fec_open.cpp revision 65cbaeb020b209f3d75d594ebbe49a609dd3c7e7
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <stdlib.h> 18#include <sys/ioctl.h> 19#include <sys/stat.h> 20 21extern "C" { 22 #include <squashfs_utils.h> 23 #include <ext4_sb.h> 24} 25 26#if defined(__linux__) 27 #include <linux/fs.h> 28#elif defined(__APPLE__) 29 #include <sys/disk.h> 30 #define BLKGETSIZE64 DKIOCGETBLOCKCOUNT 31 #define fdatasync(fd) fcntl((fd), F_FULLFSYNC) 32#endif 33 34#include "fec_private.h" 35 36/* used by `find_offset'; returns metadata size for a file size `size' and 37 `roots' Reed-Solomon parity bytes */ 38using size_func = uint64_t (*)(uint64_t size, int roots); 39 40/* performs a binary search to find a metadata offset from a file so that 41 the metadata size matches function `get_real_size(size, roots)', using 42 the approximate size returned by `get_appr_size' as a starting point */ 43static int find_offset(uint64_t file_size, int roots, uint64_t *offset, 44 size_func get_appr_size, size_func get_real_size) 45{ 46 check(offset); 47 check(get_appr_size); 48 check(get_real_size); 49 50 if (file_size % FEC_BLOCKSIZE) { 51 /* must be a multiple of block size */ 52 error("file size not multiple of " stringify(FEC_BLOCKSIZE)); 53 errno = EINVAL; 54 return -1; 55 } 56 57 uint64_t mi = get_appr_size(file_size, roots); 58 uint64_t lo = file_size - mi * 2; 59 uint64_t hi = file_size - mi / 2; 60 61 while (lo < hi) { 62 mi = ((hi + lo) / (2 * FEC_BLOCKSIZE)) * FEC_BLOCKSIZE; 63 uint64_t total = mi + get_real_size(mi, roots); 64 65 if (total < file_size) { 66 lo = mi + FEC_BLOCKSIZE; 67 } else if (total > file_size) { 68 hi = mi; 69 } else { 70 *offset = mi; 71 debug("file_size = %" PRIu64 " -> offset = %" PRIu64, file_size, 72 mi); 73 return 0; 74 } 75 } 76 77 warn("could not determine offset"); 78 errno = ERANGE; 79 return -1; 80} 81 82/* returns verity metadata size for a `size' byte file */ 83static uint64_t get_verity_size(uint64_t size, int) 84{ 85 return VERITY_METADATA_SIZE + verity_get_size(size, NULL, NULL); 86} 87 88/* computes the verity metadata offset for a file with size `f->size' */ 89static int find_verity_offset(fec_handle *f, uint64_t *offset) 90{ 91 check(f); 92 check(offset); 93 94 return find_offset(f->data_size, 0, offset, get_verity_size, 95 get_verity_size); 96} 97 98/* attempts to read and validate an ecc header from file position `offset' */ 99static int parse_ecc_header(fec_handle *f, uint64_t offset) 100{ 101 check(f); 102 check(f->ecc.rsn > 0 && f->ecc.rsn < FEC_RSM); 103 check(f->size > sizeof(fec_header)); 104 105 debug("offset = %" PRIu64, offset); 106 107 if (offset > f->size - sizeof(fec_header)) { 108 return -1; 109 } 110 111 fec_header header; 112 113 /* there's obviously no ecc data at this point, so there is no need to 114 call fec_pread to access this data */ 115 if (!raw_pread(f, &header, sizeof(fec_header), offset)) { 116 error("failed to read: %s", strerror(errno)); 117 return -1; 118 } 119 120 /* move offset back to the beginning of the block for validating header */ 121 offset -= offset % FEC_BLOCKSIZE; 122 123 if (header.magic != FEC_MAGIC) { 124 return -1; 125 } 126 if (header.version != FEC_VERSION) { 127 error("unsupported ecc version: %u", header.version); 128 return -1; 129 } 130 if (header.size != sizeof(fec_header)) { 131 error("unexpected ecc header size: %u", header.size); 132 return -1; 133 } 134 if (header.roots == 0 || header.roots >= FEC_RSM) { 135 error("invalid ecc roots: %u", header.roots); 136 return -1; 137 } 138 if (f->ecc.roots != (int)header.roots) { 139 error("unexpected number of roots: %d vs %u", f->ecc.roots, 140 header.roots); 141 return -1; 142 } 143 if (header.fec_size % header.roots || 144 header.fec_size % FEC_BLOCKSIZE) { 145 error("inconsistent ecc size %u", header.fec_size); 146 return -1; 147 } 148 /* structure: data | ecc | header */ 149 if (offset < header.fec_size || 150 offset - header.fec_size != header.inp_size) { 151 error("unexpected input size: %" PRIu64 " vs %" PRIu64, offset, 152 header.inp_size); 153 return -1; 154 } 155 156 f->data_size = header.inp_size; 157 f->ecc.blocks = fec_div_round_up(f->data_size, FEC_BLOCKSIZE); 158 f->ecc.rounds = fec_div_round_up(f->ecc.blocks, f->ecc.rsn); 159 160 if (header.fec_size != 161 (uint32_t)f->ecc.rounds * f->ecc.roots * FEC_BLOCKSIZE) { 162 error("inconsistent ecc size %u", header.fec_size); 163 return -1; 164 } 165 166 f->ecc.size = header.fec_size; 167 f->ecc.start = header.inp_size; 168 169 /* validate encoding data; caller may opt not to use it if invalid */ 170 SHA256_CTX ctx; 171 SHA256_Init(&ctx); 172 173 uint8_t buf[FEC_BLOCKSIZE]; 174 uint32_t n = 0; 175 uint32_t len = FEC_BLOCKSIZE; 176 177 while (n < f->ecc.size) { 178 if (len > f->ecc.size - n) { 179 len = f->ecc.size - n; 180 } 181 182 if (!raw_pread(f, buf, len, f->ecc.start + n)) { 183 error("failed to read ecc: %s", strerror(errno)); 184 return -1; 185 } 186 187 SHA256_Update(&ctx, buf, len); 188 n += len; 189 } 190 191 uint8_t hash[SHA256_DIGEST_LENGTH]; 192 SHA256_Final(hash, &ctx); 193 194 f->ecc.valid = !memcmp(hash, header.hash, SHA256_DIGEST_LENGTH); 195 196 if (!f->ecc.valid) { 197 warn("ecc data not valid"); 198 } 199 200 return 0; 201} 202 203/* attempts to read an ecc header from `offset', and checks for a backup copy 204 at the end of the block if the primary header is not valid */ 205static int parse_ecc(fec_handle *f, uint64_t offset) 206{ 207 check(f); 208 check(offset % FEC_BLOCKSIZE == 0); 209 check(offset < UINT64_MAX - FEC_BLOCKSIZE); 210 211 /* check the primary header at the beginning of the block */ 212 if (parse_ecc_header(f, offset) == 0) { 213 return 0; 214 } 215 216 /* check the backup header at the end of the block */ 217 if (parse_ecc_header(f, offset + FEC_BLOCKSIZE - sizeof(fec_header)) == 0) { 218 warn("using backup ecc header"); 219 return 0; 220 } 221 222 return -1; 223} 224 225/* reads the squashfs superblock and returns the size of the file system in 226 `offset' */ 227static int get_squashfs_size(fec_handle *f, uint64_t *offset) 228{ 229 check(f); 230 check(offset); 231 232 size_t sb_size = squashfs_get_sb_size(); 233 check(sb_size <= SSIZE_MAX); 234 235 uint8_t buffer[sb_size]; 236 237 if (fec_pread(f, buffer, sizeof(buffer), 0) != (ssize_t)sb_size) { 238 error("failed to read superblock: %s", strerror(errno)); 239 return -1; 240 } 241 242 squashfs_info sq; 243 244 if (squashfs_parse_sb_buffer(buffer, &sq) < 0) { 245 error("failed to parse superblock: %s", strerror(errno)); 246 return -1; 247 } 248 249 *offset = sq.bytes_used_4K_padded; 250 return 0; 251} 252 253/* reads the ext4 superblock and returns the size of the file system in 254 `offset' */ 255static int get_ext4_size(fec_handle *f, uint64_t *offset) 256{ 257 check(f); 258 check(f->size > 1024 + sizeof(ext4_super_block)); 259 check(offset); 260 261 ext4_super_block sb; 262 263 if (fec_pread(f, &sb, sizeof(sb), 1024) != sizeof(sb)) { 264 error("failed to read superblock: %s", strerror(errno)); 265 return -1; 266 } 267 268 fs_info info; 269 info.len = 0; /* only len is set to 0 to ask the device for real size. */ 270 271 if (ext4_parse_sb(&sb, &info) != 0) { 272 errno = EINVAL; 273 return -1; 274 } 275 276 *offset = info.len; 277 return 0; 278} 279 280/* attempts to determine file system size, if no fs type is specified in 281 `f->flags', tries all supported types, and returns the size in `offset' */ 282static int get_fs_size(fec_handle *f, uint64_t *offset) 283{ 284 check(f); 285 check(offset); 286 287 if (f->flags & FEC_FS_EXT4) { 288 return get_ext4_size(f, offset); 289 } else if (f->flags & FEC_FS_SQUASH) { 290 return get_squashfs_size(f, offset); 291 } else { 292 /* try all alternatives */ 293 int rc = get_ext4_size(f, offset); 294 295 if (rc == 0) { 296 debug("found ext4fs"); 297 return rc; 298 } 299 300 rc = get_squashfs_size(f, offset); 301 302 if (rc == 0) { 303 debug("found squashfs"); 304 } 305 306 return rc; 307 } 308} 309 310/* locates, validates, and loads verity metadata from `f->fd' */ 311static int load_verity(fec_handle *f) 312{ 313 check(f); 314 debug("size = %" PRIu64 ", flags = %d", f->data_size, f->flags); 315 316 uint64_t offset = f->data_size - VERITY_METADATA_SIZE; 317 318 /* verity header is at the end of the data area */ 319 if (verity_parse_header(f, offset) == 0) { 320 debug("found at %" PRIu64 " (start %" PRIu64 ")", offset, 321 f->verity.hash_start); 322 return 0; 323 } 324 325 debug("trying legacy formats"); 326 327 /* legacy format at the end of the partition */ 328 if (find_verity_offset(f, &offset) == 0 && 329 verity_parse_header(f, offset) == 0) { 330 debug("found at %" PRIu64 " (start %" PRIu64 ")", offset, 331 f->verity.hash_start); 332 return 0; 333 } 334 335 /* legacy format after the file system, but not at the end */ 336 int rc = get_fs_size(f, &offset); 337 338 if (rc == 0) { 339 debug("file system size = %" PRIu64, offset); 340 rc = verity_parse_header(f, offset); 341 342 if (rc == 0) { 343 debug("found at %" PRIu64 " (start %" PRIu64 ")", offset, 344 f->verity.hash_start); 345 } 346 } 347 348 return rc; 349} 350 351/* locates, validates, and loads ecc data from `f->fd' */ 352static int load_ecc(fec_handle *f) 353{ 354 check(f); 355 debug("size = %" PRIu64, f->data_size); 356 357 uint64_t offset = f->data_size - FEC_BLOCKSIZE; 358 359 if (parse_ecc(f, offset) == 0) { 360 debug("found at %" PRIu64 " (start %" PRIu64 ")", offset, 361 f->ecc.start); 362 return 0; 363 } 364 365 return -1; 366} 367 368/* sets `f->size' to the size of the file or block device */ 369static int get_size(fec_handle *f) 370{ 371 check(f); 372 373 struct stat st; 374 375 if (fstat(f->fd, &st) == -1) { 376 error("fstat failed: %s", strerror(errno)); 377 return -1; 378 } 379 380 if (S_ISBLK(st.st_mode)) { 381 debug("block device"); 382 383 if (ioctl(f->fd, BLKGETSIZE64, &f->size) == -1) { 384 error("ioctl failed: %s", strerror(errno)); 385 return -1; 386 } 387 } else if (S_ISREG(st.st_mode)) { 388 debug("file"); 389 f->size = st.st_size; 390 } else { 391 error("unsupported type %d", (int)st.st_mode); 392 errno = EACCES; 393 return -1; 394 } 395 396 return 0; 397} 398 399/* clears fec_handle fiels to safe values */ 400static void reset_handle(fec_handle *f) 401{ 402 f->fd = -1; 403 f->flags = 0; 404 f->mode = 0; 405 f->errors = 0; 406 f->data_size = 0; 407 f->pos = 0; 408 f->size = 0; 409 410 memset(&f->ecc, 0, sizeof(f->ecc)); 411 memset(&f->verity, 0, sizeof(f->verity)); 412} 413 414/* closes and flushes `f->fd' and releases any memory allocated for `f' */ 415int fec_close(struct fec_handle *f) 416{ 417 check(f); 418 419 if (f->fd != -1) { 420 if (f->mode & O_RDWR && fdatasync(f->fd) == -1) { 421 warn("fdatasync failed: %s", strerror(errno)); 422 } 423 424 TEMP_FAILURE_RETRY(close(f->fd)); 425 } 426 427 if (f->verity.hash) { 428 delete[] f->verity.hash; 429 } 430 if (f->verity.salt) { 431 delete[] f->verity.salt; 432 } 433 if (f->verity.table) { 434 delete[] f->verity.table; 435 } 436 437 pthread_mutex_destroy(&f->mutex); 438 439 reset_handle(f); 440 delete f; 441 442 return 0; 443} 444 445/* populates `data' from the internal data in `f', returns a value <0 if verity 446 metadata is not available in `f->fd' */ 447int fec_verity_get_metadata(struct fec_handle *f, struct fec_verity_metadata *data) 448{ 449 check(f); 450 check(data); 451 452 if (!f->verity.metadata_start) { 453 return -1; 454 } 455 456 check(f->data_size < f->size); 457 check(f->data_size <= f->verity.hash_start); 458 check(f->data_size <= f->verity.metadata_start); 459 check(f->verity.table); 460 461 data->disabled = f->verity.disabled; 462 data->data_size = f->data_size; 463 memcpy(data->signature, f->verity.header.signature, 464 sizeof(data->signature)); 465 memcpy(data->ecc_signature, f->verity.ecc_header.signature, 466 sizeof(data->ecc_signature)); 467 data->table = f->verity.table; 468 data->table_length = f->verity.header.length; 469 470 return 0; 471} 472 473/* populates `data' from the internal data in `f', returns a value <0 if ecc 474 metadata is not available in `f->fd' */ 475int fec_ecc_get_metadata(struct fec_handle *f, struct fec_ecc_metadata *data) 476{ 477 check(f); 478 check(data); 479 480 if (!f->ecc.start) { 481 return -1; 482 } 483 484 check(f->data_size < f->size); 485 check(f->ecc.start >= f->data_size); 486 check(f->ecc.start < f->size); 487 check(f->ecc.start % FEC_BLOCKSIZE == 0) 488 489 data->valid = f->ecc.valid; 490 data->roots = f->ecc.roots; 491 data->blocks = f->ecc.blocks; 492 data->rounds = f->ecc.rounds; 493 data->start = f->ecc.start; 494 495 return 0; 496} 497 498/* populates `data' from the internal status in `f' */ 499int fec_get_status(struct fec_handle *f, struct fec_status *s) 500{ 501 check(f); 502 check(s); 503 504 s->flags = f->flags; 505 s->mode = f->mode; 506 s->errors = f->errors; 507 s->data_size = f->data_size; 508 s->size = f->size; 509 510 return 0; 511} 512 513/* opens `path' using given options and returns a fec_handle in `handle' if 514 successful */ 515int fec_open(struct fec_handle **handle, const char *path, int mode, int flags, 516 int roots) 517{ 518 check(path); 519 check(handle); 520 check(roots > 0 && roots < FEC_RSM); 521 522 debug("path = %s, mode = %d, flags = %d, roots = %d", path, mode, flags, 523 roots); 524 525 if (mode & (O_CREAT | O_TRUNC | O_EXCL | O_WRONLY)) { 526 /* only reading and updating existing files is supported */ 527 error("failed to open '%s': (unsupported mode %d)", path, mode); 528 errno = EACCES; 529 return -1; 530 } 531 532 fec::handle f(new (std::nothrow) fec_handle, fec_close); 533 534 if (unlikely(!f)) { 535 error("failed to allocate file handle"); 536 errno = ENOMEM; 537 return -1; 538 } 539 540 reset_handle(f.get()); 541 542 f->mode = mode; 543 f->ecc.roots = roots; 544 f->ecc.rsn = FEC_RSM - roots; 545 f->flags = flags; 546 547 if (unlikely(pthread_mutex_init(&f->mutex, NULL) != 0)) { 548 error("failed to create a mutex: %s", strerror(errno)); 549 return -1; 550 } 551 552 f->fd = TEMP_FAILURE_RETRY(open(path, mode | O_CLOEXEC)); 553 554 if (f->fd == -1) { 555 error("failed to open '%s': %s", path, strerror(errno)); 556 return -1; 557 } 558 559 if (get_size(f.get()) == -1) { 560 error("failed to get size for '%s': %s", path, strerror(errno)); 561 return -1; 562 } 563 564 f->data_size = f->size; /* until ecc and/or verity are loaded */ 565 566 if (load_ecc(f.get()) == -1) { 567 debug("error-correcting codes not found from '%s'", path); 568 } 569 570 if (load_verity(f.get()) == -1) { 571 debug("verity metadata not found from '%s'", path); 572 } 573 574 *handle = f.release(); 575 return 0; 576} 577