readdir.c 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * linux/fs/readdir.c
  4. *
  5. * Copyright (C) 1995 Linus Torvalds
  6. */
  7. #include <linux/stddef.h>
  8. #include <linux/kernel.h>
  9. #include <linux/export.h>
  10. #include <linux/time.h>
  11. #include <linux/mm.h>
  12. #include <linux/errno.h>
  13. #include <linux/stat.h>
  14. #include <linux/file.h>
  15. #include <linux/fs.h>
  16. #include <linux/fsnotify.h>
  17. #include <linux/dirent.h>
  18. #include <linux/security.h>
  19. #include <linux/syscalls.h>
  20. #include <linux/unistd.h>
  21. #include <linux/compat.h>
  22. #include <linux/uaccess.h>
  23. #ifdef CONFIG_KSU_SUSFS_SUS_PATH
  24. #include <linux/susfs_def.h>
  25. #endif
  26. #include <asm/unaligned.h>
  27. /*
  28. * Note the "unsafe_put_user() semantics: we goto a
  29. * label for errors.
  30. */
  31. #define unsafe_copy_dirent_name(_dst, _src, _len, label) do { \
  32. char __user *dst = (_dst); \
  33. const char *src = (_src); \
  34. size_t len = (_len); \
  35. unsafe_put_user(0, dst+len, label); \
  36. unsafe_copy_to_user(dst, src, len, label); \
  37. } while (0)
  38. #ifdef CONFIG_KSU_SUSFS_SUS_PATH
  39. extern int susfs_sus_ino_for_filldir64(unsigned long ino);
  40. #endif
  41. int iterate_dir(struct file *file, struct dir_context *ctx)
  42. {
  43. struct inode *inode = file_inode(file);
  44. bool shared = false;
  45. int res = -ENOTDIR;
  46. if (file->f_op->iterate_shared)
  47. shared = true;
  48. else if (!file->f_op->iterate)
  49. goto out;
  50. res = security_file_permission(file, MAY_READ);
  51. if (res)
  52. goto out;
  53. if (shared)
  54. res = down_read_killable(&inode->i_rwsem);
  55. else
  56. res = down_write_killable(&inode->i_rwsem);
  57. if (res)
  58. goto out;
  59. res = -ENOENT;
  60. if (!IS_DEADDIR(inode)) {
  61. ctx->pos = file->f_pos;
  62. if (shared)
  63. res = file->f_op->iterate_shared(file, ctx);
  64. else
  65. res = file->f_op->iterate(file, ctx);
  66. file->f_pos = ctx->pos;
  67. fsnotify_access(file);
  68. file_accessed(file);
  69. }
  70. if (shared)
  71. inode_unlock_shared(inode);
  72. else
  73. inode_unlock(inode);
  74. out:
  75. return res;
  76. }
  77. EXPORT_SYMBOL(iterate_dir);
  78. /*
  79. * POSIX says that a dirent name cannot contain NULL or a '/'.
  80. *
  81. * It's not 100% clear what we should really do in this case.
  82. * The filesystem is clearly corrupted, but returning a hard
  83. * error means that you now don't see any of the other names
  84. * either, so that isn't a perfect alternative.
  85. *
  86. * And if you return an error, what error do you use? Several
  87. * filesystems seem to have decided on EUCLEAN being the error
  88. * code for EFSCORRUPTED, and that may be the error to use. Or
  89. * just EIO, which is perhaps more obvious to users.
  90. *
  91. * In order to see the other file names in the directory, the
  92. * caller might want to make this a "soft" error: skip the
  93. * entry, and return the error at the end instead.
  94. *
  95. * Note that this should likely do a "memchr(name, 0, len)"
  96. * check too, since that would be filesystem corruption as
  97. * well. However, that case can't actually confuse user space,
  98. * which has to do a strlen() on the name anyway to find the
  99. * filename length, and the above "soft error" worry means
  100. * that it's probably better left alone until we have that
  101. * issue clarified.
  102. *
  103. * Note the PATH_MAX check - it's arbitrary but the real
  104. * kernel limit on a possible path component, not NAME_MAX,
  105. * which is the technical standard limit.
  106. */
  107. static int verify_dirent_name(const char *name, int len)
  108. {
  109. if (len <= 0 || len >= PATH_MAX)
  110. return -EIO;
  111. if (memchr(name, '/', len))
  112. return -EIO;
  113. return 0;
  114. }
  115. /*
  116. * Traditional linux readdir() handling..
  117. *
  118. * "count=1" is a special case, meaning that the buffer is one
  119. * dirent-structure in size and that the code can't handle more
  120. * anyway. Thus the special "fillonedir()" function for that
  121. * case (the low-level handlers don't need to care about this).
  122. */
  123. #ifdef __ARCH_WANT_OLD_READDIR
  124. struct old_linux_dirent {
  125. unsigned long d_ino;
  126. unsigned long d_offset;
  127. unsigned short d_namlen;
  128. char d_name[1];
  129. };
  130. struct readdir_callback {
  131. struct dir_context ctx;
  132. struct old_linux_dirent __user * dirent;
  133. int result;
  134. };
  135. static bool fillonedir(struct dir_context *ctx, const char *name, int namlen,
  136. loff_t offset, u64 ino, unsigned int d_type)
  137. {
  138. struct readdir_callback *buf =
  139. container_of(ctx, struct readdir_callback, ctx);
  140. struct old_linux_dirent __user * dirent;
  141. unsigned long d_ino;
  142. if (buf->result)
  143. return false;
  144. buf->result = verify_dirent_name(name, namlen);
  145. if (buf->result)
  146. return false;
  147. d_ino = ino;
  148. if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
  149. buf->result = -EOVERFLOW;
  150. return false;
  151. }
  152. buf->result++;
  153. dirent = buf->dirent;
  154. if (!user_write_access_begin(dirent,
  155. (unsigned long)(dirent->d_name + namlen + 1) -
  156. (unsigned long)dirent))
  157. goto efault;
  158. unsafe_put_user(d_ino, &dirent->d_ino, efault_end);
  159. unsafe_put_user(offset, &dirent->d_offset, efault_end);
  160. unsafe_put_user(namlen, &dirent->d_namlen, efault_end);
  161. unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
  162. user_write_access_end();
  163. return true;
  164. efault_end:
  165. user_write_access_end();
  166. efault:
  167. buf->result = -EFAULT;
  168. return false;
  169. }
  170. SYSCALL_DEFINE3(old_readdir, unsigned int, fd,
  171. struct old_linux_dirent __user *, dirent, unsigned int, count)
  172. {
  173. int error;
  174. struct fd f = fdget_pos(fd);
  175. struct readdir_callback buf = {
  176. .ctx.actor = fillonedir,
  177. .dirent = dirent
  178. };
  179. if (!f.file)
  180. return -EBADF;
  181. error = iterate_dir(f.file, &buf.ctx);
  182. if (buf.result)
  183. error = buf.result;
  184. fdput_pos(f);
  185. return error;
  186. }
  187. #endif /* __ARCH_WANT_OLD_READDIR */
  188. /*
  189. * New, all-improved, singing, dancing, iBCS2-compliant getdents()
  190. * interface.
  191. */
  192. struct linux_dirent {
  193. unsigned long d_ino;
  194. unsigned long d_off;
  195. unsigned short d_reclen;
  196. char d_name[1];
  197. };
  198. struct getdents_callback {
  199. struct dir_context ctx;
  200. struct linux_dirent __user * current_dir;
  201. int prev_reclen;
  202. int count;
  203. int error;
  204. };
  205. static bool filldir(struct dir_context *ctx, const char *name, int namlen,
  206. loff_t offset, u64 ino, unsigned int d_type)
  207. {
  208. struct linux_dirent __user *dirent, *prev;
  209. struct getdents_callback *buf =
  210. container_of(ctx, struct getdents_callback, ctx);
  211. unsigned long d_ino;
  212. int reclen = ALIGN(offsetof(struct linux_dirent, d_name) + namlen + 2,
  213. sizeof(long));
  214. int prev_reclen;
  215. #ifdef CONFIG_KSU_SUSFS_SUS_PATH
  216. if (likely(current->susfs_task_state & TASK_STRUCT_NON_ROOT_USER_APP_PROC) && susfs_sus_ino_for_filldir64(ino)) {
  217. return true;
  218. }
  219. #endif
  220. buf->error = verify_dirent_name(name, namlen);
  221. if (unlikely(buf->error))
  222. return false;
  223. buf->error = -EINVAL; /* only used if we fail.. */
  224. if (reclen > buf->count)
  225. return false;
  226. d_ino = ino;
  227. if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
  228. buf->error = -EOVERFLOW;
  229. return false;
  230. }
  231. prev_reclen = buf->prev_reclen;
  232. if (prev_reclen && signal_pending(current))
  233. return false;
  234. dirent = buf->current_dir;
  235. prev = (void __user *) dirent - prev_reclen;
  236. if (!user_write_access_begin(prev, reclen + prev_reclen))
  237. goto efault;
  238. /* This might be 'dirent->d_off', but if so it will get overwritten */
  239. unsafe_put_user(offset, &prev->d_off, efault_end);
  240. unsafe_put_user(d_ino, &dirent->d_ino, efault_end);
  241. unsafe_put_user(reclen, &dirent->d_reclen, efault_end);
  242. unsafe_put_user(d_type, (char __user *) dirent + reclen - 1, efault_end);
  243. unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
  244. user_write_access_end();
  245. buf->current_dir = (void __user *)dirent + reclen;
  246. buf->prev_reclen = reclen;
  247. buf->count -= reclen;
  248. return true;
  249. efault_end:
  250. user_write_access_end();
  251. efault:
  252. buf->error = -EFAULT;
  253. return false;
  254. }
  255. SYSCALL_DEFINE3(getdents, unsigned int, fd,
  256. struct linux_dirent __user *, dirent, unsigned int, count)
  257. {
  258. struct fd f;
  259. struct getdents_callback buf = {
  260. .ctx.actor = filldir,
  261. .count = count,
  262. .current_dir = dirent
  263. };
  264. int error;
  265. f = fdget_pos(fd);
  266. if (!f.file)
  267. return -EBADF;
  268. error = iterate_dir(f.file, &buf.ctx);
  269. if (error >= 0)
  270. error = buf.error;
  271. if (buf.prev_reclen) {
  272. struct linux_dirent __user * lastdirent;
  273. lastdirent = (void __user *)buf.current_dir - buf.prev_reclen;
  274. if (put_user(buf.ctx.pos, &lastdirent->d_off))
  275. error = -EFAULT;
  276. else
  277. error = count - buf.count;
  278. }
  279. fdput_pos(f);
  280. return error;
  281. }
  282. struct getdents_callback64 {
  283. struct dir_context ctx;
  284. struct linux_dirent64 __user * current_dir;
  285. int prev_reclen;
  286. int count;
  287. int error;
  288. };
  289. static bool filldir64(struct dir_context *ctx, const char *name, int namlen,
  290. loff_t offset, u64 ino, unsigned int d_type)
  291. {
  292. struct linux_dirent64 __user *dirent, *prev;
  293. struct getdents_callback64 *buf =
  294. container_of(ctx, struct getdents_callback64, ctx);
  295. int reclen = ALIGN(offsetof(struct linux_dirent64, d_name) + namlen + 1,
  296. sizeof(u64));
  297. int prev_reclen;
  298. #ifdef CONFIG_KSU_SUSFS_SUS_PATH
  299. if (likely(current->susfs_task_state & TASK_STRUCT_NON_ROOT_USER_APP_PROC) && susfs_sus_ino_for_filldir64(ino)) {
  300. return true;
  301. }
  302. #endif
  303. buf->error = verify_dirent_name(name, namlen);
  304. if (unlikely(buf->error))
  305. return false;
  306. buf->error = -EINVAL; /* only used if we fail.. */
  307. if (reclen > buf->count)
  308. return false;
  309. prev_reclen = buf->prev_reclen;
  310. if (prev_reclen && signal_pending(current))
  311. return false;
  312. dirent = buf->current_dir;
  313. prev = (void __user *)dirent - prev_reclen;
  314. if (!user_write_access_begin(prev, reclen + prev_reclen))
  315. goto efault;
  316. /* This might be 'dirent->d_off', but if so it will get overwritten */
  317. unsafe_put_user(offset, &prev->d_off, efault_end);
  318. unsafe_put_user(ino, &dirent->d_ino, efault_end);
  319. unsafe_put_user(reclen, &dirent->d_reclen, efault_end);
  320. unsafe_put_user(d_type, &dirent->d_type, efault_end);
  321. unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
  322. user_write_access_end();
  323. buf->prev_reclen = reclen;
  324. buf->current_dir = (void __user *)dirent + reclen;
  325. buf->count -= reclen;
  326. return true;
  327. efault_end:
  328. user_write_access_end();
  329. efault:
  330. buf->error = -EFAULT;
  331. return false;
  332. }
  333. SYSCALL_DEFINE3(getdents64, unsigned int, fd,
  334. struct linux_dirent64 __user *, dirent, unsigned int, count)
  335. {
  336. struct fd f;
  337. struct getdents_callback64 buf = {
  338. .ctx.actor = filldir64,
  339. .count = count,
  340. .current_dir = dirent
  341. };
  342. int error;
  343. f = fdget_pos(fd);
  344. if (!f.file)
  345. return -EBADF;
  346. error = iterate_dir(f.file, &buf.ctx);
  347. if (error >= 0)
  348. error = buf.error;
  349. if (buf.prev_reclen) {
  350. struct linux_dirent64 __user * lastdirent;
  351. typeof(lastdirent->d_off) d_off = buf.ctx.pos;
  352. lastdirent = (void __user *) buf.current_dir - buf.prev_reclen;
  353. if (put_user(d_off, &lastdirent->d_off))
  354. error = -EFAULT;
  355. else
  356. error = count - buf.count;
  357. }
  358. fdput_pos(f);
  359. return error;
  360. }
  361. #ifdef CONFIG_COMPAT
  362. struct compat_old_linux_dirent {
  363. compat_ulong_t d_ino;
  364. compat_ulong_t d_offset;
  365. unsigned short d_namlen;
  366. char d_name[1];
  367. };
  368. struct compat_readdir_callback {
  369. struct dir_context ctx;
  370. struct compat_old_linux_dirent __user *dirent;
  371. int result;
  372. };
  373. static bool compat_fillonedir(struct dir_context *ctx, const char *name,
  374. int namlen, loff_t offset, u64 ino,
  375. unsigned int d_type)
  376. {
  377. struct compat_readdir_callback *buf =
  378. container_of(ctx, struct compat_readdir_callback, ctx);
  379. struct compat_old_linux_dirent __user *dirent;
  380. compat_ulong_t d_ino;
  381. if (buf->result)
  382. return false;
  383. #ifdef CONFIG_KSU_SUSFS_SUS_PATH
  384. if (likely(current->susfs_task_state & TASK_STRUCT_NON_ROOT_USER_APP_PROC) && susfs_sus_ino_for_filldir64(ino)) {
  385. return true;
  386. }
  387. #endif
  388. buf->result = verify_dirent_name(name, namlen);
  389. if (buf->result)
  390. return false;
  391. d_ino = ino;
  392. if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
  393. buf->result = -EOVERFLOW;
  394. return false;
  395. }
  396. buf->result++;
  397. dirent = buf->dirent;
  398. if (!user_write_access_begin(dirent,
  399. (unsigned long)(dirent->d_name + namlen + 1) -
  400. (unsigned long)dirent))
  401. goto efault;
  402. unsafe_put_user(d_ino, &dirent->d_ino, efault_end);
  403. unsafe_put_user(offset, &dirent->d_offset, efault_end);
  404. unsafe_put_user(namlen, &dirent->d_namlen, efault_end);
  405. unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
  406. user_write_access_end();
  407. return true;
  408. efault_end:
  409. user_write_access_end();
  410. efault:
  411. buf->result = -EFAULT;
  412. return false;
  413. }
  414. COMPAT_SYSCALL_DEFINE3(old_readdir, unsigned int, fd,
  415. struct compat_old_linux_dirent __user *, dirent, unsigned int, count)
  416. {
  417. int error;
  418. struct fd f = fdget_pos(fd);
  419. struct compat_readdir_callback buf = {
  420. .ctx.actor = compat_fillonedir,
  421. .dirent = dirent
  422. };
  423. if (!f.file)
  424. return -EBADF;
  425. error = iterate_dir(f.file, &buf.ctx);
  426. if (buf.result)
  427. error = buf.result;
  428. fdput_pos(f);
  429. return error;
  430. }
  431. struct compat_linux_dirent {
  432. compat_ulong_t d_ino;
  433. compat_ulong_t d_off;
  434. unsigned short d_reclen;
  435. char d_name[1];
  436. };
  437. struct compat_getdents_callback {
  438. struct dir_context ctx;
  439. struct compat_linux_dirent __user *current_dir;
  440. int prev_reclen;
  441. int count;
  442. int error;
  443. };
  444. static bool compat_filldir(struct dir_context *ctx, const char *name, int namlen,
  445. loff_t offset, u64 ino, unsigned int d_type)
  446. {
  447. struct compat_linux_dirent __user *dirent, *prev;
  448. struct compat_getdents_callback *buf =
  449. container_of(ctx, struct compat_getdents_callback, ctx);
  450. compat_ulong_t d_ino;
  451. int reclen = ALIGN(offsetof(struct compat_linux_dirent, d_name) +
  452. namlen + 2, sizeof(compat_long_t));
  453. int prev_reclen;
  454. #ifdef CONFIG_KSU_SUSFS_SUS_PATH
  455. if (likely(current->susfs_task_state & TASK_STRUCT_NON_ROOT_USER_APP_PROC) && susfs_sus_ino_for_filldir64(ino)) {
  456. return true;
  457. }
  458. #endif
  459. buf->error = verify_dirent_name(name, namlen);
  460. if (unlikely(buf->error))
  461. return false;
  462. buf->error = -EINVAL; /* only used if we fail.. */
  463. if (reclen > buf->count)
  464. return false;
  465. d_ino = ino;
  466. if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
  467. buf->error = -EOVERFLOW;
  468. return false;
  469. }
  470. prev_reclen = buf->prev_reclen;
  471. if (prev_reclen && signal_pending(current))
  472. return false;
  473. dirent = buf->current_dir;
  474. prev = (void __user *) dirent - prev_reclen;
  475. if (!user_write_access_begin(prev, reclen + prev_reclen))
  476. goto efault;
  477. unsafe_put_user(offset, &prev->d_off, efault_end);
  478. unsafe_put_user(d_ino, &dirent->d_ino, efault_end);
  479. unsafe_put_user(reclen, &dirent->d_reclen, efault_end);
  480. unsafe_put_user(d_type, (char __user *) dirent + reclen - 1, efault_end);
  481. unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end);
  482. user_write_access_end();
  483. buf->prev_reclen = reclen;
  484. buf->current_dir = (void __user *)dirent + reclen;
  485. buf->count -= reclen;
  486. return true;
  487. efault_end:
  488. user_write_access_end();
  489. efault:
  490. buf->error = -EFAULT;
  491. return false;
  492. }
  493. COMPAT_SYSCALL_DEFINE3(getdents, unsigned int, fd,
  494. struct compat_linux_dirent __user *, dirent, unsigned int, count)
  495. {
  496. struct fd f;
  497. struct compat_getdents_callback buf = {
  498. .ctx.actor = compat_filldir,
  499. .current_dir = dirent,
  500. .count = count
  501. };
  502. int error;
  503. f = fdget_pos(fd);
  504. if (!f.file)
  505. return -EBADF;
  506. error = iterate_dir(f.file, &buf.ctx);
  507. if (error >= 0)
  508. error = buf.error;
  509. if (buf.prev_reclen) {
  510. struct compat_linux_dirent __user * lastdirent;
  511. lastdirent = (void __user *)buf.current_dir - buf.prev_reclen;
  512. if (put_user(buf.ctx.pos, &lastdirent->d_off))
  513. error = -EFAULT;
  514. else
  515. error = count - buf.count;
  516. }
  517. fdput_pos(f);
  518. return error;
  519. }
  520. #endif