From patchwork Mon Oct 21 20:31:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Freihofer, Adrian" X-Patchwork-Id: 1180855 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::53e; helo=mail-ed1-x53e.google.com; envelope-from=swupdate+bncbaabbs5lxdwqkgqep5nea5q@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=siemens.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.b="Pdvpbm9Y"; dkim-atps=neutral Received: from mail-ed1-x53e.google.com (mail-ed1-x53e.google.com [IPv6:2a00:1450:4864:20::53e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46xpGS15Fgz9sP4 for ; Tue, 22 Oct 2019 07:32:14 +1100 (AEDT) Received: by mail-ed1-x53e.google.com with SMTP id s15sf9801339edj.1 for ; Mon, 21 Oct 2019 13:32:14 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1571689931; cv=pass; d=google.com; s=arc-20160816; b=yKC11kcGlH8+LbjxBYfZfWiVGYOVjCiG+TURoKT0TzzcE/BLFxSVzLFnG/iJhS0tWV ux6Orv5YjJT7EPF6r5PC5rGxBbR9Q2fUsnMKprbnqKDa5ruI0GWQ22qYp9UZYHBumGjR z6I65odWDIKJ3S2LsR4fyNYERZjfOQMFWTTAbHEa5fiiVUm5LMoCVdjJC9z6ZSQlJMHr QRmBVWluGaBkCXH4d7de16V1QpB3CDb4G8NBSbzDm/7xHaNrOCr99JYf/D8zZoGy+2Mk xdjF9VqE92+nF9OSAKN9gk2KnlKLg/0q0AR1SwPtp0dlsfWg8zRy7ddZ49a8dqJ+ClGU Syng== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:mime-version:sender:dkim-signature; bh=2zkxQtpnaa4yZZRiiS0N2YofZKpvVOxJLQbn18eG+tI=; b=lv1Lamctlt7DFxGAPX4vEBT5+qU/XIXBx7fb3BCfKgUJzy79b+C/QeqaHm/cCZ2qr9 19s1HPS3sqyLAelzfYlhncYJX9bge+RpTWKzzAOHe6O22vq/OmK6pN/KydklWP2V8DOY 0BlO81TXfBq2eQCVMahvMmea0GHhWtS+iaGuhSS/kyCx9q34HfcCzovJ0dYnFEqodfnl daND8X+n13QmW/1AYbSS7n8BgN9HheQoYurcKoALdkKlmsNFRdfV+BQvEWRppowwn9fg oj+5K1I/CZqMdZGHyuziAAChys/zDiy418TGSNIHrVYqeyvthe4A0vF+n/qdWIco80x5 zs9g== ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of adrian.freihofer@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=adrian.freihofer@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:mime-version:from:to:cc:subject:date:message-id:in-reply-to :references:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=2zkxQtpnaa4yZZRiiS0N2YofZKpvVOxJLQbn18eG+tI=; b=Pdvpbm9Ya2YDC8mCj2w2w9yvVKlp1i5q8tbPgs+nMwKtOoqQs1gL9BqnaYkKpyS2ZD 1/vvvo+vcORiMJgmmQ1bH4DrWG9FzL4+qbvwCNqjfiFsJUHuN19BTxwVv9Q4vL1YTQlZ 5ADCAGJjlB06HXw2ZvsMBs+w73i4KnbzHyn2R6pJQH0Pxl9GVhY8PY0pBkSXtBYdXg4a X7C2hYEt5MoTil/BqD0IRLCUjPW+xThyaKHOrW/5hneZ4kCVtyHTEHHW9NMeA5hERzW7 K9K7fJLtrtO5VwSqgX6lgzL8ElaAmBJkZP1a3jc73Tukvo+79SiuGtPP6D/oyyNBCwKw hnqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:mime-version:from:to:cc:subject:date :message-id:in-reply-to:references:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=2zkxQtpnaa4yZZRiiS0N2YofZKpvVOxJLQbn18eG+tI=; b=N0hd2BmJ0OXtmpL1kFBrUArg0wPNKBBPbEiovYRuZCv2YVmulIC95z0ZwTC7ls+jsj C12YN6NnEyPyA7faCBtl1g/t8Mv3YIGEo+6Q64832ohViirg3m3PEbDIpKh2KbJjRZP+ vBIB4BFlFqXgMcjr0o/v3YwJkJzo7xMmJLfODjdbIX5ny0jQBRWDC2gjbRPLSGFNBODr 9Sdj4txnOYmBE3thmoBLAiWEkgPlfQAsjapH1u0bBGqiKCPmbHbKc5UxZ7oXEyc2/dly dd05fmQMNw3CPo4aNV6aeq/v7EQZXbr0JF3z0fXUnbVp7tiV41xHvFwJkVftsErVTLMC AR+w== Sender: swupdate@googlegroups.com X-Gm-Message-State: APjAAAVQ6uAU/pN5gWAirjdf0FDk2frjkhjy67x4C5B9Dp2iaDYVbfex OCdz2mFct59OtVMWnvSkVII= X-Google-Smtp-Source: APXvYqyA4HSL1F6uk85HUVWtODub0/bCTkaY68nviJ38ap14OoirUUB3lL1hyZzwm9bes5ZL367YKQ== X-Received: by 2002:aa7:de1a:: with SMTP id h26mr27097327edv.289.1571689931164; Mon, 21 Oct 2019 13:32:11 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: swupdate@googlegroups.com Received: by 2002:aa7:daca:: with SMTP id x10ls3671140eds.13.gmail; Mon, 21 Oct 2019 13:32:10 -0700 (PDT) X-Received: by 2002:a50:fa42:: with SMTP id c2mr13751190edq.112.1571689930767; Mon, 21 Oct 2019 13:32:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571689930; cv=none; d=google.com; s=arc-20160816; b=kq1jUPF4Kbay/HY/diqt6bKi45HL7NIaedeklg+61QIuNcI8UyncYz8nnT9pVeUC4D /Oj+fuJd3j7JFN1E4hah6ikKU5WmqaQ8P59aw1Hd8Kro/iFYO7TOwUPZpDFqtaGCytcE CqWfBlrGa2nr6MFkMScyorfQsnyyNAvsdenorvXMFPWMyX5cuk0xEkWe9nCD4J/uwzUb HWL0pKD1wy4fL5/PjbbrepKmRmZbW1JamNWNZD+h0omNO1sFTqz6sbA0slV3o3+6zeKM x81ySSmXz16IR2zoOxZfakb1RK23GXaPMLq7Ojb0NryGm4qkbL4t8iCIVQks/NtLgPd7 PMsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=nzxjHOaGPKKEPi11q109eqBu2u/SzlAMuqOFIhEkNaY=; b=x026byE8o5lcunX/WUasKQ8baoBUorQ0JEHNZjJ0VxKMzm0oBiDg4q8o0nC1RlsyIw 4ytqqZ4cRqZZ1eOooBdBebMh8/Eijw6bBtlsHL8QcQ8/J6Xw/JoRl5n5UpXDn6DLMWkN MqKK4Xa2BN3dlbfvE1Tdxm5mwC8aPaoxP7lCf0dGMJvZsakkvVfY5QXhDR3Ns5dCKwuX ydVmH0rgaXCGe8ddQWaOGsQR3T5OQMUNgyxcLYThJzPxcoPT1YX5DzcfDizwLX3nyOaw hH+ZEC7s+A/xwZNJPC73SzwJzCJfdKiAc7Ud1g7w0HT/PhWhhg3MG54sC0ldkaKD36nb a7dQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of adrian.freihofer@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=adrian.freihofer@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from goliath.siemens.de (goliath.siemens.de. [192.35.17.28]) by gmr-mx.google.com with ESMTPS id a15si949690ejj.0.2019.10.21.13.32.10 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 21 Oct 2019 13:32:10 -0700 (PDT) Received-SPF: pass (google.com: domain of adrian.freihofer@siemens.com designates 192.35.17.28 as permitted sender) client-ip=192.35.17.28; Received: from mail3.siemens.de (mail3.siemens.de [139.25.208.14]) by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id x9LKWAJU014506 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 21 Oct 2019 22:32:10 +0200 Received: from dev.vm6.ccp.siemens.com ([139.22.35.84]) by mail3.siemens.de (8.15.2/8.15.2) with ESMTP id x9LKW9Q9006508; Mon, 21 Oct 2019 22:32:09 +0200 Received: from dev.localdomain (localhost [127.0.0.1]) by dev.vm6.ccp.siemens.com (Postfix) with ESMTP id AD16B2353A53; Mon, 21 Oct 2019 22:32:08 +0200 (CEST) From: Adrian Freihofer To: swupdate@googlegroups.com Cc: Adrian Freihofer Subject: [swupdate] [PATCH v3 2/3] raw_handler: handle ro block devices Date: Mon, 21 Oct 2019 22:31:56 +0200 Message-Id: <20191021203157.28524-3-adrian.freihofer@siemens.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20191021203157.28524-1-adrian.freihofer@siemens.com> References: <20191021203157.28524-1-adrian.freihofer@siemens.com> X-Original-Sender: adrian.freihofer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of adrian.freihofer@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=adrian.freihofer@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Some block devices support physical write protection. The kernel provides a standard interface to enable or disable protection in /sys/class/block/*/force_ro. This patch adds functionality to automatically detect these memory types. If read-only mode is enabled on the partition on which the image must be written, swupdate temporarily switches to read/write mode. Signed-off-by: Adrian Freihofer Acked-by: Stefano Babic --- handlers/raw_handler.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/handlers/raw_handler.c b/handlers/raw_handler.c index ba87191..6dfbe7d 100644 --- a/handlers/raw_handler.c +++ b/handlers/raw_handler.c @@ -27,12 +27,91 @@ void raw_image_handler(void); void raw_file_handler(void); void raw_copyimage_handler(void); +/** + * Handle write protection for block devices + * + * Automatically remove write protection for block devices if: + * - The device name starts with /dev/* + * - The device is a block device + * - A corresponding ro flag e.g. /sys/class/block/mmcblk0boot0/force_ro is available + * - The force_ro flag can be opened writeable + */ +static int blkprotect(struct img_type *img, bool on) +{ + const char c_sys_path[] = "/sys/class/block/%s/force_ro"; + const char c_unprot_char = '0'; + const char c_prot_char = '1'; + int ret = 0; // 0 means OK nothing to do, 1 OK unprotected, 2 OK protected, negative means error + int ret_int = 0; + char *sysfs_path = NULL; + int fd_force_ro; + struct stat sb; + char current_prot; + + if (strncmp("/dev/", img->device, 5) != 0) { + return ret; + } + + if (lstat(img->device, &sb) == -1) { + TRACE("stat for device %s failed: %s", img->device, strerror(errno)); + return ret; + } + if(!S_ISBLK(sb.st_mode)) { + return ret; + } + + ret_int = asprintf(&sysfs_path, c_sys_path, img->device + 5); // remove "/dev/" from device path + if(ret_int < 0) { + ret = -ENOMEM; + goto blkprotect_out; + } + + if (access(sysfs_path, W_OK) == -1) { + goto blkprotect_out; + } + + // There is a ro flag, the device needs to be protected or unprotected + fd_force_ro = open(sysfs_path, O_RDWR); + if (fd_force_ro == -1) { + ret = -EBADF; + goto blkprotect_out; + } + + ssize_t n = read(fd_force_ro, ¤t_prot, 1); + if (n != 1) { + ret = -EBADFD; + } + if (on == false) { + if (current_prot == c_prot_char) { + write(fd_force_ro, &c_unprot_char, 1); + TRACE("Device %s: read-only protection disabled", img->device); + ret = 1; + } + } else { + if (current_prot == c_unprot_char) { + write(fd_force_ro, &c_prot_char, 1); + TRACE("Device %s: read-only protection enabled", img->device); + ret = 2; + } + } + close(fd_force_ro); + +blkprotect_out: + if(sysfs_path) + free(sysfs_path); + return ret; +} + static int install_raw_image(struct img_type *img, void __attribute__ ((__unused__)) *data) { int ret; int fdout; + int prot_stat = blkprotect(img, false); + if (prot_stat < 0) + return prot_stat; + fdout = open(img->device, O_RDWR); if (fdout < 0) { TRACE("Device %s cannot be opened: %s", @@ -45,6 +124,11 @@ static int install_raw_image(struct img_type *img, ret = copyimage(&fdout, img, NULL); #endif + if (prot_stat == 1) { + fsync(fdout); // At least with Linux 4.14 data are not automatically flushed before ro mode is enabled + blkprotect(img, true); // no error handling, keep ret from copyimage + } + close(fdout); return ret; }