno; + if (!made_writable) { + r = btrfs_subvol_set_read_only_fd(subvol_fd, false); + if (r < 0) + return r; + + made_writable = true; + } + if (isempty(ino_args.name)) /* Subvolume is in the top-level * directory of the subvolume. */ @@ -909,3 +936,217 @@ int btrfs_subvol_remove(const char *path, bool recursive) { int btrfs_subvol_remove_fd(int fd, const char *subvolume, bool recursive) { return subvol_remove_children(fd, subvolume, 0, recursive); } + +static int subvol_snapshot_children(int old_fd, int new_fd, const char *subvolume, uint64_t subvol_id, BtrfsSnapshotFlags flags) { + + struct btrfs_ioctl_search_args args = { + .key.tree_id = BTRFS_ROOT_TREE_OBJECTID, + + .key.min_objectid = BTRFS_FIRST_FREE_OBJECTID, + .key.max_objectid = BTRFS_LAST_FREE_OBJECTID, + + .key.min_type = BTRFS_ROOT_BACKREF_KEY, + .key.max_type = BTRFS_ROOT_BACKREF_KEY, + + .key.min_transid = 0, + .key.max_transid = (uint64_t) -1, + }; + + struct btrfs_ioctl_vol_args_v2 vol_args = { + .flags = flags & BTRFS_SNAPSHOT_READ_ONLY ? BTRFS_SUBVOL_RDONLY : 0, + .fd = old_fd, + }; + int r; + _cleanup_close_ int subvolume_fd = -1; + + assert(old_fd >= 0); + assert(new_fd >= 0); + assert(subvolume); + + strncpy(vol_args.name, subvolume, sizeof(vol_args.name)-1); + vol_args.fd = old_fd; + + if (ioctl(new_fd, BTRFS_IOC_SNAP_CREATE_V2, &vol_args) < 0) + return -errno; + + if (!(flags & BTRFS_SNAPSHOT_RECURSIVE)) + return 0; + + if (subvol_id == 0) { + r = btrfs_subvol_get_id_fd(old_fd, &subvol_id); + if (r < 0) + return r; + } + + args.key.min_offset = args.key.max_offset = subvol_id; + + while (btrfs_ioctl_search_args_compare(&args) <= 0) { + const struct btrfs_ioctl_search_header *sh; + unsigned i; + + args.key.nr_items = 256; + if (ioctl(old_fd, BTRFS_IOC_TREE_SEARCH, &args) < 0) + return -errno; + + if (args.key.nr_items <= 0) + break; + + FOREACH_BTRFS_IOCTL_SEARCH_HEADER(i, sh, args) { + _cleanup_free_ char *p = NULL, *c = NULL, *np = NULL; + struct btrfs_ioctl_ino_lookup_args ino_args; + const struct btrfs_root_ref *ref; + _cleanup_close_ int old_child_fd = -1, new_child_fd = -1; + + btrfs_ioctl_search_args_set(&args, sh); + + if (sh->type != BTRFS_ROOT_BACKREF_KEY) + continue; + if (sh->offset != subvol_id) + continue; + + ref = BTRFS_IOCTL_SEARCH_HEADER_BODY(sh); + + p = strndup((char*) ref + sizeof(struct btrfs_root_ref), le64toh(ref->name_len)); + if (!p) + return -ENOMEM; + + zero(ino_args); + ino_args.treeid = subvol_id; + ino_args.objectid = htole64(ref->dirid); + + if (ioctl(old_fd, BTRFS_IOC_INO_LOOKUP, &ino_args) < 0) + return -errno; + + /* The kernel returns an empty name if the + * subvolume is in the top-level directory, + * and otherwise appends a slash, so that we + * can just concatenate easily here, without + * adding a slash. */ + c = strappend(ino_args.name, p); + if (!c) + return -ENOMEM; + + old_child_fd = openat(old_fd, c, O_RDONLY|O_NOCTTY|O_CLOEXEC|O_DIRECTORY); + if (old_child_fd < 0) + return -errno; + + np = strjoin(subvolume, "/", ino_args.name, NULL); + if (!np) + return -ENOMEM; + + new_child_fd = openat(new_fd, np, O_RDONLY|O_NOCTTY|O_CLOEXEC|O_DIRECTORY); + if (new_child_fd < 0) + return -errno; + + if (flags & BTRFS_SNAPSHOT_READ_ONLY) { + /* If the snapshot is read-only we + * need to mark it writable + * temporarily, to put the subsnapshot + * into place. */ + + if (subvolume_fd < 0) { + subvolume_fd = openat(new_fd, subvolume, O_RDONLY|O_NOCTTY|O_CLOEXEC|O_DIRECTORY); + if (subvolume_fd < 0) + return -errno; + } + + r = btrfs_subvol_set_read_only_fd(subvolume_fd, false); + if (r < 0) + return r; + } + + /* When btrfs clones the subvolumes, child + * subvolumes appear as directories. Remove + * them, so that we can create a new snapshot + * in their place */ + if (unlinkat(new_child_fd, p, AT_REMOVEDIR) < 0) { + int k = -errno; + + if (flags & BTRFS_SNAPSHOT_READ_ONLY) + (void) btrfs_subvol_set_read_only_fd(subvolume_fd, true); + + return k; + } + + r = subvol_snapshot_children(old_child_fd, new_child_fd, p, sh->objectid, flags & ~BTRFS_SNAPSHOT_FALLBACK_COPY); + + /* Restore the readonly flag */ + if (flags & BTRFS_SNAPSHOT_READ_ONLY) { + int k; + + k = btrfs_subvol_set_read_only_fd(subvolume_fd, true); + if (r >= 0 && k < 0) + return k; + } + + if (r < 0) + return r; + } + + /* Increase search key by one, to read the next item, if we can. */ + if (!btrfs_ioctl_search_args_inc(&args)) + break; + } + + return 0; +} + +int btrfs_subvol_snapshot_fd(int old_fd, const char *new_path, BtrfsSnapshotFlags flags) { + _cleanup_close_ int new_fd = -1; + const char *subvolume; + int r; + + assert(old_fd >= 0); + assert(new_path); + + r = btrfs_is_subvol(old_fd); + if (r < 0) + return r; + if (r == 0) { + if (!(flags & BTRFS_SNAPSHOT_FALLBACK_COPY)) + return -EISDIR; + + r = btrfs_subvol_make(new_path); + if (r < 0) + return r; + + r = copy_directory_fd(old_fd, new_path, true); + if (r < 0) { + btrfs_subvol_remove(new_path, false); + return r; + } + + if (flags & BTRFS_SNAPSHOT_READ_ONLY) { + r = btrfs_subvol_set_read_only(new_path, true); + if (r < 0) { + btrfs_subvol_remove(new_path, false); + return r; + } + } + + return 0; + } + + r = extract_subvolume_name(new_path, &subvolume); + if (r < 0) + return r; + + new_fd = open_parent(new_path, O_RDONLY|O_NOCTTY|O_CLOEXEC|O_DIRECTORY); + if (new_fd < 0) + return new_fd; + + return subvol_snapshot_children(old_fd, new_fd, subvolume, 0, flags); +} + +int btrfs_subvol_snapshot(const char *old_path, const char *new_path, BtrfsSnapshotFlags flags) { + _cleanup_close_ int old_fd = -1; + + assert(old_path); + assert(new_path); + + old_fd = open(old_path, O_RDONLY|O_NOCTTY|O_CLOEXEC|O_DIRECTORY); + if (old_fd < 0) + return -errno; + + return btrfs_subvol_snapshot_fd(old_fd, new_path, flags); +}