1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #include <linux/syscalls.h> 3 #include <linux/export.h> 4 #include <linux/uaccess.h> 5 #include <linux/fs_struct.h> 6 #include <linux/fs.h> 7 #include <linux/slab.h> 8 #include <linux/prefetch.h> 9 #include "mount.h" 10 11 static int prepend(char **buffer, int *buflen, const char *str, int namelen) 12 { 13 *buflen -= namelen; 14 if (*buflen < 0) 15 return -ENAMETOOLONG; 16 *buffer -= namelen; 17 memcpy(*buffer, str, namelen); 18 return 0; 19 } 20 21 /** 22 * prepend_name - prepend a pathname in front of current buffer pointer 23 * @buffer: buffer pointer 24 * @buflen: allocated length of the buffer 25 * @name: name string and length qstr structure 26 * 27 * With RCU path tracing, it may race with d_move(). Use READ_ONCE() to 28 * make sure that either the old or the new name pointer and length are 29 * fetched. However, there may be mismatch between length and pointer. 30 * The length cannot be trusted, we need to copy it byte-by-byte until 31 * the length is reached or a null byte is found. It also prepends "/" at 32 * the beginning of the name. The sequence number check at the caller will 33 * retry it again when a d_move() does happen. So any garbage in the buffer 34 * due to mismatched pointer and length will be discarded. 35 * 36 * Load acquire is needed to make sure that we see that terminating NUL. 37 */ 38 static int prepend_name(char **buffer, int *buflen, const struct qstr *name) 39 { 40 const char *dname = smp_load_acquire(&name->name); /* ^^^ */ 41 u32 dlen = READ_ONCE(name->len); 42 char *p; 43 44 *buflen -= dlen + 1; 45 if (*buflen < 0) 46 return -ENAMETOOLONG; 47 p = *buffer -= dlen + 1; 48 *p++ = '/'; 49 while (dlen--) { 50 char c = *dname++; 51 if (!c) 52 break; 53 *p++ = c; 54 } 55 return 0; 56 } 57 58 /** 59 * prepend_path - Prepend path string to a buffer 60 * @path: the dentry/vfsmount to report 61 * @root: root vfsmnt/dentry 62 * @buffer: pointer to the end of the buffer 63 * @buflen: pointer to buffer length 64 * 65 * The function will first try to write out the pathname without taking any 66 * lock other than the RCU read lock to make sure that dentries won't go away. 67 * It only checks the sequence number of the global rename_lock as any change 68 * in the dentry's d_seq will be preceded by changes in the rename_lock 69 * sequence number. If the sequence number had been changed, it will restart 70 * the whole pathname back-tracing sequence again by taking the rename_lock. 71 * In this case, there is no need to take the RCU read lock as the recursive 72 * parent pointer references will keep the dentry chain alive as long as no 73 * rename operation is performed. 74 */ 75 static int prepend_path(const struct path *path, 76 const struct path *root, 77 char **buffer, int *buflen) 78 { 79 struct dentry *dentry; 80 struct vfsmount *vfsmnt; 81 struct mount *mnt; 82 int error = 0; 83 unsigned seq, m_seq = 0; 84 char *bptr; 85 int blen; 86 87 rcu_read_lock(); 88 restart_mnt: 89 read_seqbegin_or_lock(&mount_lock, &m_seq); 90 seq = 0; 91 rcu_read_lock(); 92 restart: 93 bptr = *buffer; 94 blen = *buflen; 95 error = 0; 96 dentry = path->dentry; 97 vfsmnt = path->mnt; 98 mnt = real_mount(vfsmnt); 99 read_seqbegin_or_lock(&rename_lock, &seq); 100 while (dentry != root->dentry || vfsmnt != root->mnt) { 101 struct dentry * parent; 102 103 if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) { 104 struct mount *parent = READ_ONCE(mnt->mnt_parent); 105 /* Escaped? */ 106 if (dentry != vfsmnt->mnt_root) { 107 bptr = *buffer; 108 blen = *buflen; 109 error = 3; 110 break; 111 } 112 /* Global root? */ 113 if (mnt != parent) { 114 dentry = READ_ONCE(mnt->mnt_mountpoint); 115 mnt = parent; 116 vfsmnt = &mnt->mnt; 117 continue; 118 } 119 if (!error) 120 error = is_mounted(vfsmnt) ? 1 : 2; 121 break; 122 } 123 parent = dentry->d_parent; 124 prefetch(parent); 125 error = prepend_name(&bptr, &blen, &dentry->d_name); 126 if (error) 127 break; 128 129 dentry = parent; 130 } 131 if (!(seq & 1)) 132 rcu_read_unlock(); 133 if (need_seqretry(&rename_lock, seq)) { 134 seq = 1; 135 goto restart; 136 } 137 done_seqretry(&rename_lock, seq); 138 139 if (!(m_seq & 1)) 140 rcu_read_unlock(); 141 if (need_seqretry(&mount_lock, m_seq)) { 142 m_seq = 1; 143 goto restart_mnt; 144 } 145 done_seqretry(&mount_lock, m_seq); 146 147 if (error >= 0 && bptr == *buffer) { 148 if (--blen < 0) 149 error = -ENAMETOOLONG; 150 else 151 *--bptr = '/'; 152 } 153 *buffer = bptr; 154 *buflen = blen; 155 return error; 156 } 157 158 /** 159 * __d_path - return the path of a dentry 160 * @path: the dentry/vfsmount to report 161 * @root: root vfsmnt/dentry 162 * @buf: buffer to return value in 163 * @buflen: buffer length 164 * 165 * Convert a dentry into an ASCII path name. 166 * 167 * Returns a pointer into the buffer or an error code if the 168 * path was too long. 169 * 170 * "buflen" should be positive. 171 * 172 * If the path is not reachable from the supplied root, return %NULL. 173 */ 174 char *__d_path(const struct path *path, 175 const struct path *root, 176 char *buf, int buflen) 177 { 178 char *res = buf + buflen; 179 int error; 180 181 prepend(&res, &buflen, "\0", 1); 182 error = prepend_path(path, root, &res, &buflen); 183 184 if (error < 0) 185 return ERR_PTR(error); 186 if (error > 0) 187 return NULL; 188 return res; 189 } 190 191 char *d_absolute_path(const struct path *path, 192 char *buf, int buflen) 193 { 194 struct path root = {}; 195 char *res = buf + buflen; 196 int error; 197 198 prepend(&res, &buflen, "\0", 1); 199 error = prepend_path(path, &root, &res, &buflen); 200 201 if (error > 1) 202 error = -EINVAL; 203 if (error < 0) 204 return ERR_PTR(error); 205 return res; 206 } 207 208 /* 209 * same as __d_path but appends "(deleted)" for unlinked files. 210 */ 211 static int path_with_deleted(const struct path *path, 212 const struct path *root, 213 char **buf, int *buflen) 214 { 215 prepend(buf, buflen, "\0", 1); 216 if (d_unlinked(path->dentry)) { 217 int error = prepend(buf, buflen, " (deleted)", 10); 218 if (error) 219 return error; 220 } 221 222 return prepend_path(path, root, buf, buflen); 223 } 224 225 static int prepend_unreachable(char **buffer, int *buflen) 226 { 227 return prepend(buffer, buflen, "(unreachable)", 13); 228 } 229 230 static void get_fs_root_rcu(struct fs_struct *fs, struct path *root) 231 { 232 unsigned seq; 233 234 do { 235 seq = read_seqcount_begin(&fs->seq); 236 *root = fs->root; 237 } while (read_seqcount_retry(&fs->seq, seq)); 238 } 239 240 /** 241 * d_path - return the path of a dentry 242 * @path: path to report 243 * @buf: buffer to return value in 244 * @buflen: buffer length 245 * 246 * Convert a dentry into an ASCII path name. If the entry has been deleted 247 * the string " (deleted)" is appended. Note that this is ambiguous. 248 * 249 * Returns a pointer into the buffer or an error code if the path was 250 * too long. Note: Callers should use the returned pointer, not the passed 251 * in buffer, to use the name! The implementation often starts at an offset 252 * into the buffer, and may leave 0 bytes at the start. 253 * 254 * "buflen" should be positive. 255 */ 256 char *d_path(const struct path *path, char *buf, int buflen) 257 { 258 char *res = buf + buflen; 259 struct path root; 260 int error; 261 262 /* 263 * We have various synthetic filesystems that never get mounted. On 264 * these filesystems dentries are never used for lookup purposes, and 265 * thus don't need to be hashed. They also don't need a name until a 266 * user wants to identify the object in /proc/pid/fd/. The little hack 267 * below allows us to generate a name for these objects on demand: 268 * 269 * Some pseudo inodes are mountable. When they are mounted 270 * path->dentry == path->mnt->mnt_root. In that case don't call d_dname 271 * and instead have d_path return the mounted path. 272 */ 273 if (path->dentry->d_op && path->dentry->d_op->d_dname && 274 (!IS_ROOT(path->dentry) || path->dentry != path->mnt->mnt_root)) 275 return path->dentry->d_op->d_dname(path->dentry, buf, buflen); 276 277 rcu_read_lock(); 278 get_fs_root_rcu(current->fs, &root); 279 error = path_with_deleted(path, &root, &res, &buflen); 280 rcu_read_unlock(); 281 282 if (error < 0) 283 res = ERR_PTR(error); 284 return res; 285 } 286 EXPORT_SYMBOL(d_path); 287 288 /* 289 * Helper function for dentry_operations.d_dname() members 290 */ 291 char *dynamic_dname(struct dentry *dentry, char *buffer, int buflen, 292 const char *fmt, ...) 293 { 294 va_list args; 295 char temp[64]; 296 int sz; 297 298 va_start(args, fmt); 299 sz = vsnprintf(temp, sizeof(temp), fmt, args) + 1; 300 va_end(args); 301 302 if (sz > sizeof(temp) || sz > buflen) 303 return ERR_PTR(-ENAMETOOLONG); 304 305 buffer += buflen - sz; 306 return memcpy(buffer, temp, sz); 307 } 308 309 char *simple_dname(struct dentry *dentry, char *buffer, int buflen) 310 { 311 char *end = buffer + buflen; 312 /* these dentries are never renamed, so d_lock is not needed */ 313 if (prepend(&end, &buflen, " (deleted)", 11) || 314 prepend(&end, &buflen, dentry->d_name.name, dentry->d_name.len) || 315 prepend(&end, &buflen, "/", 1)) 316 end = ERR_PTR(-ENAMETOOLONG); 317 return end; 318 } 319 320 /* 321 * Write full pathname from the root of the filesystem into the buffer. 322 */ 323 static char *__dentry_path(struct dentry *d, char *buf, int buflen) 324 { 325 struct dentry *dentry; 326 char *end, *retval; 327 int len, seq = 0; 328 int error = 0; 329 330 if (buflen < 2) 331 goto Elong; 332 333 rcu_read_lock(); 334 restart: 335 dentry = d; 336 end = buf + buflen; 337 len = buflen; 338 prepend(&end, &len, "\0", 1); 339 /* Get '/' right */ 340 retval = end-1; 341 *retval = '/'; 342 read_seqbegin_or_lock(&rename_lock, &seq); 343 while (!IS_ROOT(dentry)) { 344 struct dentry *parent = dentry->d_parent; 345 346 prefetch(parent); 347 error = prepend_name(&end, &len, &dentry->d_name); 348 if (error) 349 break; 350 351 retval = end; 352 dentry = parent; 353 } 354 if (!(seq & 1)) 355 rcu_read_unlock(); 356 if (need_seqretry(&rename_lock, seq)) { 357 seq = 1; 358 goto restart; 359 } 360 done_seqretry(&rename_lock, seq); 361 if (error) 362 goto Elong; 363 return retval; 364 Elong: 365 return ERR_PTR(-ENAMETOOLONG); 366 } 367 368 char *dentry_path_raw(struct dentry *dentry, char *buf, int buflen) 369 { 370 return __dentry_path(dentry, buf, buflen); 371 } 372 EXPORT_SYMBOL(dentry_path_raw); 373 374 char *dentry_path(struct dentry *dentry, char *buf, int buflen) 375 { 376 char *p = NULL; 377 char *retval; 378 379 if (d_unlinked(dentry)) { 380 p = buf + buflen; 381 if (prepend(&p, &buflen, "//deleted", 10) != 0) 382 goto Elong; 383 buflen++; 384 } 385 retval = __dentry_path(dentry, buf, buflen); 386 if (!IS_ERR(retval) && p) 387 *p = '/'; /* restore '/' overriden with '\0' */ 388 return retval; 389 Elong: 390 return ERR_PTR(-ENAMETOOLONG); 391 } 392 393 static void get_fs_root_and_pwd_rcu(struct fs_struct *fs, struct path *root, 394 struct path *pwd) 395 { 396 unsigned seq; 397 398 do { 399 seq = read_seqcount_begin(&fs->seq); 400 *root = fs->root; 401 *pwd = fs->pwd; 402 } while (read_seqcount_retry(&fs->seq, seq)); 403 } 404 405 /* 406 * NOTE! The user-level library version returns a 407 * character pointer. The kernel system call just 408 * returns the length of the buffer filled (which 409 * includes the ending '\0' character), or a negative 410 * error value. So libc would do something like 411 * 412 * char *getcwd(char * buf, size_t size) 413 * { 414 * int retval; 415 * 416 * retval = sys_getcwd(buf, size); 417 * if (retval >= 0) 418 * return buf; 419 * errno = -retval; 420 * return NULL; 421 * } 422 */ 423 SYSCALL_DEFINE2(getcwd, char __user *, buf, unsigned long, size) 424 { 425 int error; 426 struct path pwd, root; 427 char *page = __getname(); 428 429 if (!page) 430 return -ENOMEM; 431 432 rcu_read_lock(); 433 get_fs_root_and_pwd_rcu(current->fs, &root, &pwd); 434 435 error = -ENOENT; 436 if (!d_unlinked(pwd.dentry)) { 437 unsigned long len; 438 char *cwd = page + PATH_MAX; 439 int buflen = PATH_MAX; 440 441 prepend(&cwd, &buflen, "\0", 1); 442 error = prepend_path(&pwd, &root, &cwd, &buflen); 443 rcu_read_unlock(); 444 445 if (error < 0) 446 goto out; 447 448 /* Unreachable from current root */ 449 if (error > 0) { 450 error = prepend_unreachable(&cwd, &buflen); 451 if (error) 452 goto out; 453 } 454 455 error = -ERANGE; 456 len = PATH_MAX + page - cwd; 457 if (len <= size) { 458 error = len; 459 if (copy_to_user(buf, cwd, len)) 460 error = -EFAULT; 461 } 462 } else { 463 rcu_read_unlock(); 464 } 465 466 out: 467 __putname(page); 468 return error; 469 } 470