xref: /openbmc/linux/fs/d_path.c (revision 9e255e2b)
1  /* SPDX-License-Identifier: GPL-2.0 */
2  #include <linux/syscalls.h>
3  #include <linux/export.h>
4  #include <linux/uaccess.h>
5  #include <linux/fs_struct.h>
6  #include <linux/fs.h>
7  #include <linux/slab.h>
8  #include <linux/prefetch.h>
9  #include "mount.h"
10  
11  static int prepend(char **buffer, int *buflen, const char *str, int namelen)
12  {
13  	*buflen -= namelen;
14  	if (*buflen < 0)
15  		return -ENAMETOOLONG;
16  	*buffer -= namelen;
17  	memcpy(*buffer, str, namelen);
18  	return 0;
19  }
20  
21  /**
22   * prepend_name - prepend a pathname in front of current buffer pointer
23   * @buffer: buffer pointer
24   * @buflen: allocated length of the buffer
25   * @name:   name string and length qstr structure
26   *
27   * With RCU path tracing, it may race with d_move(). Use READ_ONCE() to
28   * make sure that either the old or the new name pointer and length are
29   * fetched. However, there may be mismatch between length and pointer.
30   * The length cannot be trusted, we need to copy it byte-by-byte until
31   * the length is reached or a null byte is found. It also prepends "/" at
32   * the beginning of the name. The sequence number check at the caller will
33   * retry it again when a d_move() does happen. So any garbage in the buffer
34   * due to mismatched pointer and length will be discarded.
35   *
36   * Load acquire is needed to make sure that we see that terminating NUL.
37   */
38  static int prepend_name(char **buffer, int *buflen, const struct qstr *name)
39  {
40  	const char *dname = smp_load_acquire(&name->name); /* ^^^ */
41  	u32 dlen = READ_ONCE(name->len);
42  	char *p;
43  
44  	*buflen -= dlen + 1;
45  	if (*buflen < 0)
46  		return -ENAMETOOLONG;
47  	p = *buffer -= dlen + 1;
48  	*p++ = '/';
49  	while (dlen--) {
50  		char c = *dname++;
51  		if (!c)
52  			break;
53  		*p++ = c;
54  	}
55  	return 0;
56  }
57  
58  /**
59   * prepend_path - Prepend path string to a buffer
60   * @path: the dentry/vfsmount to report
61   * @root: root vfsmnt/dentry
62   * @buffer: pointer to the end of the buffer
63   * @buflen: pointer to buffer length
64   *
65   * The function will first try to write out the pathname without taking any
66   * lock other than the RCU read lock to make sure that dentries won't go away.
67   * It only checks the sequence number of the global rename_lock as any change
68   * in the dentry's d_seq will be preceded by changes in the rename_lock
69   * sequence number. If the sequence number had been changed, it will restart
70   * the whole pathname back-tracing sequence again by taking the rename_lock.
71   * In this case, there is no need to take the RCU read lock as the recursive
72   * parent pointer references will keep the dentry chain alive as long as no
73   * rename operation is performed.
74   */
75  static int prepend_path(const struct path *path,
76  			const struct path *root,
77  			char **buffer, int *buflen)
78  {
79  	struct dentry *dentry;
80  	struct vfsmount *vfsmnt;
81  	struct mount *mnt;
82  	int error = 0;
83  	unsigned seq, m_seq = 0;
84  	char *bptr;
85  	int blen;
86  
87  	rcu_read_lock();
88  restart_mnt:
89  	read_seqbegin_or_lock(&mount_lock, &m_seq);
90  	seq = 0;
91  	rcu_read_lock();
92  restart:
93  	bptr = *buffer;
94  	blen = *buflen;
95  	error = 0;
96  	dentry = path->dentry;
97  	vfsmnt = path->mnt;
98  	mnt = real_mount(vfsmnt);
99  	read_seqbegin_or_lock(&rename_lock, &seq);
100  	while (dentry != root->dentry || vfsmnt != root->mnt) {
101  		struct dentry * parent;
102  
103  		if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
104  			struct mount *parent = READ_ONCE(mnt->mnt_parent);
105  			struct mnt_namespace *mnt_ns;
106  
107  			/* Escaped? */
108  			if (dentry != vfsmnt->mnt_root) {
109  				bptr = *buffer;
110  				blen = *buflen;
111  				error = 3;
112  				break;
113  			}
114  			/* Global root? */
115  			if (mnt != parent) {
116  				dentry = READ_ONCE(mnt->mnt_mountpoint);
117  				mnt = parent;
118  				vfsmnt = &mnt->mnt;
119  				continue;
120  			}
121  			mnt_ns = READ_ONCE(mnt->mnt_ns);
122  			/* open-coded is_mounted() to use local mnt_ns */
123  			if (!IS_ERR_OR_NULL(mnt_ns) && !is_anon_ns(mnt_ns))
124  				error = 1;	// absolute root
125  			else
126  				error = 2;	// detached or not attached yet
127  			break;
128  		}
129  		parent = dentry->d_parent;
130  		prefetch(parent);
131  		error = prepend_name(&bptr, &blen, &dentry->d_name);
132  		if (error)
133  			break;
134  
135  		dentry = parent;
136  	}
137  	if (!(seq & 1))
138  		rcu_read_unlock();
139  	if (need_seqretry(&rename_lock, seq)) {
140  		seq = 1;
141  		goto restart;
142  	}
143  	done_seqretry(&rename_lock, seq);
144  
145  	if (!(m_seq & 1))
146  		rcu_read_unlock();
147  	if (need_seqretry(&mount_lock, m_seq)) {
148  		m_seq = 1;
149  		goto restart_mnt;
150  	}
151  	done_seqretry(&mount_lock, m_seq);
152  
153  	if (error >= 0 && bptr == *buffer) {
154  		if (--blen < 0)
155  			error = -ENAMETOOLONG;
156  		else
157  			*--bptr = '/';
158  	}
159  	*buffer = bptr;
160  	*buflen = blen;
161  	return error;
162  }
163  
164  /**
165   * __d_path - return the path of a dentry
166   * @path: the dentry/vfsmount to report
167   * @root: root vfsmnt/dentry
168   * @buf: buffer to return value in
169   * @buflen: buffer length
170   *
171   * Convert a dentry into an ASCII path name.
172   *
173   * Returns a pointer into the buffer or an error code if the
174   * path was too long.
175   *
176   * "buflen" should be positive.
177   *
178   * If the path is not reachable from the supplied root, return %NULL.
179   */
180  char *__d_path(const struct path *path,
181  	       const struct path *root,
182  	       char *buf, int buflen)
183  {
184  	char *res = buf + buflen;
185  	int error;
186  
187  	prepend(&res, &buflen, "\0", 1);
188  	error = prepend_path(path, root, &res, &buflen);
189  
190  	if (error < 0)
191  		return ERR_PTR(error);
192  	if (error > 0)
193  		return NULL;
194  	return res;
195  }
196  
197  char *d_absolute_path(const struct path *path,
198  	       char *buf, int buflen)
199  {
200  	struct path root = {};
201  	char *res = buf + buflen;
202  	int error;
203  
204  	prepend(&res, &buflen, "\0", 1);
205  	error = prepend_path(path, &root, &res, &buflen);
206  
207  	if (error > 1)
208  		error = -EINVAL;
209  	if (error < 0)
210  		return ERR_PTR(error);
211  	return res;
212  }
213  
214  /*
215   * same as __d_path but appends "(deleted)" for unlinked files.
216   */
217  static int path_with_deleted(const struct path *path,
218  			     const struct path *root,
219  			     char **buf, int *buflen)
220  {
221  	prepend(buf, buflen, "\0", 1);
222  	if (d_unlinked(path->dentry)) {
223  		int error = prepend(buf, buflen, " (deleted)", 10);
224  		if (error)
225  			return error;
226  	}
227  
228  	return prepend_path(path, root, buf, buflen);
229  }
230  
231  static int prepend_unreachable(char **buffer, int *buflen)
232  {
233  	return prepend(buffer, buflen, "(unreachable)", 13);
234  }
235  
236  static void get_fs_root_rcu(struct fs_struct *fs, struct path *root)
237  {
238  	unsigned seq;
239  
240  	do {
241  		seq = read_seqcount_begin(&fs->seq);
242  		*root = fs->root;
243  	} while (read_seqcount_retry(&fs->seq, seq));
244  }
245  
246  /**
247   * d_path - return the path of a dentry
248   * @path: path to report
249   * @buf: buffer to return value in
250   * @buflen: buffer length
251   *
252   * Convert a dentry into an ASCII path name. If the entry has been deleted
253   * the string " (deleted)" is appended. Note that this is ambiguous.
254   *
255   * Returns a pointer into the buffer or an error code if the path was
256   * too long. Note: Callers should use the returned pointer, not the passed
257   * in buffer, to use the name! The implementation often starts at an offset
258   * into the buffer, and may leave 0 bytes at the start.
259   *
260   * "buflen" should be positive.
261   */
262  char *d_path(const struct path *path, char *buf, int buflen)
263  {
264  	char *res = buf + buflen;
265  	struct path root;
266  	int error;
267  
268  	/*
269  	 * We have various synthetic filesystems that never get mounted.  On
270  	 * these filesystems dentries are never used for lookup purposes, and
271  	 * thus don't need to be hashed.  They also don't need a name until a
272  	 * user wants to identify the object in /proc/pid/fd/.  The little hack
273  	 * below allows us to generate a name for these objects on demand:
274  	 *
275  	 * Some pseudo inodes are mountable.  When they are mounted
276  	 * path->dentry == path->mnt->mnt_root.  In that case don't call d_dname
277  	 * and instead have d_path return the mounted path.
278  	 */
279  	if (path->dentry->d_op && path->dentry->d_op->d_dname &&
280  	    (!IS_ROOT(path->dentry) || path->dentry != path->mnt->mnt_root))
281  		return path->dentry->d_op->d_dname(path->dentry, buf, buflen);
282  
283  	rcu_read_lock();
284  	get_fs_root_rcu(current->fs, &root);
285  	error = path_with_deleted(path, &root, &res, &buflen);
286  	rcu_read_unlock();
287  
288  	if (error < 0)
289  		res = ERR_PTR(error);
290  	return res;
291  }
292  EXPORT_SYMBOL(d_path);
293  
294  /*
295   * Helper function for dentry_operations.d_dname() members
296   */
297  char *dynamic_dname(struct dentry *dentry, char *buffer, int buflen,
298  			const char *fmt, ...)
299  {
300  	va_list args;
301  	char temp[64];
302  	int sz;
303  
304  	va_start(args, fmt);
305  	sz = vsnprintf(temp, sizeof(temp), fmt, args) + 1;
306  	va_end(args);
307  
308  	if (sz > sizeof(temp) || sz > buflen)
309  		return ERR_PTR(-ENAMETOOLONG);
310  
311  	buffer += buflen - sz;
312  	return memcpy(buffer, temp, sz);
313  }
314  
315  char *simple_dname(struct dentry *dentry, char *buffer, int buflen)
316  {
317  	char *end = buffer + buflen;
318  	/* these dentries are never renamed, so d_lock is not needed */
319  	if (prepend(&end, &buflen, " (deleted)", 11) ||
320  	    prepend(&end, &buflen, dentry->d_name.name, dentry->d_name.len) ||
321  	    prepend(&end, &buflen, "/", 1))
322  		end = ERR_PTR(-ENAMETOOLONG);
323  	return end;
324  }
325  
326  /*
327   * Write full pathname from the root of the filesystem into the buffer.
328   */
329  static char *__dentry_path(const struct dentry *d, char *buf, int buflen)
330  {
331  	const struct dentry *dentry;
332  	char *end, *retval;
333  	int len, seq = 0;
334  	int error = 0;
335  
336  	if (buflen < 2)
337  		goto Elong;
338  
339  	rcu_read_lock();
340  restart:
341  	dentry = d;
342  	end = buf + buflen;
343  	len = buflen;
344  	prepend(&end, &len, "\0", 1);
345  	/* Get '/' right */
346  	retval = end-1;
347  	*retval = '/';
348  	read_seqbegin_or_lock(&rename_lock, &seq);
349  	while (!IS_ROOT(dentry)) {
350  		const struct dentry *parent = dentry->d_parent;
351  
352  		prefetch(parent);
353  		error = prepend_name(&end, &len, &dentry->d_name);
354  		if (error)
355  			break;
356  
357  		retval = end;
358  		dentry = parent;
359  	}
360  	if (!(seq & 1))
361  		rcu_read_unlock();
362  	if (need_seqretry(&rename_lock, seq)) {
363  		seq = 1;
364  		goto restart;
365  	}
366  	done_seqretry(&rename_lock, seq);
367  	if (error)
368  		goto Elong;
369  	return retval;
370  Elong:
371  	return ERR_PTR(-ENAMETOOLONG);
372  }
373  
374  char *dentry_path_raw(const struct dentry *dentry, char *buf, int buflen)
375  {
376  	return __dentry_path(dentry, buf, buflen);
377  }
378  EXPORT_SYMBOL(dentry_path_raw);
379  
380  char *dentry_path(const struct dentry *dentry, char *buf, int buflen)
381  {
382  	char *p = NULL;
383  	char *retval;
384  
385  	if (d_unlinked(dentry)) {
386  		p = buf + buflen;
387  		if (prepend(&p, &buflen, "//deleted", 10) != 0)
388  			goto Elong;
389  		buflen++;
390  	}
391  	retval = __dentry_path(dentry, buf, buflen);
392  	if (!IS_ERR(retval) && p)
393  		*p = '/';	/* restore '/' overriden with '\0' */
394  	return retval;
395  Elong:
396  	return ERR_PTR(-ENAMETOOLONG);
397  }
398  
399  static void get_fs_root_and_pwd_rcu(struct fs_struct *fs, struct path *root,
400  				    struct path *pwd)
401  {
402  	unsigned seq;
403  
404  	do {
405  		seq = read_seqcount_begin(&fs->seq);
406  		*root = fs->root;
407  		*pwd = fs->pwd;
408  	} while (read_seqcount_retry(&fs->seq, seq));
409  }
410  
411  /*
412   * NOTE! The user-level library version returns a
413   * character pointer. The kernel system call just
414   * returns the length of the buffer filled (which
415   * includes the ending '\0' character), or a negative
416   * error value. So libc would do something like
417   *
418   *	char *getcwd(char * buf, size_t size)
419   *	{
420   *		int retval;
421   *
422   *		retval = sys_getcwd(buf, size);
423   *		if (retval >= 0)
424   *			return buf;
425   *		errno = -retval;
426   *		return NULL;
427   *	}
428   */
429  SYSCALL_DEFINE2(getcwd, char __user *, buf, unsigned long, size)
430  {
431  	int error;
432  	struct path pwd, root;
433  	char *page = __getname();
434  
435  	if (!page)
436  		return -ENOMEM;
437  
438  	rcu_read_lock();
439  	get_fs_root_and_pwd_rcu(current->fs, &root, &pwd);
440  
441  	error = -ENOENT;
442  	if (!d_unlinked(pwd.dentry)) {
443  		unsigned long len;
444  		char *cwd = page + PATH_MAX;
445  		int buflen = PATH_MAX;
446  
447  		prepend(&cwd, &buflen, "\0", 1);
448  		error = prepend_path(&pwd, &root, &cwd, &buflen);
449  		rcu_read_unlock();
450  
451  		if (error < 0)
452  			goto out;
453  
454  		/* Unreachable from current root */
455  		if (error > 0) {
456  			error = prepend_unreachable(&cwd, &buflen);
457  			if (error)
458  				goto out;
459  		}
460  
461  		error = -ERANGE;
462  		len = PATH_MAX + page - cwd;
463  		if (len <= size) {
464  			error = len;
465  			if (copy_to_user(buf, cwd, len))
466  				error = -EFAULT;
467  		}
468  	} else {
469  		rcu_read_unlock();
470  	}
471  
472  out:
473  	__putname(page);
474  	return error;
475  }
476