src/nbd: avoid race with udev during setup

michaelolbrich · jluebbe · commit c7e4e8580cb9 · 2025-08-23T17:19:21.000+02:00
With the NBD_CFLAG_DISCONNECT_ON_CLOSE flag set, the nbd device will be
automatically removed when there are no more users after it was was
opened the first time.

The idea here is, that the nbd device is created, and then immediately
mounted (possibly with dm-verity or dm-crypt in between). Wenn the
bundle ist later unmounted then the nbd device is automatically removed.

Unfortunately this is racy: udev will see the new device and open it
immediately. If it closes the device before it is mounted (or dm-verity
or dm-crypt is configured) then the nbd device is removed immediately
and mounting will fail.

So instead create the nbd device without NBD_CFLAG_DISCONNECT_ON_CLOSE,
open it to keep it busy and then reconfigure the device to set
NBD_CFLAG_DISCONNECT_ON_CLOSE. The file descriptor is kept open until
the bundle is mounted.

Note that with this change, the nbd device will not be fully removed if
rauc dies between creating the nbd device and reconfiguring it, or if
reconfiguring fails.

Signed-off-by: Michael Olbrich &lt;m.olbrich@pengutronix.de&gt;
Signed-off-by: Jan Luebbe &lt;jlu@pengutronix.de&gt;
diff --git a/include/nbd.h b/include/nbd.h
@@ -66,7 +66,7 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC(RaucNBDServer, r_nbd_free_server);
  *
  * @return TRUE on success, FALSE if an error occurred
  */
-gboolean r_nbd_setup_device(RaucNBDDevice *nbd_dev, GError **error);
+gboolean r_nbd_setup_device(RaucNBDDevice *nbd_dev, int *devicefd, GError **error);
 
 /**
  * Remove a previously configured NBD device from the kernel.
diff --git a/src/bundle.c b/src/bundle.c
@@ -3094,7 +3094,7 @@ gboolean mount_bundle(RaucBundle *bundle, GError **error)
 		bundle->nbd_dev->data_size = bundle->size;
 		bundle->nbd_dev->sock = bundle->nbd_srv->sock;
 		bundle->nbd_srv->sock = -1;
-		res = r_nbd_setup_device(bundle->nbd_dev, &ierror);
+		res = r_nbd_setup_device(bundle->nbd_dev, &devicefd, &ierror);
 		if (!res) {
 			/* The setup failed, so the socket still belongs to the nbd_srv. */
 			bundle->nbd_srv->sock = bundle->nbd_dev->sock;
diff --git a/src/nbd.c b/src/nbd.c
@@ -142,7 +142,7 @@ static struct nl_sock *netlink_connect(int *driver_id, GError **error)
 	return nl;
 }
 
-gboolean r_nbd_setup_device(RaucNBDDevice *nbd_dev, GError **error)
+gboolean r_nbd_setup_device(RaucNBDDevice *nbd_dev, int *devicefd, GError **error)
 {
 	GError *ierror = NULL;
 	gboolean res = FALSE;
@@ -151,8 +151,11 @@ gboolean r_nbd_setup_device(RaucNBDDevice *nbd_dev, GError **error)
 	struct nl_msg *msg = NULL;
 	struct nlattr *attr_sockets = NULL;
 	struct nlattr *attr_item = NULL;
+	g_autofree gchar *device_path = NULL;
+	g_auto(filedesc) idevicefd = -1;
 
 	g_return_val_if_fail(nbd_dev != NULL, FALSE);
+	g_return_val_if_fail(devicefd != NULL && *devicefd == -1, FALSE);
 	g_return_val_if_fail(error == NULL || *error == NULL, FALSE);
 
 	g_assert(nbd_dev->data_size % 4096 == 0);
@@ -177,9 +180,6 @@ gboolean r_nbd_setup_device(RaucNBDDevice *nbd_dev, GError **error)
 	NLA_PUT_U64(msg, NBD_ATTR_SIZE_BYTES, nbd_dev->data_size);
 	NLA_PUT_U64(msg, NBD_ATTR_BLOCK_SIZE_BYTES, 4096);
 	NLA_PUT_U64(msg, NBD_ATTR_SERVER_FLAGS, 0);
-	NLA_PUT_U64(msg, NBD_ATTR_CLIENT_FLAGS,
-			NBD_CFLAG_DISCONNECT_ON_CLOSE
-			);
 	NLA_PUT_U64(msg, NBD_ATTR_TIMEOUT, 300);
 
 	attr_sockets = nla_nest_start(msg, NBD_ATTR_SOCKETS);
@@ -201,11 +201,39 @@ gboolean r_nbd_setup_device(RaucNBDDevice *nbd_dev, GError **error)
 	if (!nbd_dev->index_valid)
 		g_error("failed to create nbd device");
 
-	nbd_dev->dev = g_strdup_printf("/dev/nbd%"G_GUINT32_FORMAT, nbd_dev->index);
+	device_path = g_strdup_printf("/dev/nbd%"G_GUINT32_FORMAT, nbd_dev->index);
+
+	idevicefd = g_open(device_path, O_RDONLY | O_CLOEXEC);
+	if (idevicefd < 0) {
+		int err = errno;
+		g_set_error(error, G_FILE_ERROR, g_file_error_from_errno(err), "failed to open %s: %s", device_path, g_strerror(err));
+		res = FALSE;
+		goto out;
+	}
+
+	msg = nlmsg_alloc();
+	if (!msg)
+		g_error("failed to allocate netlink message");
+
+	if (!genlmsg_put(msg, NL_AUTO_PORT, NL_AUTO_SEQ, driver_id, 0, 0, NBD_CMD_RECONFIGURE, 0))
+		g_error("failed to add generic netlink headers to message");
+
+	NLA_PUT_U32(msg, NBD_ATTR_INDEX, nbd_dev->index);
+	NLA_PUT_U64(msg, NBD_ATTR_CLIENT_FLAGS, NBD_CFLAG_DISCONNECT_ON_CLOSE);
+
+	nl_socket_modify_cb(nl, NL_CB_VALID, NL_CB_CUSTOM, NULL, NULL);
+	if (nl_send_sync(nl, msg) < 0) {
+		res = FALSE;
+		g_set_error(error, G_IO_ERROR, G_IO_ERROR_FAILED, "netlink send_sync failed");
+		goto out;
+	}
 
 	g_message("setup done for %s", nbd_dev->dev);
 
 	res = TRUE;
+	nbd_dev->dev = g_steal_pointer(&device_path);
+	*devicefd = idevicefd;
+	idevicefd = -1;
 	goto out;
 
 	/* This label is used by the NLA_PUT macros. */

Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC(RaucNBDServer, r_nbd_free_server);`
`66`	`66`	`*`
`67`	`67`	`* @return TRUE on success, FALSE if an error occurred`
`68`	`68`	`*/`
`69`		`-gboolean r_nbd_setup_device(RaucNBDDevice nbd_dev, GError *error);`
	`69`	`+gboolean r_nbd_setup_device(RaucNBDDevice nbd_dev, int devicefd, GError **error);`
`70`	`70`
`71`	`71`	`/**`
`72`	`72`	`* Remove a previously configured NBD device from the kernel.`