Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * linux/fs/readdir.c
4 *
5 * Copyright (C) 1995 Linus Torvalds
6 */
7
8#include <linux/stddef.h>
9#include <linux/kernel.h>
10#include <linux/export.h>
11#include <linux/time.h>
12#include <linux/mm.h>
13#include <linux/errno.h>
14#include <linux/stat.h>
15#include <linux/file.h>
16#include <linux/fs.h>
17#include <linux/fsnotify.h>
18#include <linux/dirent.h>
19#include <linux/security.h>
20#include <linux/syscalls.h>
21#include <linux/unistd.h>
22#include <linux/compat.h>
23#include <linux/uaccess.h>
24
25/*
26 * Some filesystems were never converted to '->iterate_shared()'
27 * and their directory iterators want the inode lock held for
28 * writing. This wrapper allows for converting from the shared
29 * semantics to the exclusive inode use.
30 */
31int wrap_directory_iterator(struct file *file,
32 struct dir_context *ctx,
33 int (*iter)(struct file *, struct dir_context *))
34{
35 struct inode *inode = file_inode(file);
36 int ret;
37
38 /*
39 * We'd love to have an 'inode_upgrade_trylock()' operation,
40 * see the comment in mmap_upgrade_trylock() in mm/memory.c.
41 *
42 * But considering this is for "filesystems that never got
43 * converted", it really doesn't matter.
44 *
45 * Also note that since we have to return with the lock held
46 * for reading, we can't use the "killable()" locking here,
47 * since we do need to get the lock even if we're dying.
48 *
49 * We could do the write part killably and then get the read
50 * lock unconditionally if it mattered, but see above on why
51 * this does the very simplistic conversion.
52 */
53 up_read(&inode->i_rwsem);
54 down_write(&inode->i_rwsem);
55
56 /*
57 * Since we dropped the inode lock, we should do the
58 * DEADDIR test again. See 'iterate_dir()' below.
59 *
60 * Note that we don't need to re-do the f_pos games,
61 * since the file must be locked wrt f_pos anyway.
62 */
63 ret = -ENOENT;
64 if (!IS_DEADDIR(inode))
65 ret = iter(file, ctx);
66
67 downgrade_write(&inode->i_rwsem);
68 return ret;
69}
70EXPORT_SYMBOL(wrap_directory_iterator);
71
72/*
73 * Note the "unsafe_put_user()" semantics: we goto a
74 * label for errors.
75 */
76#define unsafe_copy_dirent_name(_dst, _src, _len, label) do { \
77 char __user *dst = (_dst); \
78 const char *src = (_src); \
79 size_t len = (_len); \
80 unsafe_put_user(0, dst+len, label); \
81 unsafe_copy_to_user(dst, src, len, label); \
82} while (0)
83
84
85int iterate_dir(struct file *file, struct dir_context *ctx)
86{
87 struct inode *inode = file_inode(file);
88 int res = -ENOTDIR;
89
90 if (!file->f_op->iterate_shared)
91 goto out;
92
93 res = security_file_permission(file, MAY_READ);
94 if (res)
95 goto out;
96
97 res = fsnotify_file_perm(file, MAY_READ);
98 if (res)
99 goto out;
100
101 res = down_read_killable(&inode->i_rwsem);
102 if (res)
103 goto out;
104
105 res = -ENOENT;
106 if (!IS_DEADDIR(inode)) {
107 ctx->pos = file->f_pos;
108 res = file->f_op->iterate_shared(file, ctx);
109 file->f_pos = ctx->pos;
110 fsnotify_access(file);
111 file_accessed(file);
112 }
113 inode_unlock_shared(inode);
114out:
115 return res;
116}
117EXPORT_SYMBOL(iterate_dir);
118
119/*
120 * POSIX says that a dirent name cannot contain NULL or a '/'.
121 *
122 * It's not 100% clear what we should really do in this case.
123 * The filesystem is clearly corrupted, but returning a hard
124 * error means that you now don't see any of the other names
125 * either, so that isn't a perfect alternative.
126 *
127 * And if you return an error, what error do you use? Several
128 * filesystems seem to have decided on EUCLEAN being the error
129 * code for EFSCORRUPTED, and that may be the error to use. Or
130 * just EIO, which is perhaps more obvious to users.
131 *
132 * In order to see the other file names in the directory, the
133 * caller might want to make this a "soft" error: skip the
134 * entry, and return the error at the end instead.
135 *
136 * Note that this should likely do a "memchr(name, 0, len)"
137 * check too, since that would be filesystem corruption as
138 * well. However, that case can't actually confuse user space,
139 * which has to do a strlen() on the name anyway to find the
140 * filename length, and the above "soft error" worry means
141 * that it's probably better left alone until we have that
142 * issue clarified.
143 *
144 * Note the PATH_MAX check - it's arbitrary but the real
145 * kernel limit on a possible path component, not NAME_MAX,
146 * which is the technical standard limit.
147 */
148static int verify_dirent_name(const char *name, int len)
149{
150 if (len <= 0 || len >= PATH_MAX)
151 return -EIO;
152 if (memchr(name, '/', len))
153 return -EIO;
154 return 0;
155}
156
157/*
158 * Traditional linux readdir() handling..
159 *
160 * "count=1" is a special case, meaning that the buffer is one
161 * dirent-structure in size and that the code can't handle more
162 * anyway. Thus the special "fillonedir()" function for that
163 * case (the low-level handlers don't need to care about this).
164 */
165
166#ifdef __ARCH_WANT_OLD_READDIR
167
168struct old_linux_dirent {
169 unsigned long d_ino;
170 unsigned long d_offset;
171 unsigned short d_namlen;
172 char d_name[];
173};
174
175struct readdir_callback {
176 struct dir_context ctx;
177 struct old_linux_dirent __user * dirent;
178 int result;
179};
180
181static bool fillonedir(struct dir_context *ctx, const char *name, int namlen,
182 loff_t offset, u64 ino, unsigned int d_type)
183{
184 struct readdir_callback *buf =
185 container_of(ctx, struct readdir_callback, ctx);
186 struct old_linux_dirent __user * dirent;
187 unsigned long d_ino;
188
189 if (buf->result)
190 return false;
191 buf->result = verify_dirent_name(name, namlen);
192 if (buf->result)
193 return false;
194 d_ino = ino;
195 if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
196 buf->result = -EOVERFLOW;
197 return false;
198 }
199 buf->result++;
200 dirent = buf->dirent;
201 if (!user_write_access_begin(dirent,
202 (unsigned long)(dirent->d_name + namlen + 1) -
203 (unsigned long)dirent))
204 goto efault;
205 unsafe_put_user(d_ino, &dirent->d_ino, efault_end);
206 unsafe_put_user(offset, &dirent->d_offset, efault_end);
207 unsafe_put_user(namlen, &dirent->d_namlen, efault_end);
208 unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
209 user_write_access_end();
210 return true;
211efault_end:
212 user_write_access_end();
213efault:
214 buf->result = -EFAULT;
215 return false;
216}
217
218SYSCALL_DEFINE3(old_readdir, unsigned int, fd,
219 struct old_linux_dirent __user *, dirent, unsigned int, count)
220{
221 int error;
222 CLASS(fd_pos, f)(fd);
223 struct readdir_callback buf = {
224 .ctx.actor = fillonedir,
225 .dirent = dirent
226 };
227
228 if (fd_empty(f))
229 return -EBADF;
230
231 error = iterate_dir(fd_file(f), &buf.ctx);
232 if (buf.result)
233 error = buf.result;
234
235 return error;
236}
237
238#endif /* __ARCH_WANT_OLD_READDIR */
239
240/*
241 * New, all-improved, singing, dancing, iBCS2-compliant getdents()
242 * interface.
243 */
244struct linux_dirent {
245 unsigned long d_ino;
246 unsigned long d_off;
247 unsigned short d_reclen;
248 char d_name[];
249};
250
251struct getdents_callback {
252 struct dir_context ctx;
253 struct linux_dirent __user * current_dir;
254 int prev_reclen;
255 int count;
256 int error;
257};
258
259static bool filldir(struct dir_context *ctx, const char *name, int namlen,
260 loff_t offset, u64 ino, unsigned int d_type)
261{
262 struct linux_dirent __user *dirent, *prev;
263 struct getdents_callback *buf =
264 container_of(ctx, struct getdents_callback, ctx);
265 unsigned long d_ino;
266 int reclen = ALIGN(offsetof(struct linux_dirent, d_name) + namlen + 2,
267 sizeof(long));
268 int prev_reclen;
269
270 buf->error = verify_dirent_name(name, namlen);
271 if (unlikely(buf->error))
272 return false;
273 buf->error = -EINVAL; /* only used if we fail.. */
274 if (reclen > buf->count)
275 return false;
276 d_ino = ino;
277 if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
278 buf->error = -EOVERFLOW;
279 return false;
280 }
281 prev_reclen = buf->prev_reclen;
282 if (prev_reclen && signal_pending(current))
283 return false;
284 dirent = buf->current_dir;
285 prev = (void __user *) dirent - prev_reclen;
286 if (!user_write_access_begin(prev, reclen + prev_reclen))
287 goto efault;
288
289 /* This might be 'dirent->d_off', but if so it will get overwritten */
290 unsafe_put_user(offset, &prev->d_off, efault_end);
291 unsafe_put_user(d_ino, &dirent->d_ino, efault_end);
292 unsafe_put_user(reclen, &dirent->d_reclen, efault_end);
293 unsafe_put_user(d_type, (char __user *) dirent + reclen - 1, efault_end);
294 unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
295 user_write_access_end();
296
297 buf->current_dir = (void __user *)dirent + reclen;
298 buf->prev_reclen = reclen;
299 buf->count -= reclen;
300 return true;
301efault_end:
302 user_write_access_end();
303efault:
304 buf->error = -EFAULT;
305 return false;
306}
307
308SYSCALL_DEFINE3(getdents, unsigned int, fd,
309 struct linux_dirent __user *, dirent, unsigned int, count)
310{
311 CLASS(fd_pos, f)(fd);
312 struct getdents_callback buf = {
313 .ctx.actor = filldir,
314 .count = count,
315 .current_dir = dirent
316 };
317 int error;
318
319 if (fd_empty(f))
320 return -EBADF;
321
322 error = iterate_dir(fd_file(f), &buf.ctx);
323 if (error >= 0)
324 error = buf.error;
325 if (buf.prev_reclen) {
326 struct linux_dirent __user * lastdirent;
327 lastdirent = (void __user *)buf.current_dir - buf.prev_reclen;
328
329 if (put_user(buf.ctx.pos, &lastdirent->d_off))
330 error = -EFAULT;
331 else
332 error = count - buf.count;
333 }
334 return error;
335}
336
337struct getdents_callback64 {
338 struct dir_context ctx;
339 struct linux_dirent64 __user * current_dir;
340 int prev_reclen;
341 int count;
342 int error;
343};
344
345static bool filldir64(struct dir_context *ctx, const char *name, int namlen,
346 loff_t offset, u64 ino, unsigned int d_type)
347{
348 struct linux_dirent64 __user *dirent, *prev;
349 struct getdents_callback64 *buf =
350 container_of(ctx, struct getdents_callback64, ctx);
351 int reclen = ALIGN(offsetof(struct linux_dirent64, d_name) + namlen + 1,
352 sizeof(u64));
353 int prev_reclen;
354
355 buf->error = verify_dirent_name(name, namlen);
356 if (unlikely(buf->error))
357 return false;
358 buf->error = -EINVAL; /* only used if we fail.. */
359 if (reclen > buf->count)
360 return false;
361 prev_reclen = buf->prev_reclen;
362 if (prev_reclen && signal_pending(current))
363 return false;
364 dirent = buf->current_dir;
365 prev = (void __user *)dirent - prev_reclen;
366 if (!user_write_access_begin(prev, reclen + prev_reclen))
367 goto efault;
368
369 /* This might be 'dirent->d_off', but if so it will get overwritten */
370 unsafe_put_user(offset, &prev->d_off, efault_end);
371 unsafe_put_user(ino, &dirent->d_ino, efault_end);
372 unsafe_put_user(reclen, &dirent->d_reclen, efault_end);
373 unsafe_put_user(d_type, &dirent->d_type, efault_end);
374 unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
375 user_write_access_end();
376
377 buf->prev_reclen = reclen;
378 buf->current_dir = (void __user *)dirent + reclen;
379 buf->count -= reclen;
380 return true;
381
382efault_end:
383 user_write_access_end();
384efault:
385 buf->error = -EFAULT;
386 return false;
387}
388
389SYSCALL_DEFINE3(getdents64, unsigned int, fd,
390 struct linux_dirent64 __user *, dirent, unsigned int, count)
391{
392 CLASS(fd_pos, f)(fd);
393 struct getdents_callback64 buf = {
394 .ctx.actor = filldir64,
395 .count = count,
396 .current_dir = dirent
397 };
398 int error;
399
400 if (fd_empty(f))
401 return -EBADF;
402
403 error = iterate_dir(fd_file(f), &buf.ctx);
404 if (error >= 0)
405 error = buf.error;
406 if (buf.prev_reclen) {
407 struct linux_dirent64 __user * lastdirent;
408 typeof(lastdirent->d_off) d_off = buf.ctx.pos;
409
410 lastdirent = (void __user *) buf.current_dir - buf.prev_reclen;
411 if (put_user(d_off, &lastdirent->d_off))
412 error = -EFAULT;
413 else
414 error = count - buf.count;
415 }
416 return error;
417}
418
419#ifdef CONFIG_COMPAT
420struct compat_old_linux_dirent {
421 compat_ulong_t d_ino;
422 compat_ulong_t d_offset;
423 unsigned short d_namlen;
424 char d_name[];
425};
426
427struct compat_readdir_callback {
428 struct dir_context ctx;
429 struct compat_old_linux_dirent __user *dirent;
430 int result;
431};
432
433static bool compat_fillonedir(struct dir_context *ctx, const char *name,
434 int namlen, loff_t offset, u64 ino,
435 unsigned int d_type)
436{
437 struct compat_readdir_callback *buf =
438 container_of(ctx, struct compat_readdir_callback, ctx);
439 struct compat_old_linux_dirent __user *dirent;
440 compat_ulong_t d_ino;
441
442 if (buf->result)
443 return false;
444 buf->result = verify_dirent_name(name, namlen);
445 if (buf->result)
446 return false;
447 d_ino = ino;
448 if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
449 buf->result = -EOVERFLOW;
450 return false;
451 }
452 buf->result++;
453 dirent = buf->dirent;
454 if (!user_write_access_begin(dirent,
455 (unsigned long)(dirent->d_name + namlen + 1) -
456 (unsigned long)dirent))
457 goto efault;
458 unsafe_put_user(d_ino, &dirent->d_ino, efault_end);
459 unsafe_put_user(offset, &dirent->d_offset, efault_end);
460 unsafe_put_user(namlen, &dirent->d_namlen, efault_end);
461 unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
462 user_write_access_end();
463 return true;
464efault_end:
465 user_write_access_end();
466efault:
467 buf->result = -EFAULT;
468 return false;
469}
470
471COMPAT_SYSCALL_DEFINE3(old_readdir, unsigned int, fd,
472 struct compat_old_linux_dirent __user *, dirent, unsigned int, count)
473{
474 int error;
475 CLASS(fd_pos, f)(fd);
476 struct compat_readdir_callback buf = {
477 .ctx.actor = compat_fillonedir,
478 .dirent = dirent
479 };
480
481 if (fd_empty(f))
482 return -EBADF;
483
484 error = iterate_dir(fd_file(f), &buf.ctx);
485 if (buf.result)
486 error = buf.result;
487
488 return error;
489}
490
491struct compat_linux_dirent {
492 compat_ulong_t d_ino;
493 compat_ulong_t d_off;
494 unsigned short d_reclen;
495 char d_name[];
496};
497
498struct compat_getdents_callback {
499 struct dir_context ctx;
500 struct compat_linux_dirent __user *current_dir;
501 int prev_reclen;
502 int count;
503 int error;
504};
505
506static bool compat_filldir(struct dir_context *ctx, const char *name, int namlen,
507 loff_t offset, u64 ino, unsigned int d_type)
508{
509 struct compat_linux_dirent __user *dirent, *prev;
510 struct compat_getdents_callback *buf =
511 container_of(ctx, struct compat_getdents_callback, ctx);
512 compat_ulong_t d_ino;
513 int reclen = ALIGN(offsetof(struct compat_linux_dirent, d_name) +
514 namlen + 2, sizeof(compat_long_t));
515 int prev_reclen;
516
517 buf->error = verify_dirent_name(name, namlen);
518 if (unlikely(buf->error))
519 return false;
520 buf->error = -EINVAL; /* only used if we fail.. */
521 if (reclen > buf->count)
522 return false;
523 d_ino = ino;
524 if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
525 buf->error = -EOVERFLOW;
526 return false;
527 }
528 prev_reclen = buf->prev_reclen;
529 if (prev_reclen && signal_pending(current))
530 return false;
531 dirent = buf->current_dir;
532 prev = (void __user *) dirent - prev_reclen;
533 if (!user_write_access_begin(prev, reclen + prev_reclen))
534 goto efault;
535
536 unsafe_put_user(offset, &prev->d_off, efault_end);
537 unsafe_put_user(d_ino, &dirent->d_ino, efault_end);
538 unsafe_put_user(reclen, &dirent->d_reclen, efault_end);
539 unsafe_put_user(d_type, (char __user *) dirent + reclen - 1, efault_end);
540 unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
541 user_write_access_end();
542
543 buf->prev_reclen = reclen;
544 buf->current_dir = (void __user *)dirent + reclen;
545 buf->count -= reclen;
546 return true;
547efault_end:
548 user_write_access_end();
549efault:
550 buf->error = -EFAULT;
551 return false;
552}
553
554COMPAT_SYSCALL_DEFINE3(getdents, unsigned int, fd,
555 struct compat_linux_dirent __user *, dirent, unsigned int, count)
556{
557 CLASS(fd_pos, f)(fd);
558 struct compat_getdents_callback buf = {
559 .ctx.actor = compat_filldir,
560 .current_dir = dirent,
561 .count = count
562 };
563 int error;
564
565 if (fd_empty(f))
566 return -EBADF;
567
568 error = iterate_dir(fd_file(f), &buf.ctx);
569 if (error >= 0)
570 error = buf.error;
571 if (buf.prev_reclen) {
572 struct compat_linux_dirent __user * lastdirent;
573 lastdirent = (void __user *)buf.current_dir - buf.prev_reclen;
574
575 if (put_user(buf.ctx.pos, &lastdirent->d_off))
576 error = -EFAULT;
577 else
578 error = count - buf.count;
579 }
580 return error;
581}
582#endif
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * linux/fs/readdir.c
4 *
5 * Copyright (C) 1995 Linus Torvalds
6 */
7
8#include <linux/stddef.h>
9#include <linux/kernel.h>
10#include <linux/export.h>
11#include <linux/time.h>
12#include <linux/mm.h>
13#include <linux/errno.h>
14#include <linux/stat.h>
15#include <linux/file.h>
16#include <linux/fs.h>
17#include <linux/fsnotify.h>
18#include <linux/dirent.h>
19#include <linux/security.h>
20#include <linux/syscalls.h>
21#include <linux/unistd.h>
22#include <linux/compat.h>
23#include <linux/uaccess.h>
24
25#include <asm/unaligned.h>
26
27/*
28 * Note the "unsafe_put_user() semantics: we goto a
29 * label for errors.
30 */
31#define unsafe_copy_dirent_name(_dst, _src, _len, label) do { \
32 char __user *dst = (_dst); \
33 const char *src = (_src); \
34 size_t len = (_len); \
35 unsafe_put_user(0, dst+len, label); \
36 unsafe_copy_to_user(dst, src, len, label); \
37} while (0)
38
39
40int iterate_dir(struct file *file, struct dir_context *ctx)
41{
42 struct inode *inode = file_inode(file);
43 bool shared = false;
44 int res = -ENOTDIR;
45 if (file->f_op->iterate_shared)
46 shared = true;
47 else if (!file->f_op->iterate)
48 goto out;
49
50 res = security_file_permission(file, MAY_READ);
51 if (res)
52 goto out;
53
54 if (shared)
55 res = down_read_killable(&inode->i_rwsem);
56 else
57 res = down_write_killable(&inode->i_rwsem);
58 if (res)
59 goto out;
60
61 res = -ENOENT;
62 if (!IS_DEADDIR(inode)) {
63 ctx->pos = file->f_pos;
64 if (shared)
65 res = file->f_op->iterate_shared(file, ctx);
66 else
67 res = file->f_op->iterate(file, ctx);
68 file->f_pos = ctx->pos;
69 fsnotify_access(file);
70 file_accessed(file);
71 }
72 if (shared)
73 inode_unlock_shared(inode);
74 else
75 inode_unlock(inode);
76out:
77 return res;
78}
79EXPORT_SYMBOL(iterate_dir);
80
81/*
82 * POSIX says that a dirent name cannot contain NULL or a '/'.
83 *
84 * It's not 100% clear what we should really do in this case.
85 * The filesystem is clearly corrupted, but returning a hard
86 * error means that you now don't see any of the other names
87 * either, so that isn't a perfect alternative.
88 *
89 * And if you return an error, what error do you use? Several
90 * filesystems seem to have decided on EUCLEAN being the error
91 * code for EFSCORRUPTED, and that may be the error to use. Or
92 * just EIO, which is perhaps more obvious to users.
93 *
94 * In order to see the other file names in the directory, the
95 * caller might want to make this a "soft" error: skip the
96 * entry, and return the error at the end instead.
97 *
98 * Note that this should likely do a "memchr(name, 0, len)"
99 * check too, since that would be filesystem corruption as
100 * well. However, that case can't actually confuse user space,
101 * which has to do a strlen() on the name anyway to find the
102 * filename length, and the above "soft error" worry means
103 * that it's probably better left alone until we have that
104 * issue clarified.
105 *
106 * Note the PATH_MAX check - it's arbitrary but the real
107 * kernel limit on a possible path component, not NAME_MAX,
108 * which is the technical standard limit.
109 */
110static int verify_dirent_name(const char *name, int len)
111{
112 if (len <= 0 || len >= PATH_MAX)
113 return -EIO;
114 if (memchr(name, '/', len))
115 return -EIO;
116 return 0;
117}
118
119/*
120 * Traditional linux readdir() handling..
121 *
122 * "count=1" is a special case, meaning that the buffer is one
123 * dirent-structure in size and that the code can't handle more
124 * anyway. Thus the special "fillonedir()" function for that
125 * case (the low-level handlers don't need to care about this).
126 */
127
128#ifdef __ARCH_WANT_OLD_READDIR
129
130struct old_linux_dirent {
131 unsigned long d_ino;
132 unsigned long d_offset;
133 unsigned short d_namlen;
134 char d_name[1];
135};
136
137struct readdir_callback {
138 struct dir_context ctx;
139 struct old_linux_dirent __user * dirent;
140 int result;
141};
142
143static bool fillonedir(struct dir_context *ctx, const char *name, int namlen,
144 loff_t offset, u64 ino, unsigned int d_type)
145{
146 struct readdir_callback *buf =
147 container_of(ctx, struct readdir_callback, ctx);
148 struct old_linux_dirent __user * dirent;
149 unsigned long d_ino;
150
151 if (buf->result)
152 return false;
153 buf->result = verify_dirent_name(name, namlen);
154 if (buf->result)
155 return false;
156 d_ino = ino;
157 if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
158 buf->result = -EOVERFLOW;
159 return false;
160 }
161 buf->result++;
162 dirent = buf->dirent;
163 if (!user_write_access_begin(dirent,
164 (unsigned long)(dirent->d_name + namlen + 1) -
165 (unsigned long)dirent))
166 goto efault;
167 unsafe_put_user(d_ino, &dirent->d_ino, efault_end);
168 unsafe_put_user(offset, &dirent->d_offset, efault_end);
169 unsafe_put_user(namlen, &dirent->d_namlen, efault_end);
170 unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
171 user_write_access_end();
172 return true;
173efault_end:
174 user_write_access_end();
175efault:
176 buf->result = -EFAULT;
177 return false;
178}
179
180SYSCALL_DEFINE3(old_readdir, unsigned int, fd,
181 struct old_linux_dirent __user *, dirent, unsigned int, count)
182{
183 int error;
184 struct fd f = fdget_pos(fd);
185 struct readdir_callback buf = {
186 .ctx.actor = fillonedir,
187 .dirent = dirent
188 };
189
190 if (!f.file)
191 return -EBADF;
192
193 error = iterate_dir(f.file, &buf.ctx);
194 if (buf.result)
195 error = buf.result;
196
197 fdput_pos(f);
198 return error;
199}
200
201#endif /* __ARCH_WANT_OLD_READDIR */
202
203/*
204 * New, all-improved, singing, dancing, iBCS2-compliant getdents()
205 * interface.
206 */
207struct linux_dirent {
208 unsigned long d_ino;
209 unsigned long d_off;
210 unsigned short d_reclen;
211 char d_name[1];
212};
213
214struct getdents_callback {
215 struct dir_context ctx;
216 struct linux_dirent __user * current_dir;
217 int prev_reclen;
218 int count;
219 int error;
220};
221
222static bool filldir(struct dir_context *ctx, const char *name, int namlen,
223 loff_t offset, u64 ino, unsigned int d_type)
224{
225 struct linux_dirent __user *dirent, *prev;
226 struct getdents_callback *buf =
227 container_of(ctx, struct getdents_callback, ctx);
228 unsigned long d_ino;
229 int reclen = ALIGN(offsetof(struct linux_dirent, d_name) + namlen + 2,
230 sizeof(long));
231 int prev_reclen;
232
233 buf->error = verify_dirent_name(name, namlen);
234 if (unlikely(buf->error))
235 return false;
236 buf->error = -EINVAL; /* only used if we fail.. */
237 if (reclen > buf->count)
238 return false;
239 d_ino = ino;
240 if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
241 buf->error = -EOVERFLOW;
242 return false;
243 }
244 prev_reclen = buf->prev_reclen;
245 if (prev_reclen && signal_pending(current))
246 return false;
247 dirent = buf->current_dir;
248 prev = (void __user *) dirent - prev_reclen;
249 if (!user_write_access_begin(prev, reclen + prev_reclen))
250 goto efault;
251
252 /* This might be 'dirent->d_off', but if so it will get overwritten */
253 unsafe_put_user(offset, &prev->d_off, efault_end);
254 unsafe_put_user(d_ino, &dirent->d_ino, efault_end);
255 unsafe_put_user(reclen, &dirent->d_reclen, efault_end);
256 unsafe_put_user(d_type, (char __user *) dirent + reclen - 1, efault_end);
257 unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
258 user_write_access_end();
259
260 buf->current_dir = (void __user *)dirent + reclen;
261 buf->prev_reclen = reclen;
262 buf->count -= reclen;
263 return true;
264efault_end:
265 user_write_access_end();
266efault:
267 buf->error = -EFAULT;
268 return false;
269}
270
271SYSCALL_DEFINE3(getdents, unsigned int, fd,
272 struct linux_dirent __user *, dirent, unsigned int, count)
273{
274 struct fd f;
275 struct getdents_callback buf = {
276 .ctx.actor = filldir,
277 .count = count,
278 .current_dir = dirent
279 };
280 int error;
281
282 f = fdget_pos(fd);
283 if (!f.file)
284 return -EBADF;
285
286 error = iterate_dir(f.file, &buf.ctx);
287 if (error >= 0)
288 error = buf.error;
289 if (buf.prev_reclen) {
290 struct linux_dirent __user * lastdirent;
291 lastdirent = (void __user *)buf.current_dir - buf.prev_reclen;
292
293 if (put_user(buf.ctx.pos, &lastdirent->d_off))
294 error = -EFAULT;
295 else
296 error = count - buf.count;
297 }
298 fdput_pos(f);
299 return error;
300}
301
302struct getdents_callback64 {
303 struct dir_context ctx;
304 struct linux_dirent64 __user * current_dir;
305 int prev_reclen;
306 int count;
307 int error;
308};
309
310static bool filldir64(struct dir_context *ctx, const char *name, int namlen,
311 loff_t offset, u64 ino, unsigned int d_type)
312{
313 struct linux_dirent64 __user *dirent, *prev;
314 struct getdents_callback64 *buf =
315 container_of(ctx, struct getdents_callback64, ctx);
316 int reclen = ALIGN(offsetof(struct linux_dirent64, d_name) + namlen + 1,
317 sizeof(u64));
318 int prev_reclen;
319
320 buf->error = verify_dirent_name(name, namlen);
321 if (unlikely(buf->error))
322 return false;
323 buf->error = -EINVAL; /* only used if we fail.. */
324 if (reclen > buf->count)
325 return false;
326 prev_reclen = buf->prev_reclen;
327 if (prev_reclen && signal_pending(current))
328 return false;
329 dirent = buf->current_dir;
330 prev = (void __user *)dirent - prev_reclen;
331 if (!user_write_access_begin(prev, reclen + prev_reclen))
332 goto efault;
333
334 /* This might be 'dirent->d_off', but if so it will get overwritten */
335 unsafe_put_user(offset, &prev->d_off, efault_end);
336 unsafe_put_user(ino, &dirent->d_ino, efault_end);
337 unsafe_put_user(reclen, &dirent->d_reclen, efault_end);
338 unsafe_put_user(d_type, &dirent->d_type, efault_end);
339 unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
340 user_write_access_end();
341
342 buf->prev_reclen = reclen;
343 buf->current_dir = (void __user *)dirent + reclen;
344 buf->count -= reclen;
345 return true;
346
347efault_end:
348 user_write_access_end();
349efault:
350 buf->error = -EFAULT;
351 return false;
352}
353
354SYSCALL_DEFINE3(getdents64, unsigned int, fd,
355 struct linux_dirent64 __user *, dirent, unsigned int, count)
356{
357 struct fd f;
358 struct getdents_callback64 buf = {
359 .ctx.actor = filldir64,
360 .count = count,
361 .current_dir = dirent
362 };
363 int error;
364
365 f = fdget_pos(fd);
366 if (!f.file)
367 return -EBADF;
368
369 error = iterate_dir(f.file, &buf.ctx);
370 if (error >= 0)
371 error = buf.error;
372 if (buf.prev_reclen) {
373 struct linux_dirent64 __user * lastdirent;
374 typeof(lastdirent->d_off) d_off = buf.ctx.pos;
375
376 lastdirent = (void __user *) buf.current_dir - buf.prev_reclen;
377 if (put_user(d_off, &lastdirent->d_off))
378 error = -EFAULT;
379 else
380 error = count - buf.count;
381 }
382 fdput_pos(f);
383 return error;
384}
385
386#ifdef CONFIG_COMPAT
387struct compat_old_linux_dirent {
388 compat_ulong_t d_ino;
389 compat_ulong_t d_offset;
390 unsigned short d_namlen;
391 char d_name[1];
392};
393
394struct compat_readdir_callback {
395 struct dir_context ctx;
396 struct compat_old_linux_dirent __user *dirent;
397 int result;
398};
399
400static bool compat_fillonedir(struct dir_context *ctx, const char *name,
401 int namlen, loff_t offset, u64 ino,
402 unsigned int d_type)
403{
404 struct compat_readdir_callback *buf =
405 container_of(ctx, struct compat_readdir_callback, ctx);
406 struct compat_old_linux_dirent __user *dirent;
407 compat_ulong_t d_ino;
408
409 if (buf->result)
410 return false;
411 buf->result = verify_dirent_name(name, namlen);
412 if (buf->result)
413 return false;
414 d_ino = ino;
415 if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
416 buf->result = -EOVERFLOW;
417 return false;
418 }
419 buf->result++;
420 dirent = buf->dirent;
421 if (!user_write_access_begin(dirent,
422 (unsigned long)(dirent->d_name + namlen + 1) -
423 (unsigned long)dirent))
424 goto efault;
425 unsafe_put_user(d_ino, &dirent->d_ino, efault_end);
426 unsafe_put_user(offset, &dirent->d_offset, efault_end);
427 unsafe_put_user(namlen, &dirent->d_namlen, efault_end);
428 unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
429 user_write_access_end();
430 return true;
431efault_end:
432 user_write_access_end();
433efault:
434 buf->result = -EFAULT;
435 return false;
436}
437
438COMPAT_SYSCALL_DEFINE3(old_readdir, unsigned int, fd,
439 struct compat_old_linux_dirent __user *, dirent, unsigned int, count)
440{
441 int error;
442 struct fd f = fdget_pos(fd);
443 struct compat_readdir_callback buf = {
444 .ctx.actor = compat_fillonedir,
445 .dirent = dirent
446 };
447
448 if (!f.file)
449 return -EBADF;
450
451 error = iterate_dir(f.file, &buf.ctx);
452 if (buf.result)
453 error = buf.result;
454
455 fdput_pos(f);
456 return error;
457}
458
459struct compat_linux_dirent {
460 compat_ulong_t d_ino;
461 compat_ulong_t d_off;
462 unsigned short d_reclen;
463 char d_name[1];
464};
465
466struct compat_getdents_callback {
467 struct dir_context ctx;
468 struct compat_linux_dirent __user *current_dir;
469 int prev_reclen;
470 int count;
471 int error;
472};
473
474static bool compat_filldir(struct dir_context *ctx, const char *name, int namlen,
475 loff_t offset, u64 ino, unsigned int d_type)
476{
477 struct compat_linux_dirent __user *dirent, *prev;
478 struct compat_getdents_callback *buf =
479 container_of(ctx, struct compat_getdents_callback, ctx);
480 compat_ulong_t d_ino;
481 int reclen = ALIGN(offsetof(struct compat_linux_dirent, d_name) +
482 namlen + 2, sizeof(compat_long_t));
483 int prev_reclen;
484
485 buf->error = verify_dirent_name(name, namlen);
486 if (unlikely(buf->error))
487 return false;
488 buf->error = -EINVAL; /* only used if we fail.. */
489 if (reclen > buf->count)
490 return false;
491 d_ino = ino;
492 if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
493 buf->error = -EOVERFLOW;
494 return false;
495 }
496 prev_reclen = buf->prev_reclen;
497 if (prev_reclen && signal_pending(current))
498 return false;
499 dirent = buf->current_dir;
500 prev = (void __user *) dirent - prev_reclen;
501 if (!user_write_access_begin(prev, reclen + prev_reclen))
502 goto efault;
503
504 unsafe_put_user(offset, &prev->d_off, efault_end);
505 unsafe_put_user(d_ino, &dirent->d_ino, efault_end);
506 unsafe_put_user(reclen, &dirent->d_reclen, efault_end);
507 unsafe_put_user(d_type, (char __user *) dirent + reclen - 1, efault_end);
508 unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
509 user_write_access_end();
510
511 buf->prev_reclen = reclen;
512 buf->current_dir = (void __user *)dirent + reclen;
513 buf->count -= reclen;
514 return true;
515efault_end:
516 user_write_access_end();
517efault:
518 buf->error = -EFAULT;
519 return false;
520}
521
522COMPAT_SYSCALL_DEFINE3(getdents, unsigned int, fd,
523 struct compat_linux_dirent __user *, dirent, unsigned int, count)
524{
525 struct fd f;
526 struct compat_getdents_callback buf = {
527 .ctx.actor = compat_filldir,
528 .current_dir = dirent,
529 .count = count
530 };
531 int error;
532
533 f = fdget_pos(fd);
534 if (!f.file)
535 return -EBADF;
536
537 error = iterate_dir(f.file, &buf.ctx);
538 if (error >= 0)
539 error = buf.error;
540 if (buf.prev_reclen) {
541 struct compat_linux_dirent __user * lastdirent;
542 lastdirent = (void __user *)buf.current_dir - buf.prev_reclen;
543
544 if (put_user(buf.ctx.pos, &lastdirent->d_off))
545 error = -EFAULT;
546 else
547 error = count - buf.count;
548 }
549 fdput_pos(f);
550 return error;
551}
552#endif