1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #include <linux/syscalls.h> 3 #include <linux/export.h> 4 #include <linux/uaccess.h> 5 #include <linux/fs_struct.h> 6 #include <linux/fs.h> 7 #include <linux/slab.h> 8 #include <linux/prefetch.h> 9 #include "mount.h" 10 11 struct prepend_buffer { 12 char *buf; 13 int len; 14 }; 15 #define DECLARE_BUFFER(__name, __buf, __len) \ 16 struct prepend_buffer __name = {.buf = __buf + __len, .len = __len} 17 18 static char *extract_string(struct prepend_buffer *p) 19 { 20 if (likely(p->len >= 0)) 21 return p->buf; 22 return ERR_PTR(-ENAMETOOLONG); 23 } 24 25 static void prepend(struct prepend_buffer *p, const char *str, int namelen) 26 { 27 p->len -= namelen; 28 if (likely(p->len >= 0)) { 29 p->buf -= namelen; 30 memcpy(p->buf, str, namelen); 31 } 32 } 33 34 /** 35 * prepend_name - prepend a pathname in front of current buffer pointer 36 * @buffer: buffer pointer 37 * @buflen: allocated length of the buffer 38 * @name: name string and length qstr structure 39 * 40 * With RCU path tracing, it may race with d_move(). Use READ_ONCE() to 41 * make sure that either the old or the new name pointer and length are 42 * fetched. However, there may be mismatch between length and pointer. 43 * The length cannot be trusted, we need to copy it byte-by-byte until 44 * the length is reached or a null byte is found. It also prepends "/" at 45 * the beginning of the name. The sequence number check at the caller will 46 * retry it again when a d_move() does happen. So any garbage in the buffer 47 * due to mismatched pointer and length will be discarded. 48 * 49 * Load acquire is needed to make sure that we see that terminating NUL. 50 */ 51 static bool prepend_name(struct prepend_buffer *p, const struct qstr *name) 52 { 53 const char *dname = smp_load_acquire(&name->name); /* ^^^ */ 54 u32 dlen = READ_ONCE(name->len); 55 char *s; 56 57 p->len -= dlen + 1; 58 if (unlikely(p->len < 0)) 59 return false; 60 s = p->buf -= dlen + 1; 61 *s++ = '/'; 62 while (dlen--) { 63 char c = *dname++; 64 if (!c) 65 break; 66 *s++ = c; 67 } 68 return true; 69 } 70 71 /** 72 * prepend_path - Prepend path string to a buffer 73 * @path: the dentry/vfsmount to report 74 * @root: root vfsmnt/dentry 75 * @buffer: pointer to the end of the buffer 76 * @buflen: pointer to buffer length 77 * 78 * The function will first try to write out the pathname without taking any 79 * lock other than the RCU read lock to make sure that dentries won't go away. 80 * It only checks the sequence number of the global rename_lock as any change 81 * in the dentry's d_seq will be preceded by changes in the rename_lock 82 * sequence number. If the sequence number had been changed, it will restart 83 * the whole pathname back-tracing sequence again by taking the rename_lock. 84 * In this case, there is no need to take the RCU read lock as the recursive 85 * parent pointer references will keep the dentry chain alive as long as no 86 * rename operation is performed. 87 */ 88 static int prepend_path(const struct path *path, 89 const struct path *root, 90 struct prepend_buffer *p) 91 { 92 struct dentry *dentry; 93 struct vfsmount *vfsmnt; 94 struct mount *mnt; 95 int error = 0; 96 unsigned seq, m_seq = 0; 97 struct prepend_buffer b; 98 99 rcu_read_lock(); 100 restart_mnt: 101 read_seqbegin_or_lock(&mount_lock, &m_seq); 102 seq = 0; 103 rcu_read_lock(); 104 restart: 105 b = *p; 106 error = 0; 107 dentry = path->dentry; 108 vfsmnt = path->mnt; 109 mnt = real_mount(vfsmnt); 110 read_seqbegin_or_lock(&rename_lock, &seq); 111 while (dentry != root->dentry || vfsmnt != root->mnt) { 112 struct dentry * parent; 113 114 if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) { 115 struct mount *parent = READ_ONCE(mnt->mnt_parent); 116 struct mnt_namespace *mnt_ns; 117 118 /* Escaped? */ 119 if (dentry != vfsmnt->mnt_root) { 120 b = *p; 121 error = 3; 122 break; 123 } 124 /* Global root? */ 125 if (mnt != parent) { 126 dentry = READ_ONCE(mnt->mnt_mountpoint); 127 mnt = parent; 128 vfsmnt = &mnt->mnt; 129 continue; 130 } 131 mnt_ns = READ_ONCE(mnt->mnt_ns); 132 /* open-coded is_mounted() to use local mnt_ns */ 133 if (!IS_ERR_OR_NULL(mnt_ns) && !is_anon_ns(mnt_ns)) 134 error = 1; // absolute root 135 else 136 error = 2; // detached or not attached yet 137 break; 138 } 139 parent = dentry->d_parent; 140 prefetch(parent); 141 if (!prepend_name(&b, &dentry->d_name)) 142 break; 143 144 dentry = parent; 145 } 146 if (!(seq & 1)) 147 rcu_read_unlock(); 148 if (need_seqretry(&rename_lock, seq)) { 149 seq = 1; 150 goto restart; 151 } 152 done_seqretry(&rename_lock, seq); 153 154 if (!(m_seq & 1)) 155 rcu_read_unlock(); 156 if (need_seqretry(&mount_lock, m_seq)) { 157 m_seq = 1; 158 goto restart_mnt; 159 } 160 done_seqretry(&mount_lock, m_seq); 161 162 if (b.len == p->len) 163 prepend(&b, "/", 1); 164 165 *p = b; 166 return error; 167 } 168 169 /** 170 * __d_path - return the path of a dentry 171 * @path: the dentry/vfsmount to report 172 * @root: root vfsmnt/dentry 173 * @buf: buffer to return value in 174 * @buflen: buffer length 175 * 176 * Convert a dentry into an ASCII path name. 177 * 178 * Returns a pointer into the buffer or an error code if the 179 * path was too long. 180 * 181 * "buflen" should be positive. 182 * 183 * If the path is not reachable from the supplied root, return %NULL. 184 */ 185 char *__d_path(const struct path *path, 186 const struct path *root, 187 char *buf, int buflen) 188 { 189 DECLARE_BUFFER(b, buf, buflen); 190 191 prepend(&b, "", 1); 192 if (prepend_path(path, root, &b) > 0) 193 return NULL; 194 return extract_string(&b); 195 } 196 197 char *d_absolute_path(const struct path *path, 198 char *buf, int buflen) 199 { 200 struct path root = {}; 201 DECLARE_BUFFER(b, buf, buflen); 202 203 prepend(&b, "", 1); 204 if (prepend_path(path, &root, &b) > 1) 205 return ERR_PTR(-EINVAL); 206 return extract_string(&b); 207 } 208 209 static void get_fs_root_rcu(struct fs_struct *fs, struct path *root) 210 { 211 unsigned seq; 212 213 do { 214 seq = read_seqcount_begin(&fs->seq); 215 *root = fs->root; 216 } while (read_seqcount_retry(&fs->seq, seq)); 217 } 218 219 /** 220 * d_path - return the path of a dentry 221 * @path: path to report 222 * @buf: buffer to return value in 223 * @buflen: buffer length 224 * 225 * Convert a dentry into an ASCII path name. If the entry has been deleted 226 * the string " (deleted)" is appended. Note that this is ambiguous. 227 * 228 * Returns a pointer into the buffer or an error code if the path was 229 * too long. Note: Callers should use the returned pointer, not the passed 230 * in buffer, to use the name! The implementation often starts at an offset 231 * into the buffer, and may leave 0 bytes at the start. 232 * 233 * "buflen" should be positive. 234 */ 235 char *d_path(const struct path *path, char *buf, int buflen) 236 { 237 DECLARE_BUFFER(b, buf, buflen); 238 struct path root; 239 240 /* 241 * We have various synthetic filesystems that never get mounted. On 242 * these filesystems dentries are never used for lookup purposes, and 243 * thus don't need to be hashed. They also don't need a name until a 244 * user wants to identify the object in /proc/pid/fd/. The little hack 245 * below allows us to generate a name for these objects on demand: 246 * 247 * Some pseudo inodes are mountable. When they are mounted 248 * path->dentry == path->mnt->mnt_root. In that case don't call d_dname 249 * and instead have d_path return the mounted path. 250 */ 251 if (path->dentry->d_op && path->dentry->d_op->d_dname && 252 (!IS_ROOT(path->dentry) || path->dentry != path->mnt->mnt_root)) 253 return path->dentry->d_op->d_dname(path->dentry, buf, buflen); 254 255 rcu_read_lock(); 256 get_fs_root_rcu(current->fs, &root); 257 if (unlikely(d_unlinked(path->dentry))) 258 prepend(&b, " (deleted)", 11); 259 else 260 prepend(&b, "", 1); 261 prepend_path(path, &root, &b); 262 rcu_read_unlock(); 263 264 return extract_string(&b); 265 } 266 EXPORT_SYMBOL(d_path); 267 268 /* 269 * Helper function for dentry_operations.d_dname() members 270 */ 271 char *dynamic_dname(struct dentry *dentry, char *buffer, int buflen, 272 const char *fmt, ...) 273 { 274 va_list args; 275 char temp[64]; 276 int sz; 277 278 va_start(args, fmt); 279 sz = vsnprintf(temp, sizeof(temp), fmt, args) + 1; 280 va_end(args); 281 282 if (sz > sizeof(temp) || sz > buflen) 283 return ERR_PTR(-ENAMETOOLONG); 284 285 buffer += buflen - sz; 286 return memcpy(buffer, temp, sz); 287 } 288 289 char *simple_dname(struct dentry *dentry, char *buffer, int buflen) 290 { 291 DECLARE_BUFFER(b, buffer, buflen); 292 /* these dentries are never renamed, so d_lock is not needed */ 293 prepend(&b, " (deleted)", 11); 294 prepend(&b, dentry->d_name.name, dentry->d_name.len); 295 prepend(&b, "/", 1); 296 return extract_string(&b); 297 } 298 299 /* 300 * Write full pathname from the root of the filesystem into the buffer. 301 */ 302 static char *__dentry_path(const struct dentry *d, struct prepend_buffer *p) 303 { 304 const struct dentry *dentry; 305 struct prepend_buffer b; 306 int seq = 0; 307 308 rcu_read_lock(); 309 restart: 310 dentry = d; 311 b = *p; 312 read_seqbegin_or_lock(&rename_lock, &seq); 313 while (!IS_ROOT(dentry)) { 314 const struct dentry *parent = dentry->d_parent; 315 316 prefetch(parent); 317 if (!prepend_name(&b, &dentry->d_name)) 318 break; 319 dentry = parent; 320 } 321 if (!(seq & 1)) 322 rcu_read_unlock(); 323 if (need_seqretry(&rename_lock, seq)) { 324 seq = 1; 325 goto restart; 326 } 327 done_seqretry(&rename_lock, seq); 328 if (b.len == p->len) 329 prepend(&b, "/", 1); 330 return extract_string(&b); 331 } 332 333 char *dentry_path_raw(const struct dentry *dentry, char *buf, int buflen) 334 { 335 DECLARE_BUFFER(b, buf, buflen); 336 337 prepend(&b, "", 1); 338 return __dentry_path(dentry, &b); 339 } 340 EXPORT_SYMBOL(dentry_path_raw); 341 342 char *dentry_path(const struct dentry *dentry, char *buf, int buflen) 343 { 344 DECLARE_BUFFER(b, buf, buflen); 345 346 if (unlikely(d_unlinked(dentry))) 347 prepend(&b, "//deleted", 10); 348 else 349 prepend(&b, "", 1); 350 return __dentry_path(dentry, &b); 351 } 352 353 static void get_fs_root_and_pwd_rcu(struct fs_struct *fs, struct path *root, 354 struct path *pwd) 355 { 356 unsigned seq; 357 358 do { 359 seq = read_seqcount_begin(&fs->seq); 360 *root = fs->root; 361 *pwd = fs->pwd; 362 } while (read_seqcount_retry(&fs->seq, seq)); 363 } 364 365 /* 366 * NOTE! The user-level library version returns a 367 * character pointer. The kernel system call just 368 * returns the length of the buffer filled (which 369 * includes the ending '\0' character), or a negative 370 * error value. So libc would do something like 371 * 372 * char *getcwd(char * buf, size_t size) 373 * { 374 * int retval; 375 * 376 * retval = sys_getcwd(buf, size); 377 * if (retval >= 0) 378 * return buf; 379 * errno = -retval; 380 * return NULL; 381 * } 382 */ 383 SYSCALL_DEFINE2(getcwd, char __user *, buf, unsigned long, size) 384 { 385 int error; 386 struct path pwd, root; 387 char *page = __getname(); 388 389 if (!page) 390 return -ENOMEM; 391 392 rcu_read_lock(); 393 get_fs_root_and_pwd_rcu(current->fs, &root, &pwd); 394 395 error = -ENOENT; 396 if (!d_unlinked(pwd.dentry)) { 397 unsigned long len; 398 DECLARE_BUFFER(b, page, PATH_MAX); 399 400 prepend(&b, "", 1); 401 if (prepend_path(&pwd, &root, &b) > 0) 402 prepend(&b, "(unreachable)", 13); 403 rcu_read_unlock(); 404 405 if (b.len < 0) { 406 error = -ENAMETOOLONG; 407 goto out; 408 } 409 410 error = -ERANGE; 411 len = PATH_MAX - b.len; 412 if (len <= size) { 413 error = len; 414 if (copy_to_user(buf, b.buf, len)) 415 error = -EFAULT; 416 } 417 } else { 418 rcu_read_unlock(); 419 } 420 421 out: 422 __putname(page); 423 return error; 424 } 425