Commit | Line | Data |
---|---|---|
7a5cf791 AV |
1 | /* SPDX-License-Identifier: GPL-2.0 */ |
2 | #include <linux/syscalls.h> | |
3 | #include <linux/export.h> | |
4 | #include <linux/uaccess.h> | |
5 | #include <linux/fs_struct.h> | |
6 | #include <linux/fs.h> | |
7 | #include <linux/slab.h> | |
8 | #include <linux/prefetch.h> | |
9 | #include "mount.h" | |
10 | ||
d8548232 | 11 | static void prepend(char **buffer, int *buflen, const char *str, int namelen) |
7a5cf791 AV |
12 | { |
13 | *buflen -= namelen; | |
d8548232 AV |
14 | if (likely(*buflen >= 0)) { |
15 | *buffer -= namelen; | |
16 | memcpy(*buffer, str, namelen); | |
17 | } | |
7a5cf791 AV |
18 | } |
19 | ||
20 | /** | |
21 | * prepend_name - prepend a pathname in front of current buffer pointer | |
22 | * @buffer: buffer pointer | |
23 | * @buflen: allocated length of the buffer | |
24 | * @name: name string and length qstr structure | |
25 | * | |
26 | * With RCU path tracing, it may race with d_move(). Use READ_ONCE() to | |
27 | * make sure that either the old or the new name pointer and length are | |
28 | * fetched. However, there may be mismatch between length and pointer. | |
29 | * The length cannot be trusted, we need to copy it byte-by-byte until | |
30 | * the length is reached or a null byte is found. It also prepends "/" at | |
31 | * the beginning of the name. The sequence number check at the caller will | |
32 | * retry it again when a d_move() does happen. So any garbage in the buffer | |
33 | * due to mismatched pointer and length will be discarded. | |
34 | * | |
35 | * Load acquire is needed to make sure that we see that terminating NUL. | |
36 | */ | |
95b55c42 | 37 | static bool prepend_name(char **buffer, int *buflen, const struct qstr *name) |
7a5cf791 AV |
38 | { |
39 | const char *dname = smp_load_acquire(&name->name); /* ^^^ */ | |
40 | u32 dlen = READ_ONCE(name->len); | |
41 | char *p; | |
42 | ||
43 | *buflen -= dlen + 1; | |
95b55c42 AV |
44 | if (unlikely(*buflen < 0)) |
45 | return false; | |
7a5cf791 AV |
46 | p = *buffer -= dlen + 1; |
47 | *p++ = '/'; | |
48 | while (dlen--) { | |
49 | char c = *dname++; | |
50 | if (!c) | |
51 | break; | |
52 | *p++ = c; | |
53 | } | |
95b55c42 | 54 | return true; |
7a5cf791 AV |
55 | } |
56 | ||
57 | /** | |
58 | * prepend_path - Prepend path string to a buffer | |
59 | * @path: the dentry/vfsmount to report | |
60 | * @root: root vfsmnt/dentry | |
61 | * @buffer: pointer to the end of the buffer | |
62 | * @buflen: pointer to buffer length | |
63 | * | |
64 | * The function will first try to write out the pathname without taking any | |
65 | * lock other than the RCU read lock to make sure that dentries won't go away. | |
66 | * It only checks the sequence number of the global rename_lock as any change | |
67 | * in the dentry's d_seq will be preceded by changes in the rename_lock | |
68 | * sequence number. If the sequence number had been changed, it will restart | |
69 | * the whole pathname back-tracing sequence again by taking the rename_lock. | |
70 | * In this case, there is no need to take the RCU read lock as the recursive | |
71 | * parent pointer references will keep the dentry chain alive as long as no | |
72 | * rename operation is performed. | |
73 | */ | |
74 | static int prepend_path(const struct path *path, | |
75 | const struct path *root, | |
76 | char **buffer, int *buflen) | |
77 | { | |
78 | struct dentry *dentry; | |
79 | struct vfsmount *vfsmnt; | |
80 | struct mount *mnt; | |
81 | int error = 0; | |
82 | unsigned seq, m_seq = 0; | |
83 | char *bptr; | |
84 | int blen; | |
85 | ||
86 | rcu_read_lock(); | |
87 | restart_mnt: | |
88 | read_seqbegin_or_lock(&mount_lock, &m_seq); | |
89 | seq = 0; | |
90 | rcu_read_lock(); | |
91 | restart: | |
92 | bptr = *buffer; | |
93 | blen = *buflen; | |
94 | error = 0; | |
95 | dentry = path->dentry; | |
96 | vfsmnt = path->mnt; | |
97 | mnt = real_mount(vfsmnt); | |
98 | read_seqbegin_or_lock(&rename_lock, &seq); | |
99 | while (dentry != root->dentry || vfsmnt != root->mnt) { | |
100 | struct dentry * parent; | |
101 | ||
102 | if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) { | |
103 | struct mount *parent = READ_ONCE(mnt->mnt_parent); | |
09cad075 AN |
104 | struct mnt_namespace *mnt_ns; |
105 | ||
7a5cf791 AV |
106 | /* Escaped? */ |
107 | if (dentry != vfsmnt->mnt_root) { | |
108 | bptr = *buffer; | |
109 | blen = *buflen; | |
110 | error = 3; | |
111 | break; | |
112 | } | |
113 | /* Global root? */ | |
114 | if (mnt != parent) { | |
115 | dentry = READ_ONCE(mnt->mnt_mountpoint); | |
116 | mnt = parent; | |
117 | vfsmnt = &mnt->mnt; | |
118 | continue; | |
119 | } | |
09cad075 AN |
120 | mnt_ns = READ_ONCE(mnt->mnt_ns); |
121 | /* open-coded is_mounted() to use local mnt_ns */ | |
122 | if (!IS_ERR_OR_NULL(mnt_ns) && !is_anon_ns(mnt_ns)) | |
f2683bd8 AV |
123 | error = 1; // absolute root |
124 | else | |
125 | error = 2; // detached or not attached yet | |
7a5cf791 AV |
126 | break; |
127 | } | |
128 | parent = dentry->d_parent; | |
129 | prefetch(parent); | |
95b55c42 | 130 | if (!prepend_name(&bptr, &blen, &dentry->d_name)) |
7a5cf791 AV |
131 | break; |
132 | ||
133 | dentry = parent; | |
134 | } | |
135 | if (!(seq & 1)) | |
136 | rcu_read_unlock(); | |
137 | if (need_seqretry(&rename_lock, seq)) { | |
138 | seq = 1; | |
139 | goto restart; | |
140 | } | |
141 | done_seqretry(&rename_lock, seq); | |
142 | ||
143 | if (!(m_seq & 1)) | |
144 | rcu_read_unlock(); | |
145 | if (need_seqretry(&mount_lock, m_seq)) { | |
146 | m_seq = 1; | |
147 | goto restart_mnt; | |
148 | } | |
149 | done_seqretry(&mount_lock, m_seq); | |
150 | ||
01a4428e AV |
151 | if (blen == *buflen) |
152 | prepend(&bptr, &blen, "/", 1); | |
153 | ||
7a5cf791 AV |
154 | *buffer = bptr; |
155 | *buflen = blen; | |
156 | return error; | |
157 | } | |
158 | ||
159 | /** | |
160 | * __d_path - return the path of a dentry | |
161 | * @path: the dentry/vfsmount to report | |
162 | * @root: root vfsmnt/dentry | |
163 | * @buf: buffer to return value in | |
164 | * @buflen: buffer length | |
165 | * | |
166 | * Convert a dentry into an ASCII path name. | |
167 | * | |
168 | * Returns a pointer into the buffer or an error code if the | |
169 | * path was too long. | |
170 | * | |
171 | * "buflen" should be positive. | |
172 | * | |
173 | * If the path is not reachable from the supplied root, return %NULL. | |
174 | */ | |
175 | char *__d_path(const struct path *path, | |
176 | const struct path *root, | |
177 | char *buf, int buflen) | |
178 | { | |
179 | char *res = buf + buflen; | |
7a5cf791 | 180 | |
dfe50876 | 181 | prepend(&res, &buflen, "", 1); |
01a4428e | 182 | if (prepend_path(path, root, &res, &buflen) > 0) |
7a5cf791 | 183 | return NULL; |
01a4428e | 184 | return buflen >= 0 ? res : ERR_PTR(-ENAMETOOLONG); |
7a5cf791 AV |
185 | } |
186 | ||
187 | char *d_absolute_path(const struct path *path, | |
188 | char *buf, int buflen) | |
189 | { | |
190 | struct path root = {}; | |
191 | char *res = buf + buflen; | |
7a5cf791 | 192 | |
dfe50876 | 193 | prepend(&res, &buflen, "", 1); |
01a4428e AV |
194 | if (prepend_path(path, &root, &res, &buflen) > 1) |
195 | return ERR_PTR(-EINVAL); | |
196 | return buflen >= 0 ? res : ERR_PTR(-ENAMETOOLONG); | |
7a5cf791 AV |
197 | } |
198 | ||
7a5cf791 AV |
199 | static void get_fs_root_rcu(struct fs_struct *fs, struct path *root) |
200 | { | |
201 | unsigned seq; | |
202 | ||
203 | do { | |
204 | seq = read_seqcount_begin(&fs->seq); | |
205 | *root = fs->root; | |
206 | } while (read_seqcount_retry(&fs->seq, seq)); | |
207 | } | |
208 | ||
209 | /** | |
210 | * d_path - return the path of a dentry | |
211 | * @path: path to report | |
212 | * @buf: buffer to return value in | |
213 | * @buflen: buffer length | |
214 | * | |
215 | * Convert a dentry into an ASCII path name. If the entry has been deleted | |
216 | * the string " (deleted)" is appended. Note that this is ambiguous. | |
217 | * | |
218 | * Returns a pointer into the buffer or an error code if the path was | |
219 | * too long. Note: Callers should use the returned pointer, not the passed | |
220 | * in buffer, to use the name! The implementation often starts at an offset | |
221 | * into the buffer, and may leave 0 bytes at the start. | |
222 | * | |
223 | * "buflen" should be positive. | |
224 | */ | |
225 | char *d_path(const struct path *path, char *buf, int buflen) | |
226 | { | |
227 | char *res = buf + buflen; | |
228 | struct path root; | |
7a5cf791 AV |
229 | |
230 | /* | |
231 | * We have various synthetic filesystems that never get mounted. On | |
232 | * these filesystems dentries are never used for lookup purposes, and | |
233 | * thus don't need to be hashed. They also don't need a name until a | |
234 | * user wants to identify the object in /proc/pid/fd/. The little hack | |
235 | * below allows us to generate a name for these objects on demand: | |
236 | * | |
237 | * Some pseudo inodes are mountable. When they are mounted | |
238 | * path->dentry == path->mnt->mnt_root. In that case don't call d_dname | |
239 | * and instead have d_path return the mounted path. | |
240 | */ | |
241 | if (path->dentry->d_op && path->dentry->d_op->d_dname && | |
242 | (!IS_ROOT(path->dentry) || path->dentry != path->mnt->mnt_root)) | |
243 | return path->dentry->d_op->d_dname(path->dentry, buf, buflen); | |
244 | ||
245 | rcu_read_lock(); | |
246 | get_fs_root_rcu(current->fs, &root); | |
9024348f AV |
247 | if (unlikely(d_unlinked(path->dentry))) |
248 | prepend(&res, &buflen, " (deleted)", 11); | |
249 | else | |
250 | prepend(&res, &buflen, "", 1); | |
01a4428e | 251 | prepend_path(path, &root, &res, &buflen); |
7a5cf791 AV |
252 | rcu_read_unlock(); |
253 | ||
01a4428e | 254 | return buflen >= 0 ? res : ERR_PTR(-ENAMETOOLONG); |
7a5cf791 AV |
255 | } |
256 | EXPORT_SYMBOL(d_path); | |
257 | ||
258 | /* | |
259 | * Helper function for dentry_operations.d_dname() members | |
260 | */ | |
261 | char *dynamic_dname(struct dentry *dentry, char *buffer, int buflen, | |
262 | const char *fmt, ...) | |
263 | { | |
264 | va_list args; | |
265 | char temp[64]; | |
266 | int sz; | |
267 | ||
268 | va_start(args, fmt); | |
269 | sz = vsnprintf(temp, sizeof(temp), fmt, args) + 1; | |
270 | va_end(args); | |
271 | ||
272 | if (sz > sizeof(temp) || sz > buflen) | |
273 | return ERR_PTR(-ENAMETOOLONG); | |
274 | ||
275 | buffer += buflen - sz; | |
276 | return memcpy(buffer, temp, sz); | |
277 | } | |
278 | ||
279 | char *simple_dname(struct dentry *dentry, char *buffer, int buflen) | |
280 | { | |
281 | char *end = buffer + buflen; | |
282 | /* these dentries are never renamed, so d_lock is not needed */ | |
d8548232 AV |
283 | prepend(&end, &buflen, " (deleted)", 11); |
284 | prepend(&end, &buflen, dentry->d_name.name, dentry->d_name.len); | |
285 | prepend(&end, &buflen, "/", 1); | |
286 | return buflen >= 0 ? end : ERR_PTR(-ENAMETOOLONG); | |
7a5cf791 | 287 | } |
7a5cf791 AV |
288 | |
289 | /* | |
290 | * Write full pathname from the root of the filesystem into the buffer. | |
291 | */ | |
3a291c97 | 292 | static char *__dentry_path(const struct dentry *d, char *p, int buflen) |
7a5cf791 | 293 | { |
a2bbe664 | 294 | const struct dentry *dentry; |
3acca043 | 295 | char *end; |
7a5cf791 | 296 | int len, seq = 0; |
7a5cf791 AV |
297 | |
298 | rcu_read_lock(); | |
299 | restart: | |
300 | dentry = d; | |
3a291c97 | 301 | end = p; |
7a5cf791 | 302 | len = buflen; |
7a5cf791 AV |
303 | read_seqbegin_or_lock(&rename_lock, &seq); |
304 | while (!IS_ROOT(dentry)) { | |
a2bbe664 | 305 | const struct dentry *parent = dentry->d_parent; |
7a5cf791 AV |
306 | |
307 | prefetch(parent); | |
95b55c42 | 308 | if (!prepend_name(&end, &len, &dentry->d_name)) |
7a5cf791 AV |
309 | break; |
310 | ||
7a5cf791 AV |
311 | dentry = parent; |
312 | } | |
313 | if (!(seq & 1)) | |
314 | rcu_read_unlock(); | |
315 | if (need_seqretry(&rename_lock, seq)) { | |
316 | seq = 1; | |
317 | goto restart; | |
318 | } | |
319 | done_seqretry(&rename_lock, seq); | |
3acca043 AV |
320 | if (len == buflen) |
321 | prepend(&end, &len, "/", 1); | |
322 | return len >= 0 ? end : ERR_PTR(-ENAMETOOLONG); | |
7a5cf791 AV |
323 | } |
324 | ||
a2bbe664 | 325 | char *dentry_path_raw(const struct dentry *dentry, char *buf, int buflen) |
7a5cf791 | 326 | { |
3a291c97 AV |
327 | char *p = buf + buflen; |
328 | prepend(&p, &buflen, "", 1); | |
329 | return __dentry_path(dentry, p, buflen); | |
7a5cf791 AV |
330 | } |
331 | EXPORT_SYMBOL(dentry_path_raw); | |
332 | ||
a2bbe664 | 333 | char *dentry_path(const struct dentry *dentry, char *buf, int buflen) |
7a5cf791 | 334 | { |
3a291c97 AV |
335 | char *p = buf + buflen; |
336 | ||
337 | if (unlikely(d_unlinked(dentry))) | |
338 | prepend(&p, &buflen, "//deleted", 10); | |
339 | else | |
340 | prepend(&p, &buflen, "", 1); | |
341 | return __dentry_path(dentry, p, buflen); | |
7a5cf791 AV |
342 | } |
343 | ||
344 | static void get_fs_root_and_pwd_rcu(struct fs_struct *fs, struct path *root, | |
345 | struct path *pwd) | |
346 | { | |
347 | unsigned seq; | |
348 | ||
349 | do { | |
350 | seq = read_seqcount_begin(&fs->seq); | |
351 | *root = fs->root; | |
352 | *pwd = fs->pwd; | |
353 | } while (read_seqcount_retry(&fs->seq, seq)); | |
354 | } | |
355 | ||
356 | /* | |
357 | * NOTE! The user-level library version returns a | |
358 | * character pointer. The kernel system call just | |
359 | * returns the length of the buffer filled (which | |
360 | * includes the ending '\0' character), or a negative | |
361 | * error value. So libc would do something like | |
362 | * | |
363 | * char *getcwd(char * buf, size_t size) | |
364 | * { | |
365 | * int retval; | |
366 | * | |
367 | * retval = sys_getcwd(buf, size); | |
368 | * if (retval >= 0) | |
369 | * return buf; | |
370 | * errno = -retval; | |
371 | * return NULL; | |
372 | * } | |
373 | */ | |
374 | SYSCALL_DEFINE2(getcwd, char __user *, buf, unsigned long, size) | |
375 | { | |
376 | int error; | |
377 | struct path pwd, root; | |
378 | char *page = __getname(); | |
379 | ||
380 | if (!page) | |
381 | return -ENOMEM; | |
382 | ||
383 | rcu_read_lock(); | |
384 | get_fs_root_and_pwd_rcu(current->fs, &root, &pwd); | |
385 | ||
386 | error = -ENOENT; | |
387 | if (!d_unlinked(pwd.dentry)) { | |
388 | unsigned long len; | |
389 | char *cwd = page + PATH_MAX; | |
390 | int buflen = PATH_MAX; | |
391 | ||
dfe50876 | 392 | prepend(&cwd, &buflen, "", 1); |
a0378fb9 AV |
393 | if (prepend_path(&pwd, &root, &cwd, &buflen) > 0) |
394 | prepend(&cwd, &buflen, "(unreachable)", 13); | |
7a5cf791 AV |
395 | rcu_read_unlock(); |
396 | ||
a0378fb9 AV |
397 | if (buflen < 0) { |
398 | error = -ENAMETOOLONG; | |
7a5cf791 | 399 | goto out; |
7a5cf791 AV |
400 | } |
401 | ||
402 | error = -ERANGE; | |
403 | len = PATH_MAX + page - cwd; | |
404 | if (len <= size) { | |
405 | error = len; | |
406 | if (copy_to_user(buf, cwd, len)) | |
407 | error = -EFAULT; | |
408 | } | |
409 | } else { | |
410 | rcu_read_unlock(); | |
411 | } | |
412 | ||
413 | out: | |
414 | __putname(page); | |
415 | return error; | |
416 | } |