Google Git
Sign in
android-kvm / linux / c5af2c90ba5629f0424a8d315f75fb8d91713c3c / . / fs / readdir.c
blob: d6c82421902aca49f69b6499cb1041118991244a [file] [log] [blame]
Greg Kroah-Hartmanb2441312017-11-01 15:07:57 +0100[diff] [blame]1// SPDX-License-Identifier: GPL-2.0
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2/*
3 * linux/fs/readdir.c
4 *
5 * Copyright (C) 1995 Linus Torvalds
6 */
7
Kevin Winchester85c9fe82010-08-09 17:20:22 -0700[diff] [blame]8#include <linux/stddef.h>
Milind Arun Choudhary022a1692007-05-08 00:29:02 -0700[diff] [blame]9#include <linux/kernel.h>
Paul Gortmaker630d9c42011-11-16 23:57:37 -0500[diff] [blame]10#include <linux/export.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]11#include <linux/time.h>
12#include <linux/mm.h>
13#include <linux/errno.h>
14#include <linux/stat.h>
15#include <linux/file.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]16#include <linux/fs.h>
Heinrich Schuchardtd4c7cf62014-06-04 16:05:41 -0700[diff] [blame]17#include <linux/fsnotify.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]18#include <linux/dirent.h>
19#include <linux/security.h>
20#include <linux/syscalls.h>
21#include <linux/unistd.h>
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]22#include <linux/compat.h>
Linus Torvalds7c0f6ba2016-12-24 11:46:01 -0800[diff] [blame]23#include <linux/uaccess.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]24
Linus Torvalds9f79b782016-05-21 21:59:07 -0700[diff] [blame]25/*
Linus Torvalds3e327152023-08-05 12:25:01 -0700[diff] [blame]26 * Some filesystems were never converted to '->iterate_shared()'
27 * and their directory iterators want the inode lock held for
28 * writing. This wrapper allows for converting from the shared
29 * semantics to the exclusive inode use.
30 */
31int wrap_directory_iterator(struct file *file,
32 struct dir_context *ctx,
33 int (*iter)(struct file *, struct dir_context *))
34{
35 struct inode *inode = file_inode(file);
36 int ret;
37
38 /*
39 * We'd love to have an 'inode_upgrade_trylock()' operation,
40 * see the comment in mmap_upgrade_trylock() in mm/memory.c.
41 *
42 * But considering this is for "filesystems that never got
43 * converted", it really doesn't matter.
44 *
45 * Also note that since we have to return with the lock held
46 * for reading, we can't use the "killable()" locking here,
47 * since we do need to get the lock even if we're dying.
48 *
49 * We could do the write part killably and then get the read
50 * lock unconditionally if it mattered, but see above on why
51 * this does the very simplistic conversion.
52 */
53 up_read(&inode->i_rwsem);
54 down_write(&inode->i_rwsem);
55
56 /*
57 * Since we dropped the inode lock, we should do the
58 * DEADDIR test again. See 'iterate_dir()' below.
59 *
60 * Note that we don't need to re-do the f_pos games,
61 * since the file must be locked wrt f_pos anyway.
62 */
63 ret = -ENOENT;
64 if (!IS_DEADDIR(inode))
65 ret = iter(file, ctx);
66
67 downgrade_write(&inode->i_rwsem);
68 return ret;
69}
70EXPORT_SYMBOL(wrap_directory_iterator);
71
72/*
Thorsten Blum992f03f2024-06-02 02:47:30 +0200[diff] [blame]73 * Note the "unsafe_put_user()" semantics: we goto a
Linus Torvalds9f79b782016-05-21 21:59:07 -0700[diff] [blame]74 * label for errors.
Linus Torvalds9f79b782016-05-21 21:59:07 -0700[diff] [blame]75 */
76#define unsafe_copy_dirent_name(_dst, _src, _len, label) do { \
77 char __user *dst = (_dst); \
78 const char *src = (_src); \
79 size_t len = (_len); \
Linus Torvaldsc512c692019-10-07 12:56:48 -0700[diff] [blame]80 unsafe_put_user(0, dst+len, label); \
81 unsafe_copy_to_user(dst, src, len, label); \
Linus Torvalds9f79b782016-05-21 21:59:07 -0700[diff] [blame]82} while (0)
83
84
Al Viro5c0ba4e2013-05-15 13:52:59 -0400[diff] [blame]85int iterate_dir(struct file *file, struct dir_context *ctx)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]86{
Al Viro496ad9a2013-01-23 17:07:38 -0500[diff] [blame]87 struct inode *inode = file_inode(file);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]88 int res = -ENOTDIR;
Linus Torvalds3e327152023-08-05 12:25:01 -0700[diff] [blame]89
90 if (!file->f_op->iterate_shared)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]91 goto out;
92
93 res = security_file_permission(file, MAY_READ);
94 if (res)
95 goto out;
96
Amir Goldsteind9e5d312023-12-12 11:44:40 +0200[diff] [blame]97 res = fsnotify_file_perm(file, MAY_READ);
98 if (res)
99 goto out;
100
Linus Torvalds3e327152023-08-05 12:25:01 -0700[diff] [blame]101 res = down_read_killable(&inode->i_rwsem);
Kirill Tkhai0dc208b2017-09-29 19:06:48 +0300[diff] [blame]102 if (res)
103 goto out;
Liam R. Howlettda784512007-12-06 17:39:54 -0500[diff] [blame]104
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]105 res = -ENOENT;
106 if (!IS_DEADDIR(inode)) {
Al Viro2233f312013-05-22 21:44:23 -0400[diff] [blame]107 ctx->pos = file->f_pos;
Linus Torvalds3e327152023-08-05 12:25:01 -0700[diff] [blame]108 res = file->f_op->iterate_shared(file, ctx);
Al Viro2233f312013-05-22 21:44:23 -0400[diff] [blame]109 file->f_pos = ctx->pos;
Heinrich Schuchardtd4c7cf62014-06-04 16:05:41 -0700[diff] [blame]110 fsnotify_access(file);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]111 file_accessed(file);
112 }
Linus Torvalds3e327152023-08-05 12:25:01 -0700[diff] [blame]113 inode_unlock_shared(inode);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]114out:
115 return res;
116}
Al Viro5c0ba4e2013-05-15 13:52:59 -0400[diff] [blame]117EXPORT_SYMBOL(iterate_dir);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]118
119/*
Linus Torvalds8a23eb82019-10-05 11:32:52 -0700[diff] [blame]120 * POSIX says that a dirent name cannot contain NULL or a '/'.
121 *
122 * It's not 100% clear what we should really do in this case.
123 * The filesystem is clearly corrupted, but returning a hard
124 * error means that you now don't see any of the other names
125 * either, so that isn't a perfect alternative.
126 *
127 * And if you return an error, what error do you use? Several
128 * filesystems seem to have decided on EUCLEAN being the error
129 * code for EFSCORRUPTED, and that may be the error to use. Or
130 * just EIO, which is perhaps more obvious to users.
131 *
132 * In order to see the other file names in the directory, the
133 * caller might want to make this a "soft" error: skip the
134 * entry, and return the error at the end instead.
135 *
136 * Note that this should likely do a "memchr(name, 0, len)"
137 * check too, since that would be filesystem corruption as
138 * well. However, that case can't actually confuse user space,
139 * which has to do a strlen() on the name anyway to find the
140 * filename length, and the above "soft error" worry means
141 * that it's probably better left alone until we have that
142 * issue clarified.
Linus Torvalds2c6b7bc2020-01-23 10:05:05 -0800[diff] [blame]143 *
144 * Note the PATH_MAX check - it's arbitrary but the real
145 * kernel limit on a possible path component, not NAME_MAX,
146 * which is the technical standard limit.
Linus Torvalds8a23eb82019-10-05 11:32:52 -0700[diff] [blame]147 */
148static int verify_dirent_name(const char *name, int len)
149{
Linus Torvalds2c6b7bc2020-01-23 10:05:05 -0800[diff] [blame]150 if (len <= 0 || len >= PATH_MAX)
Linus Torvalds8a23eb82019-10-05 11:32:52 -0700[diff] [blame]151 return -EIO;
Linus Torvaldsb9959c72019-10-18 18:41:16 -0400[diff] [blame]152 if (memchr(name, '/', len))
Linus Torvalds8a23eb82019-10-05 11:32:52 -0700[diff] [blame]153 return -EIO;
154 return 0;
155}
156
157/*
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]158 * Traditional linux readdir() handling..
159 *
160 * "count=1" is a special case, meaning that the buffer is one
161 * dirent-structure in size and that the code can't handle more
162 * anyway. Thus the special "fillonedir()" function for that
163 * case (the low-level handlers don't need to care about this).
164 */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]165
166#ifdef __ARCH_WANT_OLD_READDIR
167
168struct old_linux_dirent {
169 unsigned long d_ino;
170 unsigned long d_offset;
171 unsigned short d_namlen;
Gustavo A. R. Silva25071352023-06-20 11:30:36 -0600[diff] [blame]172 char d_name[];
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]173};
174
175struct readdir_callback {
Al Viro5c0ba4e2013-05-15 13:52:59 -0400[diff] [blame]176 struct dir_context ctx;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]177 struct old_linux_dirent __user * dirent;
178 int result;
179};
180
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]181static bool fillonedir(struct dir_context *ctx, const char *name, int namlen,
Miklos Szerediac7576f2014-10-30 17:37:34 +0100[diff] [blame]182 loff_t offset, u64 ino, unsigned int d_type)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]183{
Miklos Szerediac7576f2014-10-30 17:37:34 +0100[diff] [blame]184 struct readdir_callback *buf =
185 container_of(ctx, struct readdir_callback, ctx);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]186 struct old_linux_dirent __user * dirent;
David Howellsafefdbb2006-10-03 01:13:46 -0700[diff] [blame]187 unsigned long d_ino;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]188
189 if (buf->result)
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]190 return false;
Linus Torvalds0c93ac62021-04-17 09:27:04 -0700[diff] [blame]191 buf->result = verify_dirent_name(name, namlen);
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]192 if (buf->result)
193 return false;
David Howellsafefdbb2006-10-03 01:13:46 -0700[diff] [blame]194 d_ino = ino;
Al Viro8f3f6552008-08-12 00:28:24 -0400[diff] [blame]195 if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
196 buf->result = -EOVERFLOW;
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]197 return false;
Al Viro8f3f6552008-08-12 00:28:24 -0400[diff] [blame]198 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]199 buf->result++;
200 dirent = buf->dirent;
Al Viro391b7462020-02-18 14:39:56 -0500[diff] [blame]201 if (!user_write_access_begin(dirent,
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]202 (unsigned long)(dirent->d_name + namlen + 1) -
203 (unsigned long)dirent))
204 goto efault;
Al Viro391b7462020-02-18 14:39:56 -0500[diff] [blame]205 unsafe_put_user(d_ino, &dirent->d_ino, efault_end);
206 unsafe_put_user(offset, &dirent->d_offset, efault_end);
207 unsafe_put_user(namlen, &dirent->d_namlen, efault_end);
208 unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
209 user_write_access_end();
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]210 return true;
Al Viro391b7462020-02-18 14:39:56 -0500[diff] [blame]211efault_end:
212 user_write_access_end();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]213efault:
214 buf->result = -EFAULT;
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]215 return false;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]216}
217
Heiko Carstensd4e82042009-01-14 14:14:34 +0100[diff] [blame]218SYSCALL_DEFINE3(old_readdir, unsigned int, fd,
219 struct old_linux_dirent __user *, dirent, unsigned int, count)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]220{
221 int error;
Al Viro63b6df12016-04-20 17:08:21 -0400[diff] [blame]222 struct fd f = fdget_pos(fd);
Al Viroac6614b2013-05-22 22:22:04 -0400[diff] [blame]223 struct readdir_callback buf = {
224 .ctx.actor = fillonedir,
225 .dirent = dirent
226 };
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]227
Al Viro2903ff02012-08-28 12:52:22 -0400[diff] [blame]228 if (!f.file)
Al Viro863ced72012-04-21 18:40:32 -0400[diff] [blame]229 return -EBADF;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]230
Al Viro5c0ba4e2013-05-15 13:52:59 -0400[diff] [blame]231 error = iterate_dir(f.file, &buf.ctx);
Al Viro53c9c5c2008-08-24 07:29:52 -0400[diff] [blame]232 if (buf.result)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]233 error = buf.result;
234
Al Viro63b6df12016-04-20 17:08:21 -0400[diff] [blame]235 fdput_pos(f);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]236 return error;
237}
238
239#endif /* __ARCH_WANT_OLD_READDIR */
240
241/*
242 * New, all-improved, singing, dancing, iBCS2-compliant getdents()
243 * interface.
244 */
245struct linux_dirent {
246 unsigned long d_ino;
247 unsigned long d_off;
248 unsigned short d_reclen;
Gustavo A. R. Silva25071352023-06-20 11:30:36 -0600[diff] [blame]249 char d_name[];
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]250};
251
252struct getdents_callback {
Al Viro5c0ba4e2013-05-15 13:52:59 -0400[diff] [blame]253 struct dir_context ctx;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]254 struct linux_dirent __user * current_dir;
Linus Torvalds3c2659b2020-01-22 12:37:25 -0800[diff] [blame]255 int prev_reclen;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]256 int count;
257 int error;
258};
259
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]260static bool filldir(struct dir_context *ctx, const char *name, int namlen,
Miklos Szerediac7576f2014-10-30 17:37:34 +0100[diff] [blame]261 loff_t offset, u64 ino, unsigned int d_type)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]262{
Linus Torvalds3c2659b2020-01-22 12:37:25 -0800[diff] [blame]263 struct linux_dirent __user *dirent, *prev;
Miklos Szerediac7576f2014-10-30 17:37:34 +0100[diff] [blame]264 struct getdents_callback *buf =
265 container_of(ctx, struct getdents_callback, ctx);
David Howellsafefdbb2006-10-03 01:13:46 -0700[diff] [blame]266 unsigned long d_ino;
Kevin Winchester85c9fe82010-08-09 17:20:22 -0700[diff] [blame]267 int reclen = ALIGN(offsetof(struct linux_dirent, d_name) + namlen + 2,
268 sizeof(long));
Linus Torvalds3c2659b2020-01-22 12:37:25 -0800[diff] [blame]269 int prev_reclen;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]270
Linus Torvalds8a23eb82019-10-05 11:32:52 -0700[diff] [blame]271 buf->error = verify_dirent_name(name, namlen);
272 if (unlikely(buf->error))
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]273 return false;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]274 buf->error = -EINVAL; /* only used if we fail.. */
275 if (reclen > buf->count)
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]276 return false;
David Howellsafefdbb2006-10-03 01:13:46 -0700[diff] [blame]277 d_ino = ino;
Al Viro8f3f6552008-08-12 00:28:24 -0400[diff] [blame]278 if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
279 buf->error = -EOVERFLOW;
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]280 return false;
Al Viro8f3f6552008-08-12 00:28:24 -0400[diff] [blame]281 }
Linus Torvalds3c2659b2020-01-22 12:37:25 -0800[diff] [blame]282 prev_reclen = buf->prev_reclen;
283 if (prev_reclen && signal_pending(current))
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]284 return false;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]285 dirent = buf->current_dir;
Linus Torvalds3c2659b2020-01-22 12:37:25 -0800[diff] [blame]286 prev = (void __user *) dirent - prev_reclen;
Christophe Leroy41cd7802020-04-03 07:20:51 +0000[diff] [blame]287 if (!user_write_access_begin(prev, reclen + prev_reclen))
Linus Torvalds3c2659b2020-01-22 12:37:25 -0800[diff] [blame]288 goto efault;
289
290 /* This might be 'dirent->d_off', but if so it will get overwritten */
291 unsafe_put_user(offset, &prev->d_off, efault_end);
Linus Torvalds9f79b782016-05-21 21:59:07 -0700[diff] [blame]292 unsafe_put_user(d_ino, &dirent->d_ino, efault_end);
293 unsafe_put_user(reclen, &dirent->d_reclen, efault_end);
294 unsafe_put_user(d_type, (char __user *) dirent + reclen - 1, efault_end);
295 unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
Christophe Leroy41cd7802020-04-03 07:20:51 +0000[diff] [blame]296 user_write_access_end();
Linus Torvalds9f79b782016-05-21 21:59:07 -0700[diff] [blame]297
Linus Torvalds3c2659b2020-01-22 12:37:25 -0800[diff] [blame]298 buf->current_dir = (void __user *)dirent + reclen;
299 buf->prev_reclen = reclen;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]300 buf->count -= reclen;
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]301 return true;
Linus Torvalds9f79b782016-05-21 21:59:07 -0700[diff] [blame]302efault_end:
Christophe Leroy41cd7802020-04-03 07:20:51 +0000[diff] [blame]303 user_write_access_end();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]304efault:
305 buf->error = -EFAULT;
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]306 return false;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]307}
308
Heiko Carstens20f37032009-01-14 14:14:23 +0100[diff] [blame]309SYSCALL_DEFINE3(getdents, unsigned int, fd,
310 struct linux_dirent __user *, dirent, unsigned int, count)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]311{
Al Viro2903ff02012-08-28 12:52:22 -0400[diff] [blame]312 struct fd f;
Al Viroac6614b2013-05-22 22:22:04 -0400[diff] [blame]313 struct getdents_callback buf = {
314 .ctx.actor = filldir,
315 .count = count,
316 .current_dir = dirent
317 };
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]318 int error;
319
Al Viro63b6df12016-04-20 17:08:21 -0400[diff] [blame]320 f = fdget_pos(fd);
Al Viro2903ff02012-08-28 12:52:22 -0400[diff] [blame]321 if (!f.file)
Al Viro863ced72012-04-21 18:40:32 -0400[diff] [blame]322 return -EBADF;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]323
Al Viro5c0ba4e2013-05-15 13:52:59 -0400[diff] [blame]324 error = iterate_dir(f.file, &buf.ctx);
Al Viro53c9c5c2008-08-24 07:29:52 -0400[diff] [blame]325 if (error >= 0)
326 error = buf.error;
Linus Torvalds3c2659b2020-01-22 12:37:25 -0800[diff] [blame]327 if (buf.prev_reclen) {
328 struct linux_dirent __user * lastdirent;
329 lastdirent = (void __user *)buf.current_dir - buf.prev_reclen;
330
Al Virobb6f6192013-05-15 18:49:12 -0400[diff] [blame]331 if (put_user(buf.ctx.pos, &lastdirent->d_off))
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]332 error = -EFAULT;
333 else
334 error = count - buf.count;
335 }
Al Viro63b6df12016-04-20 17:08:21 -0400[diff] [blame]336 fdput_pos(f);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]337 return error;
338}
339
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]340struct getdents_callback64 {
Al Viro5c0ba4e2013-05-15 13:52:59 -0400[diff] [blame]341 struct dir_context ctx;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]342 struct linux_dirent64 __user * current_dir;
Linus Torvalds3c2659b2020-01-22 12:37:25 -0800[diff] [blame]343 int prev_reclen;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]344 int count;
345 int error;
346};
347
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]348static bool filldir64(struct dir_context *ctx, const char *name, int namlen,
Miklos Szerediac7576f2014-10-30 17:37:34 +0100[diff] [blame]349 loff_t offset, u64 ino, unsigned int d_type)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]350{
Linus Torvalds3c2659b2020-01-22 12:37:25 -0800[diff] [blame]351 struct linux_dirent64 __user *dirent, *prev;
Miklos Szerediac7576f2014-10-30 17:37:34 +0100[diff] [blame]352 struct getdents_callback64 *buf =
353 container_of(ctx, struct getdents_callback64, ctx);
Kevin Winchester85c9fe82010-08-09 17:20:22 -0700[diff] [blame]354 int reclen = ALIGN(offsetof(struct linux_dirent64, d_name) + namlen + 1,
355 sizeof(u64));
Linus Torvalds3c2659b2020-01-22 12:37:25 -0800[diff] [blame]356 int prev_reclen;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]357
Linus Torvalds8a23eb82019-10-05 11:32:52 -0700[diff] [blame]358 buf->error = verify_dirent_name(name, namlen);
359 if (unlikely(buf->error))
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]360 return false;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]361 buf->error = -EINVAL; /* only used if we fail.. */
362 if (reclen > buf->count)
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]363 return false;
Linus Torvalds3c2659b2020-01-22 12:37:25 -0800[diff] [blame]364 prev_reclen = buf->prev_reclen;
365 if (prev_reclen && signal_pending(current))
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]366 return false;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]367 dirent = buf->current_dir;
Linus Torvalds3c2659b2020-01-22 12:37:25 -0800[diff] [blame]368 prev = (void __user *)dirent - prev_reclen;
Christophe Leroy41cd7802020-04-03 07:20:51 +0000[diff] [blame]369 if (!user_write_access_begin(prev, reclen + prev_reclen))
Linus Torvalds3c2659b2020-01-22 12:37:25 -0800[diff] [blame]370 goto efault;
371
372 /* This might be 'dirent->d_off', but if so it will get overwritten */
373 unsafe_put_user(offset, &prev->d_off, efault_end);
Linus Torvalds9f79b782016-05-21 21:59:07 -0700[diff] [blame]374 unsafe_put_user(ino, &dirent->d_ino, efault_end);
375 unsafe_put_user(reclen, &dirent->d_reclen, efault_end);
376 unsafe_put_user(d_type, &dirent->d_type, efault_end);
377 unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
Christophe Leroy41cd7802020-04-03 07:20:51 +0000[diff] [blame]378 user_write_access_end();
Linus Torvalds9f79b782016-05-21 21:59:07 -0700[diff] [blame]379
Linus Torvalds3c2659b2020-01-22 12:37:25 -0800[diff] [blame]380 buf->prev_reclen = reclen;
381 buf->current_dir = (void __user *)dirent + reclen;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]382 buf->count -= reclen;
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]383 return true;
Linus Torvalds3c2659b2020-01-22 12:37:25 -0800[diff] [blame]384
Linus Torvalds9f79b782016-05-21 21:59:07 -0700[diff] [blame]385efault_end:
Christophe Leroy41cd7802020-04-03 07:20:51 +0000[diff] [blame]386 user_write_access_end();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]387efault:
388 buf->error = -EFAULT;
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]389 return false;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]390}
391
Christoph Hellwigfb2da162020-07-14 09:02:07 +0200[diff] [blame]392SYSCALL_DEFINE3(getdents64, unsigned int, fd,
393 struct linux_dirent64 __user *, dirent, unsigned int, count)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]394{
Al Viro2903ff02012-08-28 12:52:22 -0400[diff] [blame]395 struct fd f;
Al Viroac6614b2013-05-22 22:22:04 -0400[diff] [blame]396 struct getdents_callback64 buf = {
397 .ctx.actor = filldir64,
398 .count = count,
399 .current_dir = dirent
400 };
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]401 int error;
402
Al Viro63b6df12016-04-20 17:08:21 -0400[diff] [blame]403 f = fdget_pos(fd);
Al Viro2903ff02012-08-28 12:52:22 -0400[diff] [blame]404 if (!f.file)
Al Viro863ced72012-04-21 18:40:32 -0400[diff] [blame]405 return -EBADF;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]406
Al Viro5c0ba4e2013-05-15 13:52:59 -0400[diff] [blame]407 error = iterate_dir(f.file, &buf.ctx);
Al Viro53c9c5c2008-08-24 07:29:52 -0400[diff] [blame]408 if (error >= 0)
409 error = buf.error;
Linus Torvalds3c2659b2020-01-22 12:37:25 -0800[diff] [blame]410 if (buf.prev_reclen) {
411 struct linux_dirent64 __user * lastdirent;
Al Virobb6f6192013-05-15 18:49:12 -0400[diff] [blame]412 typeof(lastdirent->d_off) d_off = buf.ctx.pos;
Linus Torvalds3c2659b2020-01-22 12:37:25 -0800[diff] [blame]413
414 lastdirent = (void __user *) buf.current_dir - buf.prev_reclen;
Al Viro5fb15142020-02-18 22:34:07 -0500[diff] [blame]415 if (put_user(d_off, &lastdirent->d_off))
Al Viro53c9c5c2008-08-24 07:29:52 -0400[diff] [blame]416 error = -EFAULT;
417 else
418 error = count - buf.count;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]419 }
Al Viro63b6df12016-04-20 17:08:21 -0400[diff] [blame]420 fdput_pos(f);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]421 return error;
422}
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]423
424#ifdef CONFIG_COMPAT
425struct compat_old_linux_dirent {
426 compat_ulong_t d_ino;
427 compat_ulong_t d_offset;
428 unsigned short d_namlen;
Gustavo A. R. Silva25071352023-06-20 11:30:36 -0600[diff] [blame]429 char d_name[];
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]430};
431
432struct compat_readdir_callback {
433 struct dir_context ctx;
434 struct compat_old_linux_dirent __user *dirent;
435 int result;
436};
437
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]438static bool compat_fillonedir(struct dir_context *ctx, const char *name,
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]439 int namlen, loff_t offset, u64 ino,
440 unsigned int d_type)
441{
442 struct compat_readdir_callback *buf =
443 container_of(ctx, struct compat_readdir_callback, ctx);
444 struct compat_old_linux_dirent __user *dirent;
445 compat_ulong_t d_ino;
446
447 if (buf->result)
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]448 return false;
Linus Torvalds0c93ac62021-04-17 09:27:04 -0700[diff] [blame]449 buf->result = verify_dirent_name(name, namlen);
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]450 if (buf->result)
451 return false;
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]452 d_ino = ino;
453 if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
454 buf->result = -EOVERFLOW;
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]455 return false;
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]456 }
457 buf->result++;
458 dirent = buf->dirent;
Al Viro391b7462020-02-18 14:39:56 -0500[diff] [blame]459 if (!user_write_access_begin(dirent,
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]460 (unsigned long)(dirent->d_name + namlen + 1) -
461 (unsigned long)dirent))
462 goto efault;
Al Viro391b7462020-02-18 14:39:56 -0500[diff] [blame]463 unsafe_put_user(d_ino, &dirent->d_ino, efault_end);
464 unsafe_put_user(offset, &dirent->d_offset, efault_end);
465 unsafe_put_user(namlen, &dirent->d_namlen, efault_end);
466 unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
467 user_write_access_end();
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]468 return true;
Al Viro391b7462020-02-18 14:39:56 -0500[diff] [blame]469efault_end:
470 user_write_access_end();
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]471efault:
472 buf->result = -EFAULT;
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]473 return false;
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]474}
475
476COMPAT_SYSCALL_DEFINE3(old_readdir, unsigned int, fd,
477 struct compat_old_linux_dirent __user *, dirent, unsigned int, count)
478{
479 int error;
480 struct fd f = fdget_pos(fd);
481 struct compat_readdir_callback buf = {
482 .ctx.actor = compat_fillonedir,
483 .dirent = dirent
484 };
485
486 if (!f.file)
487 return -EBADF;
488
489 error = iterate_dir(f.file, &buf.ctx);
490 if (buf.result)
491 error = buf.result;
492
493 fdput_pos(f);
494 return error;
495}
496
497struct compat_linux_dirent {
498 compat_ulong_t d_ino;
499 compat_ulong_t d_off;
500 unsigned short d_reclen;
Gustavo A. R. Silva25071352023-06-20 11:30:36 -0600[diff] [blame]501 char d_name[];
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]502};
503
504struct compat_getdents_callback {
505 struct dir_context ctx;
506 struct compat_linux_dirent __user *current_dir;
Al Viro82af5992020-02-18 22:33:09 -0500[diff] [blame]507 int prev_reclen;
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]508 int count;
509 int error;
510};
511
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]512static bool compat_filldir(struct dir_context *ctx, const char *name, int namlen,
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]513 loff_t offset, u64 ino, unsigned int d_type)
514{
Al Viro82af5992020-02-18 22:33:09 -0500[diff] [blame]515 struct compat_linux_dirent __user *dirent, *prev;
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]516 struct compat_getdents_callback *buf =
517 container_of(ctx, struct compat_getdents_callback, ctx);
518 compat_ulong_t d_ino;
519 int reclen = ALIGN(offsetof(struct compat_linux_dirent, d_name) +
520 namlen + 2, sizeof(compat_long_t));
Al Viro82af5992020-02-18 22:33:09 -0500[diff] [blame]521 int prev_reclen;
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]522
Al Viro82af5992020-02-18 22:33:09 -0500[diff] [blame]523 buf->error = verify_dirent_name(name, namlen);
524 if (unlikely(buf->error))
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]525 return false;
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]526 buf->error = -EINVAL; /* only used if we fail.. */
527 if (reclen > buf->count)
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]528 return false;
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]529 d_ino = ino;
530 if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
531 buf->error = -EOVERFLOW;
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]532 return false;
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]533 }
Al Viro82af5992020-02-18 22:33:09 -0500[diff] [blame]534 prev_reclen = buf->prev_reclen;
535 if (prev_reclen && signal_pending(current))
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]536 return false;
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]537 dirent = buf->current_dir;
Al Viro82af5992020-02-18 22:33:09 -0500[diff] [blame]538 prev = (void __user *) dirent - prev_reclen;
539 if (!user_write_access_begin(prev, reclen + prev_reclen))
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]540 goto efault;
Al Viro82af5992020-02-18 22:33:09 -0500[diff] [blame]541
542 unsafe_put_user(offset, &prev->d_off, efault_end);
543 unsafe_put_user(d_ino, &dirent->d_ino, efault_end);
544 unsafe_put_user(reclen, &dirent->d_reclen, efault_end);
545 unsafe_put_user(d_type, (char __user *) dirent + reclen - 1, efault_end);
546 unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
547 user_write_access_end();
548
549 buf->prev_reclen = reclen;
550 buf->current_dir = (void __user *)dirent + reclen;
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]551 buf->count -= reclen;
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]552 return true;
Al Viro82af5992020-02-18 22:33:09 -0500[diff] [blame]553efault_end:
554 user_write_access_end();
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]555efault:
556 buf->error = -EFAULT;
Al Viro25885a32022-08-16 11:57:56 -0400[diff] [blame]557 return false;
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]558}
559
560COMPAT_SYSCALL_DEFINE3(getdents, unsigned int, fd,
561 struct compat_linux_dirent __user *, dirent, unsigned int, count)
562{
563 struct fd f;
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]564 struct compat_getdents_callback buf = {
565 .ctx.actor = compat_filldir,
566 .current_dir = dirent,
567 .count = count
568 };
569 int error;
570
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]571 f = fdget_pos(fd);
572 if (!f.file)
573 return -EBADF;
574
575 error = iterate_dir(f.file, &buf.ctx);
576 if (error >= 0)
577 error = buf.error;
Al Viro82af5992020-02-18 22:33:09 -0500[diff] [blame]578 if (buf.prev_reclen) {
579 struct compat_linux_dirent __user * lastdirent;
580 lastdirent = (void __user *)buf.current_dir - buf.prev_reclen;
581
Al Viro0460b2a2017-04-08 18:10:08 -0400[diff] [blame]582 if (put_user(buf.ctx.pos, &lastdirent->d_off))
583 error = -EFAULT;
584 else
585 error = count - buf.count;
586 }
587 fdput_pos(f);
588 return error;
589}
590#endif