coreos-boot-mount-generator: Always use mpath for /boot if rd.multipath

If root is on multipath (which is today for CoreOS always `rd.multipath=default`) then we *know* we must use it for `/boot`. We're not going to support "tearing" where `/boot` is on a non-mpath device but `/` is on mpath. The current code is I believe racy because at the time the generator runs (and systemd generators run *early*), we're querying the "current" properties of the device at `/dev/disk/by-label/boot`. But multipathd could still be in the process of setting up and replacing the target of that symlink. This can cause systemd to tear down and reinitialize the mount, causing races. https://bugzilla.redhat.com/show_bug.cgi?id=1944660
coreos · May 19, 2021 · 55723e8 · 55723e8
1 parent b6a7c99
commit 55723e8
Showing 1 changed file with 16 additions and 15 deletions.
diff --git a/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator b/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator
@@ -41,43 +41,44 @@ add_wants() {
 # is backed by a device-mapper target the dev-mapper.*.device is used.
 mk_mount() {
     local mount_pt="${1}"; shift
-    local label="${1}"; shift
+    local path="${1}"; shift
     local options="${1}"; shift
 
-    local path="/dev/disk/by-label/${label}"
+    local devservice=$(systemd-escape -p ${path} --suffix=service)
     local unit_name=$(systemd-escape -p ${mount_pt} --suffix=mount)
 
-    eval $(udevadm info --query property --export "${path}")
-    device="$(systemd-escape ${path})"
-    if [ "${DM_NAME:-x}" != "x" ]; then
-        path="/dev/mapper/${DM_NAME}"
-        device="$(systemd-escape dev/mapper/${DM_NAME})"
-    fi
-    device="${device//-dev/dev}"
-    echo "coreos-boot-mount-generator: using ${device} for ${label} mount to ${mount_pt}"
-
     cat > "${UNIT_DIR}/${unit_name}" <<EOF
 # Automatically created by coreos-boot-mount-generator
 [Unit]
 Description=CoreOS Dynamic Mount for ${mount_pt}
 Documentation=https://github.com/coreos/fedora-coreos-config
 
 Before=local-fs.target
-Requires=systemd-fsck@${device}.service
-After=systemd-fsck@${device}.service
+Requires=systemd-fsck@${devservice}
+After=systemd-fsck@${devservice}
 
 [Mount]
 What=${path}
 Where=${mount_pt}
 Options=${options}
 EOF
-
     add_wants "${unit_name}"
 }
 
+# If the root device is multipath, hook up /boot to use that too,
+# based on our custom udev rules in 90-coreos-device-mapper.rules
+# that creates "label found on mpath" links.
+# Otherwise, use the usual by-label symlink.
+# See discussion in https://github.com/coreos/fedora-coreos-config/pull/1022
+bootdev=/dev/disk/by-label/boot
+# Yes this isn't a real karg parser but we're trapped in this shell script
+if grep -q rd.multipath /proc/cmdline; then
+    bootdev=/dev/disk/by-label/dm-mpath-boot
+fi
+
 # We mount read-only by default mostly to protect
 # against accidental damage.  Only a few things
 # owned by CoreOS should be touching /boot or the ESP.
 # Use nodev,nosuid because some hardening guides want
 # that even though it's of minimal value.
-mk_mount /boot boot ro,nodev,nosuid
+mk_mount /boot "${bootdev}" ro,nodev,nosuid