]>
Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
1da177e4 LT |
2 | /* |
3 | * linux/fs/readdir.c | |
4 | * | |
5 | * Copyright (C) 1995 Linus Torvalds | |
6 | */ | |
7 | ||
85c9fe8f | 8 | #include <linux/stddef.h> |
022a1692 | 9 | #include <linux/kernel.h> |
630d9c47 | 10 | #include <linux/export.h> |
1da177e4 LT |
11 | #include <linux/time.h> |
12 | #include <linux/mm.h> | |
13 | #include <linux/errno.h> | |
14 | #include <linux/stat.h> | |
15 | #include <linux/file.h> | |
1da177e4 | 16 | #include <linux/fs.h> |
d4c7cf6c | 17 | #include <linux/fsnotify.h> |
1da177e4 LT |
18 | #include <linux/dirent.h> |
19 | #include <linux/security.h> | |
20 | #include <linux/syscalls.h> | |
21 | #include <linux/unistd.h> | |
0460b2a2 | 22 | #include <linux/compat.h> |
1da177e4 | 23 | |
7c0f6ba6 | 24 | #include <linux/uaccess.h> |
1da177e4 | 25 | |
5c0ba4e0 | 26 | int iterate_dir(struct file *file, struct dir_context *ctx) |
1da177e4 | 27 | { |
496ad9aa | 28 | struct inode *inode = file_inode(file); |
61922694 | 29 | bool shared = false; |
1da177e4 | 30 | int res = -ENOTDIR; |
61922694 AV |
31 | if (file->f_op->iterate_shared) |
32 | shared = true; | |
33 | else if (!file->f_op->iterate) | |
1da177e4 LT |
34 | goto out; |
35 | ||
36 | res = security_file_permission(file, MAY_READ); | |
37 | if (res) | |
38 | goto out; | |
39 | ||
0dc208b5 KT |
40 | if (shared) |
41 | res = down_read_killable(&inode->i_rwsem); | |
42 | else | |
00235411 | 43 | res = down_write_killable(&inode->i_rwsem); |
0dc208b5 KT |
44 | if (res) |
45 | goto out; | |
da784511 | 46 | |
1da177e4 LT |
47 | res = -ENOENT; |
48 | if (!IS_DEADDIR(inode)) { | |
2233f31a | 49 | ctx->pos = file->f_pos; |
61922694 AV |
50 | if (shared) |
51 | res = file->f_op->iterate_shared(file, ctx); | |
52 | else | |
53 | res = file->f_op->iterate(file, ctx); | |
2233f31a | 54 | file->f_pos = ctx->pos; |
d4c7cf6c | 55 | fsnotify_access(file); |
1da177e4 LT |
56 | file_accessed(file); |
57 | } | |
61922694 AV |
58 | if (shared) |
59 | inode_unlock_shared(inode); | |
60 | else | |
61 | inode_unlock(inode); | |
1da177e4 LT |
62 | out: |
63 | return res; | |
64 | } | |
5c0ba4e0 | 65 | EXPORT_SYMBOL(iterate_dir); |
1da177e4 | 66 | |
d8138509 LT |
67 | /* |
68 | * POSIX says that a dirent name cannot contain NULL or a '/'. | |
69 | * | |
70 | * It's not 100% clear what we should really do in this case. | |
71 | * The filesystem is clearly corrupted, but returning a hard | |
72 | * error means that you now don't see any of the other names | |
73 | * either, so that isn't a perfect alternative. | |
74 | * | |
75 | * And if you return an error, what error do you use? Several | |
76 | * filesystems seem to have decided on EUCLEAN being the error | |
77 | * code for EFSCORRUPTED, and that may be the error to use. Or | |
78 | * just EIO, which is perhaps more obvious to users. | |
79 | * | |
80 | * In order to see the other file names in the directory, the | |
81 | * caller might want to make this a "soft" error: skip the | |
82 | * entry, and return the error at the end instead. | |
83 | * | |
84 | * Note that this should likely do a "memchr(name, 0, len)" | |
85 | * check too, since that would be filesystem corruption as | |
86 | * well. However, that case can't actually confuse user space, | |
87 | * which has to do a strlen() on the name anyway to find the | |
88 | * filename length, and the above "soft error" worry means | |
89 | * that it's probably better left alone until we have that | |
90 | * issue clarified. | |
91 | */ | |
92 | static int verify_dirent_name(const char *name, int len) | |
93 | { | |
21ebadb1 | 94 | if (!len) |
d8138509 | 95 | return -EIO; |
21ebadb1 | 96 | if (memchr(name, '/', len)) |
d8138509 LT |
97 | return -EIO; |
98 | return 0; | |
99 | } | |
100 | ||
1da177e4 LT |
101 | /* |
102 | * Traditional linux readdir() handling.. | |
103 | * | |
104 | * "count=1" is a special case, meaning that the buffer is one | |
105 | * dirent-structure in size and that the code can't handle more | |
106 | * anyway. Thus the special "fillonedir()" function for that | |
107 | * case (the low-level handlers don't need to care about this). | |
108 | */ | |
1da177e4 LT |
109 | |
110 | #ifdef __ARCH_WANT_OLD_READDIR | |
111 | ||
112 | struct old_linux_dirent { | |
113 | unsigned long d_ino; | |
114 | unsigned long d_offset; | |
115 | unsigned short d_namlen; | |
116 | char d_name[1]; | |
117 | }; | |
118 | ||
119 | struct readdir_callback { | |
5c0ba4e0 | 120 | struct dir_context ctx; |
1da177e4 LT |
121 | struct old_linux_dirent __user * dirent; |
122 | int result; | |
123 | }; | |
124 | ||
ac7576f4 MS |
125 | static int fillonedir(struct dir_context *ctx, const char *name, int namlen, |
126 | loff_t offset, u64 ino, unsigned int d_type) | |
1da177e4 | 127 | { |
ac7576f4 MS |
128 | struct readdir_callback *buf = |
129 | container_of(ctx, struct readdir_callback, ctx); | |
1da177e4 | 130 | struct old_linux_dirent __user * dirent; |
afefdbb2 | 131 | unsigned long d_ino; |
1da177e4 LT |
132 | |
133 | if (buf->result) | |
134 | return -EINVAL; | |
afefdbb2 | 135 | d_ino = ino; |
8f3f655d AV |
136 | if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) { |
137 | buf->result = -EOVERFLOW; | |
afefdbb2 | 138 | return -EOVERFLOW; |
8f3f655d | 139 | } |
1da177e4 LT |
140 | buf->result++; |
141 | dirent = buf->dirent; | |
142 | if (!access_ok(VERIFY_WRITE, dirent, | |
143 | (unsigned long)(dirent->d_name + namlen + 1) - | |
144 | (unsigned long)dirent)) | |
145 | goto efault; | |
afefdbb2 | 146 | if ( __put_user(d_ino, &dirent->d_ino) || |
1da177e4 LT |
147 | __put_user(offset, &dirent->d_offset) || |
148 | __put_user(namlen, &dirent->d_namlen) || | |
149 | __copy_to_user(dirent->d_name, name, namlen) || | |
150 | __put_user(0, dirent->d_name + namlen)) | |
151 | goto efault; | |
152 | return 0; | |
153 | efault: | |
154 | buf->result = -EFAULT; | |
155 | return -EFAULT; | |
156 | } | |
157 | ||
d4e82042 HC |
158 | SYSCALL_DEFINE3(old_readdir, unsigned int, fd, |
159 | struct old_linux_dirent __user *, dirent, unsigned int, count) | |
1da177e4 LT |
160 | { |
161 | int error; | |
63b6df14 | 162 | struct fd f = fdget_pos(fd); |
ac6614b7 AV |
163 | struct readdir_callback buf = { |
164 | .ctx.actor = fillonedir, | |
165 | .dirent = dirent | |
166 | }; | |
1da177e4 | 167 | |
2903ff01 | 168 | if (!f.file) |
863ced7f | 169 | return -EBADF; |
1da177e4 | 170 | |
5c0ba4e0 | 171 | error = iterate_dir(f.file, &buf.ctx); |
53c9c5c0 | 172 | if (buf.result) |
1da177e4 LT |
173 | error = buf.result; |
174 | ||
63b6df14 | 175 | fdput_pos(f); |
1da177e4 LT |
176 | return error; |
177 | } | |
178 | ||
179 | #endif /* __ARCH_WANT_OLD_READDIR */ | |
180 | ||
181 | /* | |
182 | * New, all-improved, singing, dancing, iBCS2-compliant getdents() | |
183 | * interface. | |
184 | */ | |
185 | struct linux_dirent { | |
186 | unsigned long d_ino; | |
187 | unsigned long d_off; | |
188 | unsigned short d_reclen; | |
189 | char d_name[1]; | |
190 | }; | |
191 | ||
192 | struct getdents_callback { | |
5c0ba4e0 | 193 | struct dir_context ctx; |
1da177e4 LT |
194 | struct linux_dirent __user * current_dir; |
195 | struct linux_dirent __user * previous; | |
196 | int count; | |
197 | int error; | |
198 | }; | |
199 | ||
ac7576f4 MS |
200 | static int filldir(struct dir_context *ctx, const char *name, int namlen, |
201 | loff_t offset, u64 ino, unsigned int d_type) | |
1da177e4 LT |
202 | { |
203 | struct linux_dirent __user * dirent; | |
ac7576f4 MS |
204 | struct getdents_callback *buf = |
205 | container_of(ctx, struct getdents_callback, ctx); | |
afefdbb2 | 206 | unsigned long d_ino; |
85c9fe8f KW |
207 | int reclen = ALIGN(offsetof(struct linux_dirent, d_name) + namlen + 2, |
208 | sizeof(long)); | |
1da177e4 | 209 | |
d8138509 LT |
210 | buf->error = verify_dirent_name(name, namlen); |
211 | if (unlikely(buf->error)) | |
212 | return buf->error; | |
1da177e4 LT |
213 | buf->error = -EINVAL; /* only used if we fail.. */ |
214 | if (reclen > buf->count) | |
215 | return -EINVAL; | |
afefdbb2 | 216 | d_ino = ino; |
8f3f655d AV |
217 | if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) { |
218 | buf->error = -EOVERFLOW; | |
afefdbb2 | 219 | return -EOVERFLOW; |
8f3f655d | 220 | } |
1da177e4 LT |
221 | dirent = buf->previous; |
222 | if (dirent) { | |
1f60fbe7 TT |
223 | if (signal_pending(current)) |
224 | return -EINTR; | |
1da177e4 LT |
225 | if (__put_user(offset, &dirent->d_off)) |
226 | goto efault; | |
227 | } | |
228 | dirent = buf->current_dir; | |
afefdbb2 | 229 | if (__put_user(d_ino, &dirent->d_ino)) |
1da177e4 LT |
230 | goto efault; |
231 | if (__put_user(reclen, &dirent->d_reclen)) | |
232 | goto efault; | |
233 | if (copy_to_user(dirent->d_name, name, namlen)) | |
234 | goto efault; | |
235 | if (__put_user(0, dirent->d_name + namlen)) | |
236 | goto efault; | |
237 | if (__put_user(d_type, (char __user *) dirent + reclen - 1)) | |
238 | goto efault; | |
239 | buf->previous = dirent; | |
240 | dirent = (void __user *)dirent + reclen; | |
241 | buf->current_dir = dirent; | |
242 | buf->count -= reclen; | |
243 | return 0; | |
244 | efault: | |
245 | buf->error = -EFAULT; | |
246 | return -EFAULT; | |
247 | } | |
248 | ||
20f37034 HC |
249 | SYSCALL_DEFINE3(getdents, unsigned int, fd, |
250 | struct linux_dirent __user *, dirent, unsigned int, count) | |
1da177e4 | 251 | { |
2903ff01 | 252 | struct fd f; |
1da177e4 | 253 | struct linux_dirent __user * lastdirent; |
ac6614b7 AV |
254 | struct getdents_callback buf = { |
255 | .ctx.actor = filldir, | |
256 | .count = count, | |
257 | .current_dir = dirent | |
258 | }; | |
1da177e4 LT |
259 | int error; |
260 | ||
1da177e4 | 261 | if (!access_ok(VERIFY_WRITE, dirent, count)) |
863ced7f | 262 | return -EFAULT; |
1da177e4 | 263 | |
63b6df14 | 264 | f = fdget_pos(fd); |
2903ff01 | 265 | if (!f.file) |
863ced7f | 266 | return -EBADF; |
1da177e4 | 267 | |
5c0ba4e0 | 268 | error = iterate_dir(f.file, &buf.ctx); |
53c9c5c0 AV |
269 | if (error >= 0) |
270 | error = buf.error; | |
1da177e4 LT |
271 | lastdirent = buf.previous; |
272 | if (lastdirent) { | |
bb6f619b | 273 | if (put_user(buf.ctx.pos, &lastdirent->d_off)) |
1da177e4 LT |
274 | error = -EFAULT; |
275 | else | |
276 | error = count - buf.count; | |
277 | } | |
63b6df14 | 278 | fdput_pos(f); |
1da177e4 LT |
279 | return error; |
280 | } | |
281 | ||
1da177e4 | 282 | struct getdents_callback64 { |
5c0ba4e0 | 283 | struct dir_context ctx; |
1da177e4 LT |
284 | struct linux_dirent64 __user * current_dir; |
285 | struct linux_dirent64 __user * previous; | |
286 | int count; | |
287 | int error; | |
288 | }; | |
289 | ||
ac7576f4 MS |
290 | static int filldir64(struct dir_context *ctx, const char *name, int namlen, |
291 | loff_t offset, u64 ino, unsigned int d_type) | |
1da177e4 LT |
292 | { |
293 | struct linux_dirent64 __user *dirent; | |
ac7576f4 MS |
294 | struct getdents_callback64 *buf = |
295 | container_of(ctx, struct getdents_callback64, ctx); | |
85c9fe8f KW |
296 | int reclen = ALIGN(offsetof(struct linux_dirent64, d_name) + namlen + 1, |
297 | sizeof(u64)); | |
1da177e4 | 298 | |
d8138509 LT |
299 | buf->error = verify_dirent_name(name, namlen); |
300 | if (unlikely(buf->error)) | |
301 | return buf->error; | |
1da177e4 LT |
302 | buf->error = -EINVAL; /* only used if we fail.. */ |
303 | if (reclen > buf->count) | |
304 | return -EINVAL; | |
305 | dirent = buf->previous; | |
306 | if (dirent) { | |
1f60fbe7 TT |
307 | if (signal_pending(current)) |
308 | return -EINTR; | |
1da177e4 LT |
309 | if (__put_user(offset, &dirent->d_off)) |
310 | goto efault; | |
311 | } | |
312 | dirent = buf->current_dir; | |
313 | if (__put_user(ino, &dirent->d_ino)) | |
314 | goto efault; | |
315 | if (__put_user(0, &dirent->d_off)) | |
316 | goto efault; | |
317 | if (__put_user(reclen, &dirent->d_reclen)) | |
318 | goto efault; | |
319 | if (__put_user(d_type, &dirent->d_type)) | |
320 | goto efault; | |
321 | if (copy_to_user(dirent->d_name, name, namlen)) | |
322 | goto efault; | |
323 | if (__put_user(0, dirent->d_name + namlen)) | |
324 | goto efault; | |
325 | buf->previous = dirent; | |
326 | dirent = (void __user *)dirent + reclen; | |
327 | buf->current_dir = dirent; | |
328 | buf->count -= reclen; | |
329 | return 0; | |
330 | efault: | |
331 | buf->error = -EFAULT; | |
332 | return -EFAULT; | |
333 | } | |
334 | ||
20f37034 HC |
335 | SYSCALL_DEFINE3(getdents64, unsigned int, fd, |
336 | struct linux_dirent64 __user *, dirent, unsigned int, count) | |
1da177e4 | 337 | { |
2903ff01 | 338 | struct fd f; |
1da177e4 | 339 | struct linux_dirent64 __user * lastdirent; |
ac6614b7 AV |
340 | struct getdents_callback64 buf = { |
341 | .ctx.actor = filldir64, | |
342 | .count = count, | |
343 | .current_dir = dirent | |
344 | }; | |
1da177e4 LT |
345 | int error; |
346 | ||
1da177e4 | 347 | if (!access_ok(VERIFY_WRITE, dirent, count)) |
863ced7f | 348 | return -EFAULT; |
1da177e4 | 349 | |
63b6df14 | 350 | f = fdget_pos(fd); |
2903ff01 | 351 | if (!f.file) |
863ced7f | 352 | return -EBADF; |
1da177e4 | 353 | |
5c0ba4e0 | 354 | error = iterate_dir(f.file, &buf.ctx); |
53c9c5c0 AV |
355 | if (error >= 0) |
356 | error = buf.error; | |
1da177e4 LT |
357 | lastdirent = buf.previous; |
358 | if (lastdirent) { | |
bb6f619b | 359 | typeof(lastdirent->d_off) d_off = buf.ctx.pos; |
1da177e4 | 360 | if (__put_user(d_off, &lastdirent->d_off)) |
53c9c5c0 AV |
361 | error = -EFAULT; |
362 | else | |
363 | error = count - buf.count; | |
1da177e4 | 364 | } |
63b6df14 | 365 | fdput_pos(f); |
1da177e4 LT |
366 | return error; |
367 | } | |
0460b2a2 AV |
368 | |
369 | #ifdef CONFIG_COMPAT | |
370 | struct compat_old_linux_dirent { | |
371 | compat_ulong_t d_ino; | |
372 | compat_ulong_t d_offset; | |
373 | unsigned short d_namlen; | |
374 | char d_name[1]; | |
375 | }; | |
376 | ||
377 | struct compat_readdir_callback { | |
378 | struct dir_context ctx; | |
379 | struct compat_old_linux_dirent __user *dirent; | |
380 | int result; | |
381 | }; | |
382 | ||
383 | static int compat_fillonedir(struct dir_context *ctx, const char *name, | |
384 | int namlen, loff_t offset, u64 ino, | |
385 | unsigned int d_type) | |
386 | { | |
387 | struct compat_readdir_callback *buf = | |
388 | container_of(ctx, struct compat_readdir_callback, ctx); | |
389 | struct compat_old_linux_dirent __user *dirent; | |
390 | compat_ulong_t d_ino; | |
391 | ||
392 | if (buf->result) | |
393 | return -EINVAL; | |
394 | d_ino = ino; | |
395 | if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) { | |
396 | buf->result = -EOVERFLOW; | |
397 | return -EOVERFLOW; | |
398 | } | |
399 | buf->result++; | |
400 | dirent = buf->dirent; | |
401 | if (!access_ok(VERIFY_WRITE, dirent, | |
402 | (unsigned long)(dirent->d_name + namlen + 1) - | |
403 | (unsigned long)dirent)) | |
404 | goto efault; | |
405 | if ( __put_user(d_ino, &dirent->d_ino) || | |
406 | __put_user(offset, &dirent->d_offset) || | |
407 | __put_user(namlen, &dirent->d_namlen) || | |
408 | __copy_to_user(dirent->d_name, name, namlen) || | |
409 | __put_user(0, dirent->d_name + namlen)) | |
410 | goto efault; | |
411 | return 0; | |
412 | efault: | |
413 | buf->result = -EFAULT; | |
414 | return -EFAULT; | |
415 | } | |
416 | ||
417 | COMPAT_SYSCALL_DEFINE3(old_readdir, unsigned int, fd, | |
418 | struct compat_old_linux_dirent __user *, dirent, unsigned int, count) | |
419 | { | |
420 | int error; | |
421 | struct fd f = fdget_pos(fd); | |
422 | struct compat_readdir_callback buf = { | |
423 | .ctx.actor = compat_fillonedir, | |
424 | .dirent = dirent | |
425 | }; | |
426 | ||
427 | if (!f.file) | |
428 | return -EBADF; | |
429 | ||
430 | error = iterate_dir(f.file, &buf.ctx); | |
431 | if (buf.result) | |
432 | error = buf.result; | |
433 | ||
434 | fdput_pos(f); | |
435 | return error; | |
436 | } | |
437 | ||
438 | struct compat_linux_dirent { | |
439 | compat_ulong_t d_ino; | |
440 | compat_ulong_t d_off; | |
441 | unsigned short d_reclen; | |
442 | char d_name[1]; | |
443 | }; | |
444 | ||
445 | struct compat_getdents_callback { | |
446 | struct dir_context ctx; | |
447 | struct compat_linux_dirent __user *current_dir; | |
448 | struct compat_linux_dirent __user *previous; | |
449 | int count; | |
450 | int error; | |
451 | }; | |
452 | ||
453 | static int compat_filldir(struct dir_context *ctx, const char *name, int namlen, | |
454 | loff_t offset, u64 ino, unsigned int d_type) | |
455 | { | |
456 | struct compat_linux_dirent __user * dirent; | |
457 | struct compat_getdents_callback *buf = | |
458 | container_of(ctx, struct compat_getdents_callback, ctx); | |
459 | compat_ulong_t d_ino; | |
460 | int reclen = ALIGN(offsetof(struct compat_linux_dirent, d_name) + | |
461 | namlen + 2, sizeof(compat_long_t)); | |
462 | ||
463 | buf->error = -EINVAL; /* only used if we fail.. */ | |
464 | if (reclen > buf->count) | |
465 | return -EINVAL; | |
466 | d_ino = ino; | |
467 | if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) { | |
468 | buf->error = -EOVERFLOW; | |
469 | return -EOVERFLOW; | |
470 | } | |
471 | dirent = buf->previous; | |
472 | if (dirent) { | |
473 | if (signal_pending(current)) | |
474 | return -EINTR; | |
475 | if (__put_user(offset, &dirent->d_off)) | |
476 | goto efault; | |
477 | } | |
478 | dirent = buf->current_dir; | |
479 | if (__put_user(d_ino, &dirent->d_ino)) | |
480 | goto efault; | |
481 | if (__put_user(reclen, &dirent->d_reclen)) | |
482 | goto efault; | |
483 | if (copy_to_user(dirent->d_name, name, namlen)) | |
484 | goto efault; | |
485 | if (__put_user(0, dirent->d_name + namlen)) | |
486 | goto efault; | |
487 | if (__put_user(d_type, (char __user *) dirent + reclen - 1)) | |
488 | goto efault; | |
489 | buf->previous = dirent; | |
490 | dirent = (void __user *)dirent + reclen; | |
491 | buf->current_dir = dirent; | |
492 | buf->count -= reclen; | |
493 | return 0; | |
494 | efault: | |
495 | buf->error = -EFAULT; | |
496 | return -EFAULT; | |
497 | } | |
498 | ||
499 | COMPAT_SYSCALL_DEFINE3(getdents, unsigned int, fd, | |
500 | struct compat_linux_dirent __user *, dirent, unsigned int, count) | |
501 | { | |
502 | struct fd f; | |
503 | struct compat_linux_dirent __user * lastdirent; | |
504 | struct compat_getdents_callback buf = { | |
505 | .ctx.actor = compat_filldir, | |
506 | .current_dir = dirent, | |
507 | .count = count | |
508 | }; | |
509 | int error; | |
510 | ||
511 | if (!access_ok(VERIFY_WRITE, dirent, count)) | |
512 | return -EFAULT; | |
513 | ||
514 | f = fdget_pos(fd); | |
515 | if (!f.file) | |
516 | return -EBADF; | |
517 | ||
518 | error = iterate_dir(f.file, &buf.ctx); | |
519 | if (error >= 0) | |
520 | error = buf.error; | |
521 | lastdirent = buf.previous; | |
522 | if (lastdirent) { | |
523 | if (put_user(buf.ctx.pos, &lastdirent->d_off)) | |
524 | error = -EFAULT; | |
525 | else | |
526 | error = count - buf.count; | |
527 | } | |
528 | fdput_pos(f); | |
529 | return error; | |
530 | } | |
531 | #endif |