From aae22eb3a32d5dff8dc8e1a05edd0fa639ec40b8 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 5 Apr 2018 13:03:37 +0200
Subject: [PATCH] dissect: tighten block device checks a bit

This extends on #8609, and makes two changes:

1. We'll now explicitly check that the child devices of a block device
   we are interested in (i.e. the partitions) are block devices themselves.
   On newer kernels the mmc rpmb stuff is actually exposed as char rather
   than block device as before, and they probably should have been that in
   the first place. By adding this check we'll hence filter out these weird
   devices through a second rule too, that hopefully makes things a bit
   more future-proof, should more devices like this be added eventually,
   or other subsystems do a similar thing.

2. When counting partitions we'll now also check the devnum of the
   device being non-null, which we already do when matching up the devices
   in the second iteration. This should make things more robust, and
   prevent other kinds of miscounting, which after all was the main
   issue #8609 fixed.
---
 src/shared/dissect-image.c | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index e2baa4497c..c29d70fa04 100644
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -111,11 +111,23 @@ not_found:
 /* Detect RPMB and Boot partitions, which are not listed by blkid.
  * See https://github.com/systemd/systemd/issues/5806. */
 static bool device_is_mmc_special_partition(struct udev_device *d) {
-        const char *sysname = udev_device_get_sysname(d);
+        const char *sysname;
+
+        sysname = udev_device_get_sysname(d);
         return (sysname && startswith(sysname, "mmcblk") &&
                 (endswith(sysname, "rpmb") || endswith(sysname, "boot0") || endswith(sysname, "boot1")));
 }
 
+static bool device_is_block(struct udev_device *d) {
+        const char *ss;
+
+        ss = udev_device_get_subsystem(d);
+        if (!ss)
+                return false;
+
+        return streq(ss, "block");
+}
+
 int dissect_image(
                 int fd,
                 const void *root_hash,
@@ -289,11 +301,19 @@ int dissect_image(
                 first = udev_enumerate_get_list_entry(e);
                 udev_list_entry_foreach(item, first) {
                         _cleanup_udev_device_unref_ struct udev_device *q;
+                        dev_t qn;
 
                         q = udev_device_new_from_syspath(udev, udev_list_entry_get_name(item));
                         if (!q)
                                 return -errno;
 
+                        qn = udev_device_get_devnum(q);
+                        if (major(qn) == 0)
+                                continue;
+
+                        if (!device_is_block(q))
+                                continue;
+
                         if (device_is_mmc_special_partition(q))
                                 continue;
                         n++;
@@ -371,6 +391,9 @@ int dissect_image(
                 if (st.st_rdev == qn)
                         continue;
 
+                if (!device_is_block(q))
+                        continue;
+
                 if (device_is_mmc_special_partition(q))
                         continue;