Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
1da177e4 LT |
2 | /* |
3 | * linux/fs/readdir.c | |
4 | * | |
5 | * Copyright (C) 1995 Linus Torvalds | |
6 | */ | |
7 | ||
85c9fe8f | 8 | #include <linux/stddef.h> |
022a1692 | 9 | #include <linux/kernel.h> |
630d9c47 | 10 | #include <linux/export.h> |
1da177e4 LT |
11 | #include <linux/time.h> |
12 | #include <linux/mm.h> | |
13 | #include <linux/errno.h> | |
14 | #include <linux/stat.h> | |
15 | #include <linux/file.h> | |
1da177e4 | 16 | #include <linux/fs.h> |
d4c7cf6c | 17 | #include <linux/fsnotify.h> |
1da177e4 LT |
18 | #include <linux/dirent.h> |
19 | #include <linux/security.h> | |
20 | #include <linux/syscalls.h> | |
21 | #include <linux/unistd.h> | |
0460b2a2 | 22 | #include <linux/compat.h> |
7c0f6ba6 | 23 | #include <linux/uaccess.h> |
1da177e4 | 24 | |
9f79b78e LT |
25 | #include <asm/unaligned.h> |
26 | ||
3e327154 LT |
27 | /* |
28 | * Some filesystems were never converted to '->iterate_shared()' | |
29 | * and their directory iterators want the inode lock held for | |
30 | * writing. This wrapper allows for converting from the shared | |
31 | * semantics to the exclusive inode use. | |
32 | */ | |
33 | int wrap_directory_iterator(struct file *file, | |
34 | struct dir_context *ctx, | |
35 | int (*iter)(struct file *, struct dir_context *)) | |
36 | { | |
37 | struct inode *inode = file_inode(file); | |
38 | int ret; | |
39 | ||
40 | /* | |
41 | * We'd love to have an 'inode_upgrade_trylock()' operation, | |
42 | * see the comment in mmap_upgrade_trylock() in mm/memory.c. | |
43 | * | |
44 | * But considering this is for "filesystems that never got | |
45 | * converted", it really doesn't matter. | |
46 | * | |
47 | * Also note that since we have to return with the lock held | |
48 | * for reading, we can't use the "killable()" locking here, | |
49 | * since we do need to get the lock even if we're dying. | |
50 | * | |
51 | * We could do the write part killably and then get the read | |
52 | * lock unconditionally if it mattered, but see above on why | |
53 | * this does the very simplistic conversion. | |
54 | */ | |
55 | up_read(&inode->i_rwsem); | |
56 | down_write(&inode->i_rwsem); | |
57 | ||
58 | /* | |
59 | * Since we dropped the inode lock, we should do the | |
60 | * DEADDIR test again. See 'iterate_dir()' below. | |
61 | * | |
62 | * Note that we don't need to re-do the f_pos games, | |
63 | * since the file must be locked wrt f_pos anyway. | |
64 | */ | |
65 | ret = -ENOENT; | |
66 | if (!IS_DEADDIR(inode)) | |
67 | ret = iter(file, ctx); | |
68 | ||
69 | downgrade_write(&inode->i_rwsem); | |
70 | return ret; | |
71 | } | |
72 | EXPORT_SYMBOL(wrap_directory_iterator); | |
73 | ||
9f79b78e LT |
74 | /* |
75 | * Note the "unsafe_put_user() semantics: we goto a | |
76 | * label for errors. | |
9f79b78e LT |
77 | */ |
78 | #define unsafe_copy_dirent_name(_dst, _src, _len, label) do { \ | |
79 | char __user *dst = (_dst); \ | |
80 | const char *src = (_src); \ | |
81 | size_t len = (_len); \ | |
c512c691 LT |
82 | unsafe_put_user(0, dst+len, label); \ |
83 | unsafe_copy_to_user(dst, src, len, label); \ | |
9f79b78e LT |
84 | } while (0) |
85 | ||
86 | ||
5c0ba4e0 | 87 | int iterate_dir(struct file *file, struct dir_context *ctx) |
1da177e4 | 88 | { |
496ad9aa | 89 | struct inode *inode = file_inode(file); |
1da177e4 | 90 | int res = -ENOTDIR; |
3e327154 LT |
91 | |
92 | if (!file->f_op->iterate_shared) | |
1da177e4 LT |
93 | goto out; |
94 | ||
95 | res = security_file_permission(file, MAY_READ); | |
96 | if (res) | |
97 | goto out; | |
98 | ||
3e327154 | 99 | res = down_read_killable(&inode->i_rwsem); |
0dc208b5 KT |
100 | if (res) |
101 | goto out; | |
da784511 | 102 | |
1da177e4 LT |
103 | res = -ENOENT; |
104 | if (!IS_DEADDIR(inode)) { | |
2233f31a | 105 | ctx->pos = file->f_pos; |
3e327154 | 106 | res = file->f_op->iterate_shared(file, ctx); |
2233f31a | 107 | file->f_pos = ctx->pos; |
d4c7cf6c | 108 | fsnotify_access(file); |
1da177e4 LT |
109 | file_accessed(file); |
110 | } | |
3e327154 | 111 | inode_unlock_shared(inode); |
1da177e4 LT |
112 | out: |
113 | return res; | |
114 | } | |
5c0ba4e0 | 115 | EXPORT_SYMBOL(iterate_dir); |
1da177e4 | 116 | |
8a23eb80 LT |
117 | /* |
118 | * POSIX says that a dirent name cannot contain NULL or a '/'. | |
119 | * | |
120 | * It's not 100% clear what we should really do in this case. | |
121 | * The filesystem is clearly corrupted, but returning a hard | |
122 | * error means that you now don't see any of the other names | |
123 | * either, so that isn't a perfect alternative. | |
124 | * | |
125 | * And if you return an error, what error do you use? Several | |
126 | * filesystems seem to have decided on EUCLEAN being the error | |
127 | * code for EFSCORRUPTED, and that may be the error to use. Or | |
128 | * just EIO, which is perhaps more obvious to users. | |
129 | * | |
130 | * In order to see the other file names in the directory, the | |
131 | * caller might want to make this a "soft" error: skip the | |
132 | * entry, and return the error at the end instead. | |
133 | * | |
134 | * Note that this should likely do a "memchr(name, 0, len)" | |
135 | * check too, since that would be filesystem corruption as | |
136 | * well. However, that case can't actually confuse user space, | |
137 | * which has to do a strlen() on the name anyway to find the | |
138 | * filename length, and the above "soft error" worry means | |
139 | * that it's probably better left alone until we have that | |
140 | * issue clarified. | |
2c6b7bcd LT |
141 | * |
142 | * Note the PATH_MAX check - it's arbitrary but the real | |
143 | * kernel limit on a possible path component, not NAME_MAX, | |
144 | * which is the technical standard limit. | |
8a23eb80 LT |
145 | */ |
146 | static int verify_dirent_name(const char *name, int len) | |
147 | { | |
2c6b7bcd | 148 | if (len <= 0 || len >= PATH_MAX) |
8a23eb80 | 149 | return -EIO; |
b9959c7a | 150 | if (memchr(name, '/', len)) |
8a23eb80 LT |
151 | return -EIO; |
152 | return 0; | |
153 | } | |
154 | ||
1da177e4 LT |
155 | /* |
156 | * Traditional linux readdir() handling.. | |
157 | * | |
158 | * "count=1" is a special case, meaning that the buffer is one | |
159 | * dirent-structure in size and that the code can't handle more | |
160 | * anyway. Thus the special "fillonedir()" function for that | |
161 | * case (the low-level handlers don't need to care about this). | |
162 | */ | |
1da177e4 LT |
163 | |
164 | #ifdef __ARCH_WANT_OLD_READDIR | |
165 | ||
166 | struct old_linux_dirent { | |
167 | unsigned long d_ino; | |
168 | unsigned long d_offset; | |
169 | unsigned short d_namlen; | |
2507135e | 170 | char d_name[]; |
1da177e4 LT |
171 | }; |
172 | ||
173 | struct readdir_callback { | |
5c0ba4e0 | 174 | struct dir_context ctx; |
1da177e4 LT |
175 | struct old_linux_dirent __user * dirent; |
176 | int result; | |
177 | }; | |
178 | ||
25885a35 | 179 | static bool fillonedir(struct dir_context *ctx, const char *name, int namlen, |
ac7576f4 | 180 | loff_t offset, u64 ino, unsigned int d_type) |
1da177e4 | 181 | { |
ac7576f4 MS |
182 | struct readdir_callback *buf = |
183 | container_of(ctx, struct readdir_callback, ctx); | |
1da177e4 | 184 | struct old_linux_dirent __user * dirent; |
afefdbb2 | 185 | unsigned long d_ino; |
1da177e4 LT |
186 | |
187 | if (buf->result) | |
25885a35 | 188 | return false; |
0c93ac69 | 189 | buf->result = verify_dirent_name(name, namlen); |
25885a35 AV |
190 | if (buf->result) |
191 | return false; | |
afefdbb2 | 192 | d_ino = ino; |
8f3f655d AV |
193 | if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) { |
194 | buf->result = -EOVERFLOW; | |
25885a35 | 195 | return false; |
8f3f655d | 196 | } |
1da177e4 LT |
197 | buf->result++; |
198 | dirent = buf->dirent; | |
391b7461 | 199 | if (!user_write_access_begin(dirent, |
1da177e4 LT |
200 | (unsigned long)(dirent->d_name + namlen + 1) - |
201 | (unsigned long)dirent)) | |
202 | goto efault; | |
391b7461 AV |
203 | unsafe_put_user(d_ino, &dirent->d_ino, efault_end); |
204 | unsafe_put_user(offset, &dirent->d_offset, efault_end); | |
205 | unsafe_put_user(namlen, &dirent->d_namlen, efault_end); | |
206 | unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); | |
207 | user_write_access_end(); | |
25885a35 | 208 | return true; |
391b7461 AV |
209 | efault_end: |
210 | user_write_access_end(); | |
1da177e4 LT |
211 | efault: |
212 | buf->result = -EFAULT; | |
25885a35 | 213 | return false; |
1da177e4 LT |
214 | } |
215 | ||
d4e82042 HC |
216 | SYSCALL_DEFINE3(old_readdir, unsigned int, fd, |
217 | struct old_linux_dirent __user *, dirent, unsigned int, count) | |
1da177e4 LT |
218 | { |
219 | int error; | |
63b6df14 | 220 | struct fd f = fdget_pos(fd); |
ac6614b7 AV |
221 | struct readdir_callback buf = { |
222 | .ctx.actor = fillonedir, | |
223 | .dirent = dirent | |
224 | }; | |
1da177e4 | 225 | |
2903ff01 | 226 | if (!f.file) |
863ced7f | 227 | return -EBADF; |
1da177e4 | 228 | |
5c0ba4e0 | 229 | error = iterate_dir(f.file, &buf.ctx); |
53c9c5c0 | 230 | if (buf.result) |
1da177e4 LT |
231 | error = buf.result; |
232 | ||
63b6df14 | 233 | fdput_pos(f); |
1da177e4 LT |
234 | return error; |
235 | } | |
236 | ||
237 | #endif /* __ARCH_WANT_OLD_READDIR */ | |
238 | ||
239 | /* | |
240 | * New, all-improved, singing, dancing, iBCS2-compliant getdents() | |
241 | * interface. | |
242 | */ | |
243 | struct linux_dirent { | |
244 | unsigned long d_ino; | |
245 | unsigned long d_off; | |
246 | unsigned short d_reclen; | |
2507135e | 247 | char d_name[]; |
1da177e4 LT |
248 | }; |
249 | ||
250 | struct getdents_callback { | |
5c0ba4e0 | 251 | struct dir_context ctx; |
1da177e4 | 252 | struct linux_dirent __user * current_dir; |
3c2659bd | 253 | int prev_reclen; |
1da177e4 LT |
254 | int count; |
255 | int error; | |
256 | }; | |
257 | ||
25885a35 | 258 | static bool filldir(struct dir_context *ctx, const char *name, int namlen, |
ac7576f4 | 259 | loff_t offset, u64 ino, unsigned int d_type) |
1da177e4 | 260 | { |
3c2659bd | 261 | struct linux_dirent __user *dirent, *prev; |
ac7576f4 MS |
262 | struct getdents_callback *buf = |
263 | container_of(ctx, struct getdents_callback, ctx); | |
afefdbb2 | 264 | unsigned long d_ino; |
85c9fe8f KW |
265 | int reclen = ALIGN(offsetof(struct linux_dirent, d_name) + namlen + 2, |
266 | sizeof(long)); | |
3c2659bd | 267 | int prev_reclen; |
1da177e4 | 268 | |
8a23eb80 LT |
269 | buf->error = verify_dirent_name(name, namlen); |
270 | if (unlikely(buf->error)) | |
25885a35 | 271 | return false; |
1da177e4 LT |
272 | buf->error = -EINVAL; /* only used if we fail.. */ |
273 | if (reclen > buf->count) | |
25885a35 | 274 | return false; |
afefdbb2 | 275 | d_ino = ino; |
8f3f655d AV |
276 | if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) { |
277 | buf->error = -EOVERFLOW; | |
25885a35 | 278 | return false; |
8f3f655d | 279 | } |
3c2659bd LT |
280 | prev_reclen = buf->prev_reclen; |
281 | if (prev_reclen && signal_pending(current)) | |
25885a35 | 282 | return false; |
9f79b78e | 283 | dirent = buf->current_dir; |
3c2659bd | 284 | prev = (void __user *) dirent - prev_reclen; |
41cd7805 | 285 | if (!user_write_access_begin(prev, reclen + prev_reclen)) |
3c2659bd LT |
286 | goto efault; |
287 | ||
288 | /* This might be 'dirent->d_off', but if so it will get overwritten */ | |
289 | unsafe_put_user(offset, &prev->d_off, efault_end); | |
9f79b78e LT |
290 | unsafe_put_user(d_ino, &dirent->d_ino, efault_end); |
291 | unsafe_put_user(reclen, &dirent->d_reclen, efault_end); | |
292 | unsafe_put_user(d_type, (char __user *) dirent + reclen - 1, efault_end); | |
293 | unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); | |
41cd7805 | 294 | user_write_access_end(); |
9f79b78e | 295 | |
3c2659bd LT |
296 | buf->current_dir = (void __user *)dirent + reclen; |
297 | buf->prev_reclen = reclen; | |
1da177e4 | 298 | buf->count -= reclen; |
25885a35 | 299 | return true; |
9f79b78e | 300 | efault_end: |
41cd7805 | 301 | user_write_access_end(); |
1da177e4 LT |
302 | efault: |
303 | buf->error = -EFAULT; | |
25885a35 | 304 | return false; |
1da177e4 LT |
305 | } |
306 | ||
20f37034 HC |
307 | SYSCALL_DEFINE3(getdents, unsigned int, fd, |
308 | struct linux_dirent __user *, dirent, unsigned int, count) | |
1da177e4 | 309 | { |
2903ff01 | 310 | struct fd f; |
ac6614b7 AV |
311 | struct getdents_callback buf = { |
312 | .ctx.actor = filldir, | |
313 | .count = count, | |
314 | .current_dir = dirent | |
315 | }; | |
1da177e4 LT |
316 | int error; |
317 | ||
63b6df14 | 318 | f = fdget_pos(fd); |
2903ff01 | 319 | if (!f.file) |
863ced7f | 320 | return -EBADF; |
1da177e4 | 321 | |
5c0ba4e0 | 322 | error = iterate_dir(f.file, &buf.ctx); |
53c9c5c0 AV |
323 | if (error >= 0) |
324 | error = buf.error; | |
3c2659bd LT |
325 | if (buf.prev_reclen) { |
326 | struct linux_dirent __user * lastdirent; | |
327 | lastdirent = (void __user *)buf.current_dir - buf.prev_reclen; | |
328 | ||
bb6f619b | 329 | if (put_user(buf.ctx.pos, &lastdirent->d_off)) |
1da177e4 LT |
330 | error = -EFAULT; |
331 | else | |
332 | error = count - buf.count; | |
333 | } | |
63b6df14 | 334 | fdput_pos(f); |
1da177e4 LT |
335 | return error; |
336 | } | |
337 | ||
1da177e4 | 338 | struct getdents_callback64 { |
5c0ba4e0 | 339 | struct dir_context ctx; |
1da177e4 | 340 | struct linux_dirent64 __user * current_dir; |
3c2659bd | 341 | int prev_reclen; |
1da177e4 LT |
342 | int count; |
343 | int error; | |
344 | }; | |
345 | ||
25885a35 | 346 | static bool filldir64(struct dir_context *ctx, const char *name, int namlen, |
ac7576f4 | 347 | loff_t offset, u64 ino, unsigned int d_type) |
1da177e4 | 348 | { |
3c2659bd | 349 | struct linux_dirent64 __user *dirent, *prev; |
ac7576f4 MS |
350 | struct getdents_callback64 *buf = |
351 | container_of(ctx, struct getdents_callback64, ctx); | |
85c9fe8f KW |
352 | int reclen = ALIGN(offsetof(struct linux_dirent64, d_name) + namlen + 1, |
353 | sizeof(u64)); | |
3c2659bd | 354 | int prev_reclen; |
1da177e4 | 355 | |
8a23eb80 LT |
356 | buf->error = verify_dirent_name(name, namlen); |
357 | if (unlikely(buf->error)) | |
25885a35 | 358 | return false; |
1da177e4 LT |
359 | buf->error = -EINVAL; /* only used if we fail.. */ |
360 | if (reclen > buf->count) | |
25885a35 | 361 | return false; |
3c2659bd LT |
362 | prev_reclen = buf->prev_reclen; |
363 | if (prev_reclen && signal_pending(current)) | |
25885a35 | 364 | return false; |
9f79b78e | 365 | dirent = buf->current_dir; |
3c2659bd | 366 | prev = (void __user *)dirent - prev_reclen; |
41cd7805 | 367 | if (!user_write_access_begin(prev, reclen + prev_reclen)) |
3c2659bd LT |
368 | goto efault; |
369 | ||
370 | /* This might be 'dirent->d_off', but if so it will get overwritten */ | |
371 | unsafe_put_user(offset, &prev->d_off, efault_end); | |
9f79b78e LT |
372 | unsafe_put_user(ino, &dirent->d_ino, efault_end); |
373 | unsafe_put_user(reclen, &dirent->d_reclen, efault_end); | |
374 | unsafe_put_user(d_type, &dirent->d_type, efault_end); | |
375 | unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); | |
41cd7805 | 376 | user_write_access_end(); |
9f79b78e | 377 | |
3c2659bd LT |
378 | buf->prev_reclen = reclen; |
379 | buf->current_dir = (void __user *)dirent + reclen; | |
1da177e4 | 380 | buf->count -= reclen; |
25885a35 | 381 | return true; |
3c2659bd | 382 | |
9f79b78e | 383 | efault_end: |
41cd7805 | 384 | user_write_access_end(); |
1da177e4 LT |
385 | efault: |
386 | buf->error = -EFAULT; | |
25885a35 | 387 | return false; |
1da177e4 LT |
388 | } |
389 | ||
fb2da16c CH |
390 | SYSCALL_DEFINE3(getdents64, unsigned int, fd, |
391 | struct linux_dirent64 __user *, dirent, unsigned int, count) | |
1da177e4 | 392 | { |
2903ff01 | 393 | struct fd f; |
ac6614b7 AV |
394 | struct getdents_callback64 buf = { |
395 | .ctx.actor = filldir64, | |
396 | .count = count, | |
397 | .current_dir = dirent | |
398 | }; | |
1da177e4 LT |
399 | int error; |
400 | ||
63b6df14 | 401 | f = fdget_pos(fd); |
2903ff01 | 402 | if (!f.file) |
863ced7f | 403 | return -EBADF; |
1da177e4 | 404 | |
5c0ba4e0 | 405 | error = iterate_dir(f.file, &buf.ctx); |
53c9c5c0 AV |
406 | if (error >= 0) |
407 | error = buf.error; | |
3c2659bd LT |
408 | if (buf.prev_reclen) { |
409 | struct linux_dirent64 __user * lastdirent; | |
bb6f619b | 410 | typeof(lastdirent->d_off) d_off = buf.ctx.pos; |
3c2659bd LT |
411 | |
412 | lastdirent = (void __user *) buf.current_dir - buf.prev_reclen; | |
5fb15141 | 413 | if (put_user(d_off, &lastdirent->d_off)) |
53c9c5c0 AV |
414 | error = -EFAULT; |
415 | else | |
416 | error = count - buf.count; | |
1da177e4 | 417 | } |
63b6df14 | 418 | fdput_pos(f); |
1da177e4 LT |
419 | return error; |
420 | } | |
0460b2a2 AV |
421 | |
422 | #ifdef CONFIG_COMPAT | |
423 | struct compat_old_linux_dirent { | |
424 | compat_ulong_t d_ino; | |
425 | compat_ulong_t d_offset; | |
426 | unsigned short d_namlen; | |
2507135e | 427 | char d_name[]; |
0460b2a2 AV |
428 | }; |
429 | ||
430 | struct compat_readdir_callback { | |
431 | struct dir_context ctx; | |
432 | struct compat_old_linux_dirent __user *dirent; | |
433 | int result; | |
434 | }; | |
435 | ||
25885a35 | 436 | static bool compat_fillonedir(struct dir_context *ctx, const char *name, |
0460b2a2 AV |
437 | int namlen, loff_t offset, u64 ino, |
438 | unsigned int d_type) | |
439 | { | |
440 | struct compat_readdir_callback *buf = | |
441 | container_of(ctx, struct compat_readdir_callback, ctx); | |
442 | struct compat_old_linux_dirent __user *dirent; | |
443 | compat_ulong_t d_ino; | |
444 | ||
445 | if (buf->result) | |
25885a35 | 446 | return false; |
0c93ac69 | 447 | buf->result = verify_dirent_name(name, namlen); |
25885a35 AV |
448 | if (buf->result) |
449 | return false; | |
0460b2a2 AV |
450 | d_ino = ino; |
451 | if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) { | |
452 | buf->result = -EOVERFLOW; | |
25885a35 | 453 | return false; |
0460b2a2 AV |
454 | } |
455 | buf->result++; | |
456 | dirent = buf->dirent; | |
391b7461 | 457 | if (!user_write_access_begin(dirent, |
0460b2a2 AV |
458 | (unsigned long)(dirent->d_name + namlen + 1) - |
459 | (unsigned long)dirent)) | |
460 | goto efault; | |
391b7461 AV |
461 | unsafe_put_user(d_ino, &dirent->d_ino, efault_end); |
462 | unsafe_put_user(offset, &dirent->d_offset, efault_end); | |
463 | unsafe_put_user(namlen, &dirent->d_namlen, efault_end); | |
464 | unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); | |
465 | user_write_access_end(); | |
25885a35 | 466 | return true; |
391b7461 AV |
467 | efault_end: |
468 | user_write_access_end(); | |
0460b2a2 AV |
469 | efault: |
470 | buf->result = -EFAULT; | |
25885a35 | 471 | return false; |
0460b2a2 AV |
472 | } |
473 | ||
474 | COMPAT_SYSCALL_DEFINE3(old_readdir, unsigned int, fd, | |
475 | struct compat_old_linux_dirent __user *, dirent, unsigned int, count) | |
476 | { | |
477 | int error; | |
478 | struct fd f = fdget_pos(fd); | |
479 | struct compat_readdir_callback buf = { | |
480 | .ctx.actor = compat_fillonedir, | |
481 | .dirent = dirent | |
482 | }; | |
483 | ||
484 | if (!f.file) | |
485 | return -EBADF; | |
486 | ||
487 | error = iterate_dir(f.file, &buf.ctx); | |
488 | if (buf.result) | |
489 | error = buf.result; | |
490 | ||
491 | fdput_pos(f); | |
492 | return error; | |
493 | } | |
494 | ||
495 | struct compat_linux_dirent { | |
496 | compat_ulong_t d_ino; | |
497 | compat_ulong_t d_off; | |
498 | unsigned short d_reclen; | |
2507135e | 499 | char d_name[]; |
0460b2a2 AV |
500 | }; |
501 | ||
502 | struct compat_getdents_callback { | |
503 | struct dir_context ctx; | |
504 | struct compat_linux_dirent __user *current_dir; | |
82af599b | 505 | int prev_reclen; |
0460b2a2 AV |
506 | int count; |
507 | int error; | |
508 | }; | |
509 | ||
25885a35 | 510 | static bool compat_filldir(struct dir_context *ctx, const char *name, int namlen, |
0460b2a2 AV |
511 | loff_t offset, u64 ino, unsigned int d_type) |
512 | { | |
82af599b | 513 | struct compat_linux_dirent __user *dirent, *prev; |
0460b2a2 AV |
514 | struct compat_getdents_callback *buf = |
515 | container_of(ctx, struct compat_getdents_callback, ctx); | |
516 | compat_ulong_t d_ino; | |
517 | int reclen = ALIGN(offsetof(struct compat_linux_dirent, d_name) + | |
518 | namlen + 2, sizeof(compat_long_t)); | |
82af599b | 519 | int prev_reclen; |
0460b2a2 | 520 | |
82af599b AV |
521 | buf->error = verify_dirent_name(name, namlen); |
522 | if (unlikely(buf->error)) | |
25885a35 | 523 | return false; |
0460b2a2 AV |
524 | buf->error = -EINVAL; /* only used if we fail.. */ |
525 | if (reclen > buf->count) | |
25885a35 | 526 | return false; |
0460b2a2 AV |
527 | d_ino = ino; |
528 | if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) { | |
529 | buf->error = -EOVERFLOW; | |
25885a35 | 530 | return false; |
0460b2a2 | 531 | } |
82af599b AV |
532 | prev_reclen = buf->prev_reclen; |
533 | if (prev_reclen && signal_pending(current)) | |
25885a35 | 534 | return false; |
0460b2a2 | 535 | dirent = buf->current_dir; |
82af599b AV |
536 | prev = (void __user *) dirent - prev_reclen; |
537 | if (!user_write_access_begin(prev, reclen + prev_reclen)) | |
0460b2a2 | 538 | goto efault; |
82af599b AV |
539 | |
540 | unsafe_put_user(offset, &prev->d_off, efault_end); | |
541 | unsafe_put_user(d_ino, &dirent->d_ino, efault_end); | |
542 | unsafe_put_user(reclen, &dirent->d_reclen, efault_end); | |
543 | unsafe_put_user(d_type, (char __user *) dirent + reclen - 1, efault_end); | |
544 | unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); | |
545 | user_write_access_end(); | |
546 | ||
547 | buf->prev_reclen = reclen; | |
548 | buf->current_dir = (void __user *)dirent + reclen; | |
0460b2a2 | 549 | buf->count -= reclen; |
25885a35 | 550 | return true; |
82af599b AV |
551 | efault_end: |
552 | user_write_access_end(); | |
0460b2a2 AV |
553 | efault: |
554 | buf->error = -EFAULT; | |
25885a35 | 555 | return false; |
0460b2a2 AV |
556 | } |
557 | ||
558 | COMPAT_SYSCALL_DEFINE3(getdents, unsigned int, fd, | |
559 | struct compat_linux_dirent __user *, dirent, unsigned int, count) | |
560 | { | |
561 | struct fd f; | |
0460b2a2 AV |
562 | struct compat_getdents_callback buf = { |
563 | .ctx.actor = compat_filldir, | |
564 | .current_dir = dirent, | |
565 | .count = count | |
566 | }; | |
567 | int error; | |
568 | ||
0460b2a2 AV |
569 | f = fdget_pos(fd); |
570 | if (!f.file) | |
571 | return -EBADF; | |
572 | ||
573 | error = iterate_dir(f.file, &buf.ctx); | |
574 | if (error >= 0) | |
575 | error = buf.error; | |
82af599b AV |
576 | if (buf.prev_reclen) { |
577 | struct compat_linux_dirent __user * lastdirent; | |
578 | lastdirent = (void __user *)buf.current_dir - buf.prev_reclen; | |
579 | ||
0460b2a2 AV |
580 | if (put_user(buf.ctx.pos, &lastdirent->d_off)) |
581 | error = -EFAULT; | |
582 | else | |
583 | error = count - buf.count; | |
584 | } | |
585 | fdput_pos(f); | |
586 | return error; | |
587 | } | |
588 | #endif |