162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * linux/fs/readdir.c 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Copyright (C) 1995 Linus Torvalds 662306a36Sopenharmony_ci */ 762306a36Sopenharmony_ci 862306a36Sopenharmony_ci#include <linux/stddef.h> 962306a36Sopenharmony_ci#include <linux/kernel.h> 1062306a36Sopenharmony_ci#include <linux/export.h> 1162306a36Sopenharmony_ci#include <linux/time.h> 1262306a36Sopenharmony_ci#include <linux/mm.h> 1362306a36Sopenharmony_ci#include <linux/errno.h> 1462306a36Sopenharmony_ci#include <linux/stat.h> 1562306a36Sopenharmony_ci#include <linux/file.h> 1662306a36Sopenharmony_ci#include <linux/fs.h> 1762306a36Sopenharmony_ci#include <linux/fsnotify.h> 1862306a36Sopenharmony_ci#include <linux/dirent.h> 1962306a36Sopenharmony_ci#include <linux/security.h> 2062306a36Sopenharmony_ci#include <linux/syscalls.h> 2162306a36Sopenharmony_ci#include <linux/unistd.h> 2262306a36Sopenharmony_ci#include <linux/compat.h> 2362306a36Sopenharmony_ci#include <linux/uaccess.h> 2462306a36Sopenharmony_ci 2562306a36Sopenharmony_ci#include <asm/unaligned.h> 2662306a36Sopenharmony_ci 2762306a36Sopenharmony_ci/* 2862306a36Sopenharmony_ci * Some filesystems were never converted to '->iterate_shared()' 2962306a36Sopenharmony_ci * and their directory iterators want the inode lock held for 3062306a36Sopenharmony_ci * writing. This wrapper allows for converting from the shared 3162306a36Sopenharmony_ci * semantics to the exclusive inode use. 3262306a36Sopenharmony_ci */ 3362306a36Sopenharmony_ciint wrap_directory_iterator(struct file *file, 3462306a36Sopenharmony_ci struct dir_context *ctx, 3562306a36Sopenharmony_ci int (*iter)(struct file *, struct dir_context *)) 3662306a36Sopenharmony_ci{ 3762306a36Sopenharmony_ci struct inode *inode = file_inode(file); 3862306a36Sopenharmony_ci int ret; 3962306a36Sopenharmony_ci 4062306a36Sopenharmony_ci /* 4162306a36Sopenharmony_ci * We'd love to have an 'inode_upgrade_trylock()' operation, 4262306a36Sopenharmony_ci * see the comment in mmap_upgrade_trylock() in mm/memory.c. 4362306a36Sopenharmony_ci * 4462306a36Sopenharmony_ci * But considering this is for "filesystems that never got 4562306a36Sopenharmony_ci * converted", it really doesn't matter. 4662306a36Sopenharmony_ci * 4762306a36Sopenharmony_ci * Also note that since we have to return with the lock held 4862306a36Sopenharmony_ci * for reading, we can't use the "killable()" locking here, 4962306a36Sopenharmony_ci * since we do need to get the lock even if we're dying. 5062306a36Sopenharmony_ci * 5162306a36Sopenharmony_ci * We could do the write part killably and then get the read 5262306a36Sopenharmony_ci * lock unconditionally if it mattered, but see above on why 5362306a36Sopenharmony_ci * this does the very simplistic conversion. 5462306a36Sopenharmony_ci */ 5562306a36Sopenharmony_ci up_read(&inode->i_rwsem); 5662306a36Sopenharmony_ci down_write(&inode->i_rwsem); 5762306a36Sopenharmony_ci 5862306a36Sopenharmony_ci /* 5962306a36Sopenharmony_ci * Since we dropped the inode lock, we should do the 6062306a36Sopenharmony_ci * DEADDIR test again. See 'iterate_dir()' below. 6162306a36Sopenharmony_ci * 6262306a36Sopenharmony_ci * Note that we don't need to re-do the f_pos games, 6362306a36Sopenharmony_ci * since the file must be locked wrt f_pos anyway. 6462306a36Sopenharmony_ci */ 6562306a36Sopenharmony_ci ret = -ENOENT; 6662306a36Sopenharmony_ci if (!IS_DEADDIR(inode)) 6762306a36Sopenharmony_ci ret = iter(file, ctx); 6862306a36Sopenharmony_ci 6962306a36Sopenharmony_ci downgrade_write(&inode->i_rwsem); 7062306a36Sopenharmony_ci return ret; 7162306a36Sopenharmony_ci} 7262306a36Sopenharmony_ciEXPORT_SYMBOL(wrap_directory_iterator); 7362306a36Sopenharmony_ci 7462306a36Sopenharmony_ci/* 7562306a36Sopenharmony_ci * Note the "unsafe_put_user() semantics: we goto a 7662306a36Sopenharmony_ci * label for errors. 7762306a36Sopenharmony_ci */ 7862306a36Sopenharmony_ci#define unsafe_copy_dirent_name(_dst, _src, _len, label) do { \ 7962306a36Sopenharmony_ci char __user *dst = (_dst); \ 8062306a36Sopenharmony_ci const char *src = (_src); \ 8162306a36Sopenharmony_ci size_t len = (_len); \ 8262306a36Sopenharmony_ci unsafe_put_user(0, dst+len, label); \ 8362306a36Sopenharmony_ci unsafe_copy_to_user(dst, src, len, label); \ 8462306a36Sopenharmony_ci} while (0) 8562306a36Sopenharmony_ci 8662306a36Sopenharmony_ci 8762306a36Sopenharmony_ciint iterate_dir(struct file *file, struct dir_context *ctx) 8862306a36Sopenharmony_ci{ 8962306a36Sopenharmony_ci struct inode *inode = file_inode(file); 9062306a36Sopenharmony_ci int res = -ENOTDIR; 9162306a36Sopenharmony_ci 9262306a36Sopenharmony_ci if (!file->f_op->iterate_shared) 9362306a36Sopenharmony_ci goto out; 9462306a36Sopenharmony_ci 9562306a36Sopenharmony_ci res = security_file_permission(file, MAY_READ); 9662306a36Sopenharmony_ci if (res) 9762306a36Sopenharmony_ci goto out; 9862306a36Sopenharmony_ci 9962306a36Sopenharmony_ci res = down_read_killable(&inode->i_rwsem); 10062306a36Sopenharmony_ci if (res) 10162306a36Sopenharmony_ci goto out; 10262306a36Sopenharmony_ci 10362306a36Sopenharmony_ci res = -ENOENT; 10462306a36Sopenharmony_ci if (!IS_DEADDIR(inode)) { 10562306a36Sopenharmony_ci ctx->pos = file->f_pos; 10662306a36Sopenharmony_ci res = file->f_op->iterate_shared(file, ctx); 10762306a36Sopenharmony_ci file->f_pos = ctx->pos; 10862306a36Sopenharmony_ci fsnotify_access(file); 10962306a36Sopenharmony_ci file_accessed(file); 11062306a36Sopenharmony_ci } 11162306a36Sopenharmony_ci inode_unlock_shared(inode); 11262306a36Sopenharmony_ciout: 11362306a36Sopenharmony_ci return res; 11462306a36Sopenharmony_ci} 11562306a36Sopenharmony_ciEXPORT_SYMBOL(iterate_dir); 11662306a36Sopenharmony_ci 11762306a36Sopenharmony_ci/* 11862306a36Sopenharmony_ci * POSIX says that a dirent name cannot contain NULL or a '/'. 11962306a36Sopenharmony_ci * 12062306a36Sopenharmony_ci * It's not 100% clear what we should really do in this case. 12162306a36Sopenharmony_ci * The filesystem is clearly corrupted, but returning a hard 12262306a36Sopenharmony_ci * error means that you now don't see any of the other names 12362306a36Sopenharmony_ci * either, so that isn't a perfect alternative. 12462306a36Sopenharmony_ci * 12562306a36Sopenharmony_ci * And if you return an error, what error do you use? Several 12662306a36Sopenharmony_ci * filesystems seem to have decided on EUCLEAN being the error 12762306a36Sopenharmony_ci * code for EFSCORRUPTED, and that may be the error to use. Or 12862306a36Sopenharmony_ci * just EIO, which is perhaps more obvious to users. 12962306a36Sopenharmony_ci * 13062306a36Sopenharmony_ci * In order to see the other file names in the directory, the 13162306a36Sopenharmony_ci * caller might want to make this a "soft" error: skip the 13262306a36Sopenharmony_ci * entry, and return the error at the end instead. 13362306a36Sopenharmony_ci * 13462306a36Sopenharmony_ci * Note that this should likely do a "memchr(name, 0, len)" 13562306a36Sopenharmony_ci * check too, since that would be filesystem corruption as 13662306a36Sopenharmony_ci * well. However, that case can't actually confuse user space, 13762306a36Sopenharmony_ci * which has to do a strlen() on the name anyway to find the 13862306a36Sopenharmony_ci * filename length, and the above "soft error" worry means 13962306a36Sopenharmony_ci * that it's probably better left alone until we have that 14062306a36Sopenharmony_ci * issue clarified. 14162306a36Sopenharmony_ci * 14262306a36Sopenharmony_ci * Note the PATH_MAX check - it's arbitrary but the real 14362306a36Sopenharmony_ci * kernel limit on a possible path component, not NAME_MAX, 14462306a36Sopenharmony_ci * which is the technical standard limit. 14562306a36Sopenharmony_ci */ 14662306a36Sopenharmony_cistatic int verify_dirent_name(const char *name, int len) 14762306a36Sopenharmony_ci{ 14862306a36Sopenharmony_ci if (len <= 0 || len >= PATH_MAX) 14962306a36Sopenharmony_ci return -EIO; 15062306a36Sopenharmony_ci if (memchr(name, '/', len)) 15162306a36Sopenharmony_ci return -EIO; 15262306a36Sopenharmony_ci return 0; 15362306a36Sopenharmony_ci} 15462306a36Sopenharmony_ci 15562306a36Sopenharmony_ci/* 15662306a36Sopenharmony_ci * Traditional linux readdir() handling.. 15762306a36Sopenharmony_ci * 15862306a36Sopenharmony_ci * "count=1" is a special case, meaning that the buffer is one 15962306a36Sopenharmony_ci * dirent-structure in size and that the code can't handle more 16062306a36Sopenharmony_ci * anyway. Thus the special "fillonedir()" function for that 16162306a36Sopenharmony_ci * case (the low-level handlers don't need to care about this). 16262306a36Sopenharmony_ci */ 16362306a36Sopenharmony_ci 16462306a36Sopenharmony_ci#ifdef __ARCH_WANT_OLD_READDIR 16562306a36Sopenharmony_ci 16662306a36Sopenharmony_cistruct old_linux_dirent { 16762306a36Sopenharmony_ci unsigned long d_ino; 16862306a36Sopenharmony_ci unsigned long d_offset; 16962306a36Sopenharmony_ci unsigned short d_namlen; 17062306a36Sopenharmony_ci char d_name[]; 17162306a36Sopenharmony_ci}; 17262306a36Sopenharmony_ci 17362306a36Sopenharmony_cistruct readdir_callback { 17462306a36Sopenharmony_ci struct dir_context ctx; 17562306a36Sopenharmony_ci struct old_linux_dirent __user * dirent; 17662306a36Sopenharmony_ci int result; 17762306a36Sopenharmony_ci}; 17862306a36Sopenharmony_ci 17962306a36Sopenharmony_cistatic bool fillonedir(struct dir_context *ctx, const char *name, int namlen, 18062306a36Sopenharmony_ci loff_t offset, u64 ino, unsigned int d_type) 18162306a36Sopenharmony_ci{ 18262306a36Sopenharmony_ci struct readdir_callback *buf = 18362306a36Sopenharmony_ci container_of(ctx, struct readdir_callback, ctx); 18462306a36Sopenharmony_ci struct old_linux_dirent __user * dirent; 18562306a36Sopenharmony_ci unsigned long d_ino; 18662306a36Sopenharmony_ci 18762306a36Sopenharmony_ci if (buf->result) 18862306a36Sopenharmony_ci return false; 18962306a36Sopenharmony_ci buf->result = verify_dirent_name(name, namlen); 19062306a36Sopenharmony_ci if (buf->result) 19162306a36Sopenharmony_ci return false; 19262306a36Sopenharmony_ci d_ino = ino; 19362306a36Sopenharmony_ci if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) { 19462306a36Sopenharmony_ci buf->result = -EOVERFLOW; 19562306a36Sopenharmony_ci return false; 19662306a36Sopenharmony_ci } 19762306a36Sopenharmony_ci buf->result++; 19862306a36Sopenharmony_ci dirent = buf->dirent; 19962306a36Sopenharmony_ci if (!user_write_access_begin(dirent, 20062306a36Sopenharmony_ci (unsigned long)(dirent->d_name + namlen + 1) - 20162306a36Sopenharmony_ci (unsigned long)dirent)) 20262306a36Sopenharmony_ci goto efault; 20362306a36Sopenharmony_ci unsafe_put_user(d_ino, &dirent->d_ino, efault_end); 20462306a36Sopenharmony_ci unsafe_put_user(offset, &dirent->d_offset, efault_end); 20562306a36Sopenharmony_ci unsafe_put_user(namlen, &dirent->d_namlen, efault_end); 20662306a36Sopenharmony_ci unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); 20762306a36Sopenharmony_ci user_write_access_end(); 20862306a36Sopenharmony_ci return true; 20962306a36Sopenharmony_ciefault_end: 21062306a36Sopenharmony_ci user_write_access_end(); 21162306a36Sopenharmony_ciefault: 21262306a36Sopenharmony_ci buf->result = -EFAULT; 21362306a36Sopenharmony_ci return false; 21462306a36Sopenharmony_ci} 21562306a36Sopenharmony_ci 21662306a36Sopenharmony_ciSYSCALL_DEFINE3(old_readdir, unsigned int, fd, 21762306a36Sopenharmony_ci struct old_linux_dirent __user *, dirent, unsigned int, count) 21862306a36Sopenharmony_ci{ 21962306a36Sopenharmony_ci int error; 22062306a36Sopenharmony_ci struct fd f = fdget_pos(fd); 22162306a36Sopenharmony_ci struct readdir_callback buf = { 22262306a36Sopenharmony_ci .ctx.actor = fillonedir, 22362306a36Sopenharmony_ci .dirent = dirent 22462306a36Sopenharmony_ci }; 22562306a36Sopenharmony_ci 22662306a36Sopenharmony_ci if (!f.file) 22762306a36Sopenharmony_ci return -EBADF; 22862306a36Sopenharmony_ci 22962306a36Sopenharmony_ci error = iterate_dir(f.file, &buf.ctx); 23062306a36Sopenharmony_ci if (buf.result) 23162306a36Sopenharmony_ci error = buf.result; 23262306a36Sopenharmony_ci 23362306a36Sopenharmony_ci fdput_pos(f); 23462306a36Sopenharmony_ci return error; 23562306a36Sopenharmony_ci} 23662306a36Sopenharmony_ci 23762306a36Sopenharmony_ci#endif /* __ARCH_WANT_OLD_READDIR */ 23862306a36Sopenharmony_ci 23962306a36Sopenharmony_ci/* 24062306a36Sopenharmony_ci * New, all-improved, singing, dancing, iBCS2-compliant getdents() 24162306a36Sopenharmony_ci * interface. 24262306a36Sopenharmony_ci */ 24362306a36Sopenharmony_cistruct linux_dirent { 24462306a36Sopenharmony_ci unsigned long d_ino; 24562306a36Sopenharmony_ci unsigned long d_off; 24662306a36Sopenharmony_ci unsigned short d_reclen; 24762306a36Sopenharmony_ci char d_name[]; 24862306a36Sopenharmony_ci}; 24962306a36Sopenharmony_ci 25062306a36Sopenharmony_cistruct getdents_callback { 25162306a36Sopenharmony_ci struct dir_context ctx; 25262306a36Sopenharmony_ci struct linux_dirent __user * current_dir; 25362306a36Sopenharmony_ci int prev_reclen; 25462306a36Sopenharmony_ci int count; 25562306a36Sopenharmony_ci int error; 25662306a36Sopenharmony_ci}; 25762306a36Sopenharmony_ci 25862306a36Sopenharmony_cistatic bool filldir(struct dir_context *ctx, const char *name, int namlen, 25962306a36Sopenharmony_ci loff_t offset, u64 ino, unsigned int d_type) 26062306a36Sopenharmony_ci{ 26162306a36Sopenharmony_ci struct linux_dirent __user *dirent, *prev; 26262306a36Sopenharmony_ci struct getdents_callback *buf = 26362306a36Sopenharmony_ci container_of(ctx, struct getdents_callback, ctx); 26462306a36Sopenharmony_ci unsigned long d_ino; 26562306a36Sopenharmony_ci int reclen = ALIGN(offsetof(struct linux_dirent, d_name) + namlen + 2, 26662306a36Sopenharmony_ci sizeof(long)); 26762306a36Sopenharmony_ci int prev_reclen; 26862306a36Sopenharmony_ci 26962306a36Sopenharmony_ci buf->error = verify_dirent_name(name, namlen); 27062306a36Sopenharmony_ci if (unlikely(buf->error)) 27162306a36Sopenharmony_ci return false; 27262306a36Sopenharmony_ci buf->error = -EINVAL; /* only used if we fail.. */ 27362306a36Sopenharmony_ci if (reclen > buf->count) 27462306a36Sopenharmony_ci return false; 27562306a36Sopenharmony_ci d_ino = ino; 27662306a36Sopenharmony_ci if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) { 27762306a36Sopenharmony_ci buf->error = -EOVERFLOW; 27862306a36Sopenharmony_ci return false; 27962306a36Sopenharmony_ci } 28062306a36Sopenharmony_ci prev_reclen = buf->prev_reclen; 28162306a36Sopenharmony_ci if (prev_reclen && signal_pending(current)) 28262306a36Sopenharmony_ci return false; 28362306a36Sopenharmony_ci dirent = buf->current_dir; 28462306a36Sopenharmony_ci prev = (void __user *) dirent - prev_reclen; 28562306a36Sopenharmony_ci if (!user_write_access_begin(prev, reclen + prev_reclen)) 28662306a36Sopenharmony_ci goto efault; 28762306a36Sopenharmony_ci 28862306a36Sopenharmony_ci /* This might be 'dirent->d_off', but if so it will get overwritten */ 28962306a36Sopenharmony_ci unsafe_put_user(offset, &prev->d_off, efault_end); 29062306a36Sopenharmony_ci unsafe_put_user(d_ino, &dirent->d_ino, efault_end); 29162306a36Sopenharmony_ci unsafe_put_user(reclen, &dirent->d_reclen, efault_end); 29262306a36Sopenharmony_ci unsafe_put_user(d_type, (char __user *) dirent + reclen - 1, efault_end); 29362306a36Sopenharmony_ci unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); 29462306a36Sopenharmony_ci user_write_access_end(); 29562306a36Sopenharmony_ci 29662306a36Sopenharmony_ci buf->current_dir = (void __user *)dirent + reclen; 29762306a36Sopenharmony_ci buf->prev_reclen = reclen; 29862306a36Sopenharmony_ci buf->count -= reclen; 29962306a36Sopenharmony_ci return true; 30062306a36Sopenharmony_ciefault_end: 30162306a36Sopenharmony_ci user_write_access_end(); 30262306a36Sopenharmony_ciefault: 30362306a36Sopenharmony_ci buf->error = -EFAULT; 30462306a36Sopenharmony_ci return false; 30562306a36Sopenharmony_ci} 30662306a36Sopenharmony_ci 30762306a36Sopenharmony_ciSYSCALL_DEFINE3(getdents, unsigned int, fd, 30862306a36Sopenharmony_ci struct linux_dirent __user *, dirent, unsigned int, count) 30962306a36Sopenharmony_ci{ 31062306a36Sopenharmony_ci struct fd f; 31162306a36Sopenharmony_ci struct getdents_callback buf = { 31262306a36Sopenharmony_ci .ctx.actor = filldir, 31362306a36Sopenharmony_ci .count = count, 31462306a36Sopenharmony_ci .current_dir = dirent 31562306a36Sopenharmony_ci }; 31662306a36Sopenharmony_ci int error; 31762306a36Sopenharmony_ci 31862306a36Sopenharmony_ci f = fdget_pos(fd); 31962306a36Sopenharmony_ci if (!f.file) 32062306a36Sopenharmony_ci return -EBADF; 32162306a36Sopenharmony_ci 32262306a36Sopenharmony_ci error = iterate_dir(f.file, &buf.ctx); 32362306a36Sopenharmony_ci if (error >= 0) 32462306a36Sopenharmony_ci error = buf.error; 32562306a36Sopenharmony_ci if (buf.prev_reclen) { 32662306a36Sopenharmony_ci struct linux_dirent __user * lastdirent; 32762306a36Sopenharmony_ci lastdirent = (void __user *)buf.current_dir - buf.prev_reclen; 32862306a36Sopenharmony_ci 32962306a36Sopenharmony_ci if (put_user(buf.ctx.pos, &lastdirent->d_off)) 33062306a36Sopenharmony_ci error = -EFAULT; 33162306a36Sopenharmony_ci else 33262306a36Sopenharmony_ci error = count - buf.count; 33362306a36Sopenharmony_ci } 33462306a36Sopenharmony_ci fdput_pos(f); 33562306a36Sopenharmony_ci return error; 33662306a36Sopenharmony_ci} 33762306a36Sopenharmony_ci 33862306a36Sopenharmony_cistruct getdents_callback64 { 33962306a36Sopenharmony_ci struct dir_context ctx; 34062306a36Sopenharmony_ci struct linux_dirent64 __user * current_dir; 34162306a36Sopenharmony_ci int prev_reclen; 34262306a36Sopenharmony_ci int count; 34362306a36Sopenharmony_ci int error; 34462306a36Sopenharmony_ci}; 34562306a36Sopenharmony_ci 34662306a36Sopenharmony_cistatic bool filldir64(struct dir_context *ctx, const char *name, int namlen, 34762306a36Sopenharmony_ci loff_t offset, u64 ino, unsigned int d_type) 34862306a36Sopenharmony_ci{ 34962306a36Sopenharmony_ci struct linux_dirent64 __user *dirent, *prev; 35062306a36Sopenharmony_ci struct getdents_callback64 *buf = 35162306a36Sopenharmony_ci container_of(ctx, struct getdents_callback64, ctx); 35262306a36Sopenharmony_ci int reclen = ALIGN(offsetof(struct linux_dirent64, d_name) + namlen + 1, 35362306a36Sopenharmony_ci sizeof(u64)); 35462306a36Sopenharmony_ci int prev_reclen; 35562306a36Sopenharmony_ci 35662306a36Sopenharmony_ci buf->error = verify_dirent_name(name, namlen); 35762306a36Sopenharmony_ci if (unlikely(buf->error)) 35862306a36Sopenharmony_ci return false; 35962306a36Sopenharmony_ci buf->error = -EINVAL; /* only used if we fail.. */ 36062306a36Sopenharmony_ci if (reclen > buf->count) 36162306a36Sopenharmony_ci return false; 36262306a36Sopenharmony_ci prev_reclen = buf->prev_reclen; 36362306a36Sopenharmony_ci if (prev_reclen && signal_pending(current)) 36462306a36Sopenharmony_ci return false; 36562306a36Sopenharmony_ci dirent = buf->current_dir; 36662306a36Sopenharmony_ci prev = (void __user *)dirent - prev_reclen; 36762306a36Sopenharmony_ci if (!user_write_access_begin(prev, reclen + prev_reclen)) 36862306a36Sopenharmony_ci goto efault; 36962306a36Sopenharmony_ci 37062306a36Sopenharmony_ci /* This might be 'dirent->d_off', but if so it will get overwritten */ 37162306a36Sopenharmony_ci unsafe_put_user(offset, &prev->d_off, efault_end); 37262306a36Sopenharmony_ci unsafe_put_user(ino, &dirent->d_ino, efault_end); 37362306a36Sopenharmony_ci unsafe_put_user(reclen, &dirent->d_reclen, efault_end); 37462306a36Sopenharmony_ci unsafe_put_user(d_type, &dirent->d_type, efault_end); 37562306a36Sopenharmony_ci unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); 37662306a36Sopenharmony_ci user_write_access_end(); 37762306a36Sopenharmony_ci 37862306a36Sopenharmony_ci buf->prev_reclen = reclen; 37962306a36Sopenharmony_ci buf->current_dir = (void __user *)dirent + reclen; 38062306a36Sopenharmony_ci buf->count -= reclen; 38162306a36Sopenharmony_ci return true; 38262306a36Sopenharmony_ci 38362306a36Sopenharmony_ciefault_end: 38462306a36Sopenharmony_ci user_write_access_end(); 38562306a36Sopenharmony_ciefault: 38662306a36Sopenharmony_ci buf->error = -EFAULT; 38762306a36Sopenharmony_ci return false; 38862306a36Sopenharmony_ci} 38962306a36Sopenharmony_ci 39062306a36Sopenharmony_ciSYSCALL_DEFINE3(getdents64, unsigned int, fd, 39162306a36Sopenharmony_ci struct linux_dirent64 __user *, dirent, unsigned int, count) 39262306a36Sopenharmony_ci{ 39362306a36Sopenharmony_ci struct fd f; 39462306a36Sopenharmony_ci struct getdents_callback64 buf = { 39562306a36Sopenharmony_ci .ctx.actor = filldir64, 39662306a36Sopenharmony_ci .count = count, 39762306a36Sopenharmony_ci .current_dir = dirent 39862306a36Sopenharmony_ci }; 39962306a36Sopenharmony_ci int error; 40062306a36Sopenharmony_ci 40162306a36Sopenharmony_ci f = fdget_pos(fd); 40262306a36Sopenharmony_ci if (!f.file) 40362306a36Sopenharmony_ci return -EBADF; 40462306a36Sopenharmony_ci 40562306a36Sopenharmony_ci error = iterate_dir(f.file, &buf.ctx); 40662306a36Sopenharmony_ci if (error >= 0) 40762306a36Sopenharmony_ci error = buf.error; 40862306a36Sopenharmony_ci if (buf.prev_reclen) { 40962306a36Sopenharmony_ci struct linux_dirent64 __user * lastdirent; 41062306a36Sopenharmony_ci typeof(lastdirent->d_off) d_off = buf.ctx.pos; 41162306a36Sopenharmony_ci 41262306a36Sopenharmony_ci lastdirent = (void __user *) buf.current_dir - buf.prev_reclen; 41362306a36Sopenharmony_ci if (put_user(d_off, &lastdirent->d_off)) 41462306a36Sopenharmony_ci error = -EFAULT; 41562306a36Sopenharmony_ci else 41662306a36Sopenharmony_ci error = count - buf.count; 41762306a36Sopenharmony_ci } 41862306a36Sopenharmony_ci fdput_pos(f); 41962306a36Sopenharmony_ci return error; 42062306a36Sopenharmony_ci} 42162306a36Sopenharmony_ci 42262306a36Sopenharmony_ci#ifdef CONFIG_COMPAT 42362306a36Sopenharmony_cistruct compat_old_linux_dirent { 42462306a36Sopenharmony_ci compat_ulong_t d_ino; 42562306a36Sopenharmony_ci compat_ulong_t d_offset; 42662306a36Sopenharmony_ci unsigned short d_namlen; 42762306a36Sopenharmony_ci char d_name[]; 42862306a36Sopenharmony_ci}; 42962306a36Sopenharmony_ci 43062306a36Sopenharmony_cistruct compat_readdir_callback { 43162306a36Sopenharmony_ci struct dir_context ctx; 43262306a36Sopenharmony_ci struct compat_old_linux_dirent __user *dirent; 43362306a36Sopenharmony_ci int result; 43462306a36Sopenharmony_ci}; 43562306a36Sopenharmony_ci 43662306a36Sopenharmony_cistatic bool compat_fillonedir(struct dir_context *ctx, const char *name, 43762306a36Sopenharmony_ci int namlen, loff_t offset, u64 ino, 43862306a36Sopenharmony_ci unsigned int d_type) 43962306a36Sopenharmony_ci{ 44062306a36Sopenharmony_ci struct compat_readdir_callback *buf = 44162306a36Sopenharmony_ci container_of(ctx, struct compat_readdir_callback, ctx); 44262306a36Sopenharmony_ci struct compat_old_linux_dirent __user *dirent; 44362306a36Sopenharmony_ci compat_ulong_t d_ino; 44462306a36Sopenharmony_ci 44562306a36Sopenharmony_ci if (buf->result) 44662306a36Sopenharmony_ci return false; 44762306a36Sopenharmony_ci buf->result = verify_dirent_name(name, namlen); 44862306a36Sopenharmony_ci if (buf->result) 44962306a36Sopenharmony_ci return false; 45062306a36Sopenharmony_ci d_ino = ino; 45162306a36Sopenharmony_ci if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) { 45262306a36Sopenharmony_ci buf->result = -EOVERFLOW; 45362306a36Sopenharmony_ci return false; 45462306a36Sopenharmony_ci } 45562306a36Sopenharmony_ci buf->result++; 45662306a36Sopenharmony_ci dirent = buf->dirent; 45762306a36Sopenharmony_ci if (!user_write_access_begin(dirent, 45862306a36Sopenharmony_ci (unsigned long)(dirent->d_name + namlen + 1) - 45962306a36Sopenharmony_ci (unsigned long)dirent)) 46062306a36Sopenharmony_ci goto efault; 46162306a36Sopenharmony_ci unsafe_put_user(d_ino, &dirent->d_ino, efault_end); 46262306a36Sopenharmony_ci unsafe_put_user(offset, &dirent->d_offset, efault_end); 46362306a36Sopenharmony_ci unsafe_put_user(namlen, &dirent->d_namlen, efault_end); 46462306a36Sopenharmony_ci unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); 46562306a36Sopenharmony_ci user_write_access_end(); 46662306a36Sopenharmony_ci return true; 46762306a36Sopenharmony_ciefault_end: 46862306a36Sopenharmony_ci user_write_access_end(); 46962306a36Sopenharmony_ciefault: 47062306a36Sopenharmony_ci buf->result = -EFAULT; 47162306a36Sopenharmony_ci return false; 47262306a36Sopenharmony_ci} 47362306a36Sopenharmony_ci 47462306a36Sopenharmony_ciCOMPAT_SYSCALL_DEFINE3(old_readdir, unsigned int, fd, 47562306a36Sopenharmony_ci struct compat_old_linux_dirent __user *, dirent, unsigned int, count) 47662306a36Sopenharmony_ci{ 47762306a36Sopenharmony_ci int error; 47862306a36Sopenharmony_ci struct fd f = fdget_pos(fd); 47962306a36Sopenharmony_ci struct compat_readdir_callback buf = { 48062306a36Sopenharmony_ci .ctx.actor = compat_fillonedir, 48162306a36Sopenharmony_ci .dirent = dirent 48262306a36Sopenharmony_ci }; 48362306a36Sopenharmony_ci 48462306a36Sopenharmony_ci if (!f.file) 48562306a36Sopenharmony_ci return -EBADF; 48662306a36Sopenharmony_ci 48762306a36Sopenharmony_ci error = iterate_dir(f.file, &buf.ctx); 48862306a36Sopenharmony_ci if (buf.result) 48962306a36Sopenharmony_ci error = buf.result; 49062306a36Sopenharmony_ci 49162306a36Sopenharmony_ci fdput_pos(f); 49262306a36Sopenharmony_ci return error; 49362306a36Sopenharmony_ci} 49462306a36Sopenharmony_ci 49562306a36Sopenharmony_cistruct compat_linux_dirent { 49662306a36Sopenharmony_ci compat_ulong_t d_ino; 49762306a36Sopenharmony_ci compat_ulong_t d_off; 49862306a36Sopenharmony_ci unsigned short d_reclen; 49962306a36Sopenharmony_ci char d_name[]; 50062306a36Sopenharmony_ci}; 50162306a36Sopenharmony_ci 50262306a36Sopenharmony_cistruct compat_getdents_callback { 50362306a36Sopenharmony_ci struct dir_context ctx; 50462306a36Sopenharmony_ci struct compat_linux_dirent __user *current_dir; 50562306a36Sopenharmony_ci int prev_reclen; 50662306a36Sopenharmony_ci int count; 50762306a36Sopenharmony_ci int error; 50862306a36Sopenharmony_ci}; 50962306a36Sopenharmony_ci 51062306a36Sopenharmony_cistatic bool compat_filldir(struct dir_context *ctx, const char *name, int namlen, 51162306a36Sopenharmony_ci loff_t offset, u64 ino, unsigned int d_type) 51262306a36Sopenharmony_ci{ 51362306a36Sopenharmony_ci struct compat_linux_dirent __user *dirent, *prev; 51462306a36Sopenharmony_ci struct compat_getdents_callback *buf = 51562306a36Sopenharmony_ci container_of(ctx, struct compat_getdents_callback, ctx); 51662306a36Sopenharmony_ci compat_ulong_t d_ino; 51762306a36Sopenharmony_ci int reclen = ALIGN(offsetof(struct compat_linux_dirent, d_name) + 51862306a36Sopenharmony_ci namlen + 2, sizeof(compat_long_t)); 51962306a36Sopenharmony_ci int prev_reclen; 52062306a36Sopenharmony_ci 52162306a36Sopenharmony_ci buf->error = verify_dirent_name(name, namlen); 52262306a36Sopenharmony_ci if (unlikely(buf->error)) 52362306a36Sopenharmony_ci return false; 52462306a36Sopenharmony_ci buf->error = -EINVAL; /* only used if we fail.. */ 52562306a36Sopenharmony_ci if (reclen > buf->count) 52662306a36Sopenharmony_ci return false; 52762306a36Sopenharmony_ci d_ino = ino; 52862306a36Sopenharmony_ci if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) { 52962306a36Sopenharmony_ci buf->error = -EOVERFLOW; 53062306a36Sopenharmony_ci return false; 53162306a36Sopenharmony_ci } 53262306a36Sopenharmony_ci prev_reclen = buf->prev_reclen; 53362306a36Sopenharmony_ci if (prev_reclen && signal_pending(current)) 53462306a36Sopenharmony_ci return false; 53562306a36Sopenharmony_ci dirent = buf->current_dir; 53662306a36Sopenharmony_ci prev = (void __user *) dirent - prev_reclen; 53762306a36Sopenharmony_ci if (!user_write_access_begin(prev, reclen + prev_reclen)) 53862306a36Sopenharmony_ci goto efault; 53962306a36Sopenharmony_ci 54062306a36Sopenharmony_ci unsafe_put_user(offset, &prev->d_off, efault_end); 54162306a36Sopenharmony_ci unsafe_put_user(d_ino, &dirent->d_ino, efault_end); 54262306a36Sopenharmony_ci unsafe_put_user(reclen, &dirent->d_reclen, efault_end); 54362306a36Sopenharmony_ci unsafe_put_user(d_type, (char __user *) dirent + reclen - 1, efault_end); 54462306a36Sopenharmony_ci unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); 54562306a36Sopenharmony_ci user_write_access_end(); 54662306a36Sopenharmony_ci 54762306a36Sopenharmony_ci buf->prev_reclen = reclen; 54862306a36Sopenharmony_ci buf->current_dir = (void __user *)dirent + reclen; 54962306a36Sopenharmony_ci buf->count -= reclen; 55062306a36Sopenharmony_ci return true; 55162306a36Sopenharmony_ciefault_end: 55262306a36Sopenharmony_ci user_write_access_end(); 55362306a36Sopenharmony_ciefault: 55462306a36Sopenharmony_ci buf->error = -EFAULT; 55562306a36Sopenharmony_ci return false; 55662306a36Sopenharmony_ci} 55762306a36Sopenharmony_ci 55862306a36Sopenharmony_ciCOMPAT_SYSCALL_DEFINE3(getdents, unsigned int, fd, 55962306a36Sopenharmony_ci struct compat_linux_dirent __user *, dirent, unsigned int, count) 56062306a36Sopenharmony_ci{ 56162306a36Sopenharmony_ci struct fd f; 56262306a36Sopenharmony_ci struct compat_getdents_callback buf = { 56362306a36Sopenharmony_ci .ctx.actor = compat_filldir, 56462306a36Sopenharmony_ci .current_dir = dirent, 56562306a36Sopenharmony_ci .count = count 56662306a36Sopenharmony_ci }; 56762306a36Sopenharmony_ci int error; 56862306a36Sopenharmony_ci 56962306a36Sopenharmony_ci f = fdget_pos(fd); 57062306a36Sopenharmony_ci if (!f.file) 57162306a36Sopenharmony_ci return -EBADF; 57262306a36Sopenharmony_ci 57362306a36Sopenharmony_ci error = iterate_dir(f.file, &buf.ctx); 57462306a36Sopenharmony_ci if (error >= 0) 57562306a36Sopenharmony_ci error = buf.error; 57662306a36Sopenharmony_ci if (buf.prev_reclen) { 57762306a36Sopenharmony_ci struct compat_linux_dirent __user * lastdirent; 57862306a36Sopenharmony_ci lastdirent = (void __user *)buf.current_dir - buf.prev_reclen; 57962306a36Sopenharmony_ci 58062306a36Sopenharmony_ci if (put_user(buf.ctx.pos, &lastdirent->d_off)) 58162306a36Sopenharmony_ci error = -EFAULT; 58262306a36Sopenharmony_ci else 58362306a36Sopenharmony_ci error = count - buf.count; 58462306a36Sopenharmony_ci } 58562306a36Sopenharmony_ci fdput_pos(f); 58662306a36Sopenharmony_ci return error; 58762306a36Sopenharmony_ci} 58862306a36Sopenharmony_ci#endif 589