| /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ |
| /* |
| * Userspace interface for Incremental FS. |
| * |
| * Incremental FS is special-purpose Linux virtual file system that allows |
| * execution of a program while its binary and resource files are still being |
| * lazily downloaded over the network, USB etc. |
| * |
| * Copyright 2019 Google LLC |
| */ |
| #ifndef _UAPI_LINUX_INCREMENTALFS_H |
| #define _UAPI_LINUX_INCREMENTALFS_H |
| |
| #include <linux/limits.h> |
| #include <linux/ioctl.h> |
| #include <linux/types.h> |
| #include <linux/xattr.h> |
| |
| /* ===== constants ===== */ |
| #define INCFS_NAME "incremental-fs" |
| |
| /* |
| * Magic number used in file header and in memory superblock |
| * Note that it is a 5 byte unsigned long. Thus on 32 bit kernels, it is |
| * truncated to a 4 byte number |
| */ |
| #define INCFS_MAGIC_NUMBER (0x5346434e49ul & ULONG_MAX) |
| |
| #define INCFS_DATA_FILE_BLOCK_SIZE 4096 |
| #define INCFS_HEADER_VER 1 |
| |
| /* TODO: This value is assumed in incfs_copy_signature_info_from_user to be the |
| * actual signature length. Set back to 64 when fixed. |
| */ |
| #define INCFS_MAX_HASH_SIZE 32 |
| #define INCFS_MAX_FILE_ATTR_SIZE 512 |
| |
| #define INCFS_INDEX_NAME ".index" |
| #define INCFS_INCOMPLETE_NAME ".incomplete" |
| #define INCFS_PENDING_READS_FILENAME ".pending_reads" |
| #define INCFS_LOG_FILENAME ".log" |
| #define INCFS_BLOCKS_WRITTEN_FILENAME ".blocks_written" |
| #define INCFS_XATTR_ID_NAME (XATTR_USER_PREFIX "incfs.id") |
| #define INCFS_XATTR_SIZE_NAME (XATTR_USER_PREFIX "incfs.size") |
| #define INCFS_XATTR_METADATA_NAME (XATTR_USER_PREFIX "incfs.metadata") |
| #define INCFS_XATTR_VERITY_NAME (XATTR_USER_PREFIX "incfs.verity") |
| |
| #define INCFS_MAX_SIGNATURE_SIZE 8096 |
| #define INCFS_SIGNATURE_VERSION 2 |
| #define INCFS_SIGNATURE_SECTIONS 2 |
| |
| #define INCFS_IOCTL_BASE_CODE 'g' |
| |
| /* ===== ioctl requests on the command dir ===== */ |
| |
| /* |
| * Create a new file |
| * May only be called on .pending_reads file |
| */ |
| #define INCFS_IOC_CREATE_FILE \ |
| _IOWR(INCFS_IOCTL_BASE_CODE, 30, struct incfs_new_file_args) |
| |
| /* Read file signature */ |
| #define INCFS_IOC_READ_FILE_SIGNATURE \ |
| _IOR(INCFS_IOCTL_BASE_CODE, 31, struct incfs_get_file_sig_args) |
| |
| /* |
| * Fill in one or more data block. This may only be called on a handle |
| * passed as a parameter to INCFS_IOC_PERMIT_FILLING |
| * |
| * Returns number of blocks filled in, or error if none were |
| */ |
| #define INCFS_IOC_FILL_BLOCKS \ |
| _IOR(INCFS_IOCTL_BASE_CODE, 32, struct incfs_fill_blocks) |
| |
| /* |
| * Permit INCFS_IOC_FILL_BLOCKS on the given file descriptor |
| * May only be called on .pending_reads file |
| * |
| * Returns 0 on success or error |
| */ |
| #define INCFS_IOC_PERMIT_FILL \ |
| _IOW(INCFS_IOCTL_BASE_CODE, 33, struct incfs_permit_fill) |
| |
| /* |
| * Fills buffer with ranges of populated blocks |
| * |
| * Returns 0 if all ranges written |
| * error otherwise |
| * |
| * Either way, range_buffer_size_out is set to the number |
| * of bytes written. Should be set to 0 by caller. The ranges |
| * filled are valid, but if an error was returned there might |
| * be more ranges to come. |
| * |
| * Ranges are ranges of filled blocks: |
| * |
| * 1 2 7 9 |
| * |
| * means blocks 1, 2, 7, 8, 9 are filled, 0, 3, 4, 5, 6 and 10 on |
| * are not |
| * |
| * If hashing is enabled for the file, the hash blocks are simply |
| * treated as though they immediately followed the data blocks. |
| */ |
| #define INCFS_IOC_GET_FILLED_BLOCKS \ |
| _IOR(INCFS_IOCTL_BASE_CODE, 34, struct incfs_get_filled_blocks_args) |
| |
| /* |
| * Creates a new mapped file |
| * May only be called on .pending_reads file |
| */ |
| #define INCFS_IOC_CREATE_MAPPED_FILE \ |
| _IOWR(INCFS_IOCTL_BASE_CODE, 35, struct incfs_create_mapped_file_args) |
| |
| /* |
| * Get number of blocks, total and filled |
| * May only be called on .pending_reads file |
| */ |
| #define INCFS_IOC_GET_BLOCK_COUNT \ |
| _IOR(INCFS_IOCTL_BASE_CODE, 36, struct incfs_get_block_count_args) |
| |
| /* |
| * Get per UID read timeouts |
| * May only be called on .pending_reads file |
| */ |
| #define INCFS_IOC_GET_READ_TIMEOUTS \ |
| _IOR(INCFS_IOCTL_BASE_CODE, 37, struct incfs_get_read_timeouts_args) |
| |
| /* |
| * Set per UID read timeouts |
| * May only be called on .pending_reads file |
| */ |
| #define INCFS_IOC_SET_READ_TIMEOUTS \ |
| _IOW(INCFS_IOCTL_BASE_CODE, 38, struct incfs_set_read_timeouts_args) |
| |
| /* |
| * Get last read error |
| * May only be called on .pending_reads file |
| */ |
| #define INCFS_IOC_GET_LAST_READ_ERROR \ |
| _IOW(INCFS_IOCTL_BASE_CODE, 39, struct incfs_get_last_read_error_args) |
| |
| /* ===== sysfs feature flags ===== */ |
| /* |
| * Each flag is represented by a file in /sys/fs/incremental-fs/features |
| * If the file exists the feature is supported |
| * Also the file contents will be the line "supported" |
| */ |
| |
| /* |
| * Basic flag stating that the core incfs file system is available |
| */ |
| #define INCFS_FEATURE_FLAG_COREFS "corefs" |
| |
| /* |
| * zstd compression support |
| */ |
| #define INCFS_FEATURE_FLAG_ZSTD "zstd" |
| |
| /* |
| * v2 feature set support. Covers: |
| * INCFS_IOC_CREATE_MAPPED_FILE |
| * INCFS_IOC_GET_BLOCK_COUNT |
| * INCFS_IOC_GET_READ_TIMEOUTS/INCFS_IOC_SET_READ_TIMEOUTS |
| * .blocks_written status file |
| * .incomplete folder |
| * report_uid mount option |
| */ |
| #define INCFS_FEATURE_FLAG_V2 "v2" |
| |
| enum incfs_compression_alg { |
| COMPRESSION_NONE = 0, |
| COMPRESSION_LZ4 = 1, |
| COMPRESSION_ZSTD = 2, |
| }; |
| |
| enum incfs_block_flags { |
| INCFS_BLOCK_FLAGS_NONE = 0, |
| INCFS_BLOCK_FLAGS_HASH = 1, |
| }; |
| |
| typedef struct { |
| __u8 bytes[16]; |
| } incfs_uuid_t __attribute__((aligned (8))); |
| |
| /* |
| * Description of a pending read. A pending read - a read call by |
| * a userspace program for which the filesystem currently doesn't have data. |
| * |
| * Reads from .pending_reads and .log return an array of these structure |
| */ |
| struct incfs_pending_read_info { |
| /* Id of a file that is being read from. */ |
| incfs_uuid_t file_id; |
| |
| /* A number of microseconds since system boot to the read. */ |
| __aligned_u64 timestamp_us; |
| |
| /* Index of a file block that is being read. */ |
| __u32 block_index; |
| |
| /* A serial number of this pending read. */ |
| __u32 serial_number; |
| }; |
| |
| /* |
| * Description of a pending read. A pending read - a read call by |
| * a userspace program for which the filesystem currently doesn't have data. |
| * |
| * This version of incfs_pending_read_info is used whenever the file system is |
| * mounted with the report_uid flag |
| */ |
| struct incfs_pending_read_info2 { |
| /* Id of a file that is being read from. */ |
| incfs_uuid_t file_id; |
| |
| /* A number of microseconds since system boot to the read. */ |
| __aligned_u64 timestamp_us; |
| |
| /* Index of a file block that is being read. */ |
| __u32 block_index; |
| |
| /* A serial number of this pending read. */ |
| __u32 serial_number; |
| |
| /* The UID of the reading process */ |
| __u32 uid; |
| |
| __u32 reserved; |
| }; |
| |
| /* |
| * Description of a data or hash block to add to a data file. |
| */ |
| struct incfs_fill_block { |
| /* Index of a data block. */ |
| __u32 block_index; |
| |
| /* Length of data */ |
| __u32 data_len; |
| |
| /* |
| * A pointer to an actual data for the block. |
| * |
| * Equivalent to: __u8 *data; |
| */ |
| __aligned_u64 data; |
| |
| /* |
| * Compression algorithm used to compress the data block. |
| * Values from enum incfs_compression_alg. |
| */ |
| __u8 compression; |
| |
| /* Values from enum incfs_block_flags */ |
| __u8 flags; |
| |
| __u16 reserved1; |
| |
| __u32 reserved2; |
| |
| __aligned_u64 reserved3; |
| }; |
| |
| /* |
| * Description of a number of blocks to add to a data file |
| * |
| * Argument for INCFS_IOC_FILL_BLOCKS |
| */ |
| struct incfs_fill_blocks { |
| /* Number of blocks */ |
| __u64 count; |
| |
| /* A pointer to an array of incfs_fill_block structs */ |
| __aligned_u64 fill_blocks; |
| }; |
| |
| /* |
| * Permit INCFS_IOC_FILL_BLOCKS on the given file descriptor |
| * May only be called on .pending_reads file |
| * |
| * Argument for INCFS_IOC_PERMIT_FILL |
| */ |
| struct incfs_permit_fill { |
| /* File to permit fills on */ |
| __u32 file_descriptor; |
| }; |
| |
| enum incfs_hash_tree_algorithm { |
| INCFS_HASH_TREE_NONE = 0, |
| INCFS_HASH_TREE_SHA256 = 1 |
| }; |
| |
| /* |
| * Create a new file or directory. |
| */ |
| struct incfs_new_file_args { |
| /* Id of a file to create. */ |
| incfs_uuid_t file_id; |
| |
| /* |
| * Total size of the new file. Ignored if S_ISDIR(mode). |
| */ |
| __aligned_u64 size; |
| |
| /* |
| * File mode. Permissions and dir flag. |
| */ |
| __u16 mode; |
| |
| __u16 reserved1; |
| |
| __u32 reserved2; |
| |
| /* |
| * A pointer to a null-terminated relative path to the file's parent |
| * dir. |
| * Max length: PATH_MAX |
| * |
| * Equivalent to: char *directory_path; |
| */ |
| __aligned_u64 directory_path; |
| |
| /* |
| * A pointer to a null-terminated file's name. |
| * Max length: PATH_MAX |
| * |
| * Equivalent to: char *file_name; |
| */ |
| __aligned_u64 file_name; |
| |
| /* |
| * A pointer to a file attribute to be set on creation. |
| * |
| * Equivalent to: u8 *file_attr; |
| */ |
| __aligned_u64 file_attr; |
| |
| /* |
| * Length of the data buffer specfied by file_attr. |
| * Max value: INCFS_MAX_FILE_ATTR_SIZE |
| */ |
| __u32 file_attr_len; |
| |
| __u32 reserved4; |
| |
| /* |
| * Points to an APK V4 Signature data blob |
| * Signature must have two sections |
| * Format is: |
| * u32 version |
| * u32 size_of_hash_info_section |
| * u8 hash_info_section[] |
| * u32 size_of_signing_info_section |
| * u8 signing_info_section[] |
| * |
| * Note that incfs does not care about what is in signing_info_section |
| * |
| * hash_info_section has following format: |
| * u32 hash_algorithm; // Must be SHA256 == 1 |
| * u8 log2_blocksize; // Must be 12 for 4096 byte blocks |
| * u32 salt_size; |
| * u8 salt[]; |
| * u32 hash_size; |
| * u8 root_hash[]; |
| */ |
| __aligned_u64 signature_info; |
| |
| /* Size of signature_info */ |
| __aligned_u64 signature_size; |
| |
| __aligned_u64 reserved6; |
| }; |
| |
| /* |
| * Request a digital signature blob for a given file. |
| * Argument for INCFS_IOC_READ_FILE_SIGNATURE ioctl |
| */ |
| struct incfs_get_file_sig_args { |
| /* |
| * A pointer to the data buffer to save an signature blob to. |
| * |
| * Equivalent to: u8 *file_signature; |
| */ |
| __aligned_u64 file_signature; |
| |
| /* Size of the buffer at file_signature. */ |
| __u32 file_signature_buf_size; |
| |
| /* |
| * Number of bytes save file_signature buffer. |
| * It is set after ioctl done. |
| */ |
| __u32 file_signature_len_out; |
| }; |
| |
| struct incfs_filled_range { |
| __u32 begin; |
| __u32 end; |
| }; |
| |
| /* |
| * Request ranges of filled blocks |
| * Argument for INCFS_IOC_GET_FILLED_BLOCKS |
| */ |
| struct incfs_get_filled_blocks_args { |
| /* |
| * A buffer to populate with ranges of filled blocks |
| * |
| * Equivalent to struct incfs_filled_ranges *range_buffer |
| */ |
| __aligned_u64 range_buffer; |
| |
| /* Size of range_buffer */ |
| __u32 range_buffer_size; |
| |
| /* Start index to read from */ |
| __u32 start_index; |
| |
| /* |
| * End index to read to. 0 means read to end. This is a range, |
| * so incfs will read from start_index to end_index - 1 |
| */ |
| __u32 end_index; |
| |
| /* Actual number of blocks in file */ |
| __u32 total_blocks_out; |
| |
| /* The number of data blocks in file */ |
| __u32 data_blocks_out; |
| |
| /* Number of bytes written to range buffer */ |
| __u32 range_buffer_size_out; |
| |
| /* Sector scanned up to, if the call was interrupted */ |
| __u32 index_out; |
| }; |
| |
| /* |
| * Create a new mapped file |
| * Argument for INCFS_IOC_CREATE_MAPPED_FILE |
| */ |
| struct incfs_create_mapped_file_args { |
| /* |
| * Total size of the new file. |
| */ |
| __aligned_u64 size; |
| |
| /* |
| * File mode. Permissions and dir flag. |
| */ |
| __u16 mode; |
| |
| __u16 reserved1; |
| |
| __u32 reserved2; |
| |
| /* |
| * A pointer to a null-terminated relative path to the incfs mount |
| * point |
| * Max length: PATH_MAX |
| * |
| * Equivalent to: char *directory_path; |
| */ |
| __aligned_u64 directory_path; |
| |
| /* |
| * A pointer to a null-terminated file name. |
| * Max length: PATH_MAX |
| * |
| * Equivalent to: char *file_name; |
| */ |
| __aligned_u64 file_name; |
| |
| /* Id of source file to map. */ |
| incfs_uuid_t source_file_id; |
| |
| /* |
| * Offset in source file to start mapping. Must be a multiple of |
| * INCFS_DATA_FILE_BLOCK_SIZE |
| */ |
| __aligned_u64 source_offset; |
| }; |
| |
| /* |
| * Get information about the blocks in this file |
| * Argument for INCFS_IOC_GET_BLOCK_COUNT |
| */ |
| struct incfs_get_block_count_args { |
| /* Total number of data blocks in the file */ |
| __u32 total_data_blocks_out; |
| |
| /* Number of filled data blocks in the file */ |
| __u32 filled_data_blocks_out; |
| |
| /* Total number of hash blocks in the file */ |
| __u32 total_hash_blocks_out; |
| |
| /* Number of filled hash blocks in the file */ |
| __u32 filled_hash_blocks_out; |
| }; |
| |
| /* Description of timeouts for one UID */ |
| struct incfs_per_uid_read_timeouts { |
| /* UID to apply these timeouts to */ |
| __u32 uid; |
| |
| /* |
| * Min time in microseconds to read any block. Note that this doesn't |
| * apply to reads which are satisfied from the page cache. |
| */ |
| __u32 min_time_us; |
| |
| /* |
| * Min time in microseconds to satisfy a pending read. Any pending read |
| * which is filled before this time will be delayed so that the total |
| * read time >= this value. |
| */ |
| __u32 min_pending_time_us; |
| |
| /* |
| * Max time in microseconds to satisfy a pending read before the read |
| * times out. If set to U32_MAX, defaults to mount options |
| * read_timeout_ms * 1000. Must be >= min_pending_time_us |
| */ |
| __u32 max_pending_time_us; |
| }; |
| |
| /* |
| * Get the read timeouts array |
| * Argument for INCFS_IOC_GET_READ_TIMEOUTS |
| */ |
| struct incfs_get_read_timeouts_args { |
| /* |
| * A pointer to a buffer to fill with the current timeouts |
| * |
| * Equivalent to struct incfs_per_uid_read_timeouts * |
| */ |
| __aligned_u64 timeouts_array; |
| |
| /* Size of above buffer in bytes */ |
| __u32 timeouts_array_size; |
| |
| /* Size used in bytes, or size needed if -ENOMEM returned */ |
| __u32 timeouts_array_size_out; |
| }; |
| |
| /* |
| * Set the read timeouts array |
| * Arguments for INCFS_IOC_SET_READ_TIMEOUTS |
| */ |
| struct incfs_set_read_timeouts_args { |
| /* |
| * A pointer to an array containing the new timeouts |
| * This will replace any existing timeouts |
| * |
| * Equivalent to struct incfs_per_uid_read_timeouts * |
| */ |
| __aligned_u64 timeouts_array; |
| |
| /* Size of above array in bytes. Must be < 256 */ |
| __u32 timeouts_array_size; |
| }; |
| |
| /* |
| * Get last read error struct |
| * Arguments for INCFS_IOC_GET_LAST_READ_ERROR |
| */ |
| struct incfs_get_last_read_error_args { |
| /* File id of last file that had a read error */ |
| incfs_uuid_t file_id_out; |
| |
| /* Time of last read error, in us, from CLOCK_MONOTONIC */ |
| __u64 time_us_out; |
| |
| /* Index of page that was being read at last read error */ |
| __u32 page_out; |
| |
| /* errno of last read error */ |
| __u32 errno_out; |
| |
| /* uid of last read error */ |
| __u32 uid_out; |
| |
| __u32 reserved1; |
| __u64 reserved2; |
| }; |
| |
| #endif /* _UAPI_LINUX_INCREMENTALFS_H */ |