1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #include <linux/syscalls.h> 3 #include <linux/export.h> 4 #include <linux/uaccess.h> 5 #include <linux/fs_struct.h> 6 #include <linux/fs.h> 7 #include <linux/slab.h> 8 #include <linux/prefetch.h> 9 #include "mount.h" 10 11 struct prepend_buffer { 12 char *buf; 13 int len; 14 }; 15 #define DECLARE_BUFFER(__name, __buf, __len) \ 16 struct prepend_buffer __name = {.buf = __buf + __len, .len = __len} 17 18 static char *extract_string(struct prepend_buffer *p) 19 { 20 if (likely(p->len >= 0)) 21 return p->buf; 22 return ERR_PTR(-ENAMETOOLONG); 23 } 24 25 static bool prepend_char(struct prepend_buffer *p, unsigned char c) 26 { 27 if (likely(p->len > 0)) { 28 p->len--; 29 *--p->buf = c; 30 return true; 31 } 32 p->len = -1; 33 return false; 34 } 35 36 /* 37 * The source of the prepend data can be an optimistoc load 38 * of a dentry name and length. And because we don't hold any 39 * locks, the length and the pointer to the name may not be 40 * in sync if a concurrent rename happens, and the kernel 41 * copy might fault as a result. 42 * 43 * The end result will correct itself when we check the 44 * rename sequence count, but we need to be able to handle 45 * the fault gracefully. 46 */ 47 static bool prepend_copy(void *dst, const void *src, int len) 48 { 49 if (unlikely(copy_from_kernel_nofault(dst, src, len))) { 50 memset(dst, 'x', len); 51 return false; 52 } 53 return true; 54 } 55 56 static bool prepend(struct prepend_buffer *p, const char *str, int namelen) 57 { 58 // Already overflowed? 59 if (p->len < 0) 60 return false; 61 62 // Will overflow? 63 if (p->len < namelen) { 64 // Fill as much as possible from the end of the name 65 str += namelen - p->len; 66 p->buf -= p->len; 67 prepend_copy(p->buf, str, p->len); 68 p->len = -1; 69 return false; 70 } 71 72 // Fits fully 73 p->len -= namelen; 74 p->buf -= namelen; 75 return prepend_copy(p->buf, str, namelen); 76 } 77 78 /** 79 * prepend_name - prepend a pathname in front of current buffer pointer 80 * @buffer: buffer pointer 81 * @buflen: allocated length of the buffer 82 * @name: name string and length qstr structure 83 * 84 * With RCU path tracing, it may race with d_move(). Use READ_ONCE() to 85 * make sure that either the old or the new name pointer and length are 86 * fetched. However, there may be mismatch between length and pointer. 87 * But since the length cannot be trusted, we need to copy the name very 88 * carefully when doing the prepend_copy(). It also prepends "/" at 89 * the beginning of the name. The sequence number check at the caller will 90 * retry it again when a d_move() does happen. So any garbage in the buffer 91 * due to mismatched pointer and length will be discarded. 92 * 93 * Load acquire is needed to make sure that we see the new name data even 94 * if we might get the length wrong. 95 */ 96 static bool prepend_name(struct prepend_buffer *p, const struct qstr *name) 97 { 98 const char *dname = smp_load_acquire(&name->name); /* ^^^ */ 99 u32 dlen = READ_ONCE(name->len); 100 101 return prepend(p, dname, dlen) && prepend_char(p, '/'); 102 } 103 104 static int __prepend_path(const struct dentry *dentry, const struct mount *mnt, 105 const struct path *root, struct prepend_buffer *p) 106 { 107 while (dentry != root->dentry || &mnt->mnt != root->mnt) { 108 const struct dentry *parent = READ_ONCE(dentry->d_parent); 109 110 if (dentry == mnt->mnt.mnt_root) { 111 struct mount *m = READ_ONCE(mnt->mnt_parent); 112 struct mnt_namespace *mnt_ns; 113 114 if (likely(mnt != m)) { 115 dentry = READ_ONCE(mnt->mnt_mountpoint); 116 mnt = m; 117 continue; 118 } 119 /* Global root */ 120 mnt_ns = READ_ONCE(mnt->mnt_ns); 121 /* open-coded is_mounted() to use local mnt_ns */ 122 if (!IS_ERR_OR_NULL(mnt_ns) && !is_anon_ns(mnt_ns)) 123 return 1; // absolute root 124 else 125 return 2; // detached or not attached yet 126 } 127 128 if (unlikely(dentry == parent)) 129 /* Escaped? */ 130 return 3; 131 132 prefetch(parent); 133 if (!prepend_name(p, &dentry->d_name)) 134 break; 135 dentry = parent; 136 } 137 return 0; 138 } 139 140 /** 141 * prepend_path - Prepend path string to a buffer 142 * @path: the dentry/vfsmount to report 143 * @root: root vfsmnt/dentry 144 * @buffer: pointer to the end of the buffer 145 * @buflen: pointer to buffer length 146 * 147 * The function will first try to write out the pathname without taking any 148 * lock other than the RCU read lock to make sure that dentries won't go away. 149 * It only checks the sequence number of the global rename_lock as any change 150 * in the dentry's d_seq will be preceded by changes in the rename_lock 151 * sequence number. If the sequence number had been changed, it will restart 152 * the whole pathname back-tracing sequence again by taking the rename_lock. 153 * In this case, there is no need to take the RCU read lock as the recursive 154 * parent pointer references will keep the dentry chain alive as long as no 155 * rename operation is performed. 156 */ 157 static int prepend_path(const struct path *path, 158 const struct path *root, 159 struct prepend_buffer *p) 160 { 161 unsigned seq, m_seq = 0; 162 struct prepend_buffer b; 163 int error; 164 165 rcu_read_lock(); 166 restart_mnt: 167 read_seqbegin_or_lock(&mount_lock, &m_seq); 168 seq = 0; 169 rcu_read_lock(); 170 restart: 171 b = *p; 172 read_seqbegin_or_lock(&rename_lock, &seq); 173 error = __prepend_path(path->dentry, real_mount(path->mnt), root, &b); 174 if (!(seq & 1)) 175 rcu_read_unlock(); 176 if (need_seqretry(&rename_lock, seq)) { 177 seq = 1; 178 goto restart; 179 } 180 done_seqretry(&rename_lock, seq); 181 182 if (!(m_seq & 1)) 183 rcu_read_unlock(); 184 if (need_seqretry(&mount_lock, m_seq)) { 185 m_seq = 1; 186 goto restart_mnt; 187 } 188 done_seqretry(&mount_lock, m_seq); 189 190 if (unlikely(error == 3)) 191 b = *p; 192 193 if (b.len == p->len) 194 prepend_char(&b, '/'); 195 196 *p = b; 197 return error; 198 } 199 200 /** 201 * __d_path - return the path of a dentry 202 * @path: the dentry/vfsmount to report 203 * @root: root vfsmnt/dentry 204 * @buf: buffer to return value in 205 * @buflen: buffer length 206 * 207 * Convert a dentry into an ASCII path name. 208 * 209 * Returns a pointer into the buffer or an error code if the 210 * path was too long. 211 * 212 * "buflen" should be positive. 213 * 214 * If the path is not reachable from the supplied root, return %NULL. 215 */ 216 char *__d_path(const struct path *path, 217 const struct path *root, 218 char *buf, int buflen) 219 { 220 DECLARE_BUFFER(b, buf, buflen); 221 222 prepend_char(&b, 0); 223 if (unlikely(prepend_path(path, root, &b) > 0)) 224 return NULL; 225 return extract_string(&b); 226 } 227 228 char *d_absolute_path(const struct path *path, 229 char *buf, int buflen) 230 { 231 struct path root = {}; 232 DECLARE_BUFFER(b, buf, buflen); 233 234 prepend_char(&b, 0); 235 if (unlikely(prepend_path(path, &root, &b) > 1)) 236 return ERR_PTR(-EINVAL); 237 return extract_string(&b); 238 } 239 240 static void get_fs_root_rcu(struct fs_struct *fs, struct path *root) 241 { 242 unsigned seq; 243 244 do { 245 seq = read_seqcount_begin(&fs->seq); 246 *root = fs->root; 247 } while (read_seqcount_retry(&fs->seq, seq)); 248 } 249 250 /** 251 * d_path - return the path of a dentry 252 * @path: path to report 253 * @buf: buffer to return value in 254 * @buflen: buffer length 255 * 256 * Convert a dentry into an ASCII path name. If the entry has been deleted 257 * the string " (deleted)" is appended. Note that this is ambiguous. 258 * 259 * Returns a pointer into the buffer or an error code if the path was 260 * too long. Note: Callers should use the returned pointer, not the passed 261 * in buffer, to use the name! The implementation often starts at an offset 262 * into the buffer, and may leave 0 bytes at the start. 263 * 264 * "buflen" should be positive. 265 */ 266 char *d_path(const struct path *path, char *buf, int buflen) 267 { 268 DECLARE_BUFFER(b, buf, buflen); 269 struct path root; 270 271 /* 272 * We have various synthetic filesystems that never get mounted. On 273 * these filesystems dentries are never used for lookup purposes, and 274 * thus don't need to be hashed. They also don't need a name until a 275 * user wants to identify the object in /proc/pid/fd/. The little hack 276 * below allows us to generate a name for these objects on demand: 277 * 278 * Some pseudo inodes are mountable. When they are mounted 279 * path->dentry == path->mnt->mnt_root. In that case don't call d_dname 280 * and instead have d_path return the mounted path. 281 */ 282 if (path->dentry->d_op && path->dentry->d_op->d_dname && 283 (!IS_ROOT(path->dentry) || path->dentry != path->mnt->mnt_root)) 284 return path->dentry->d_op->d_dname(path->dentry, buf, buflen); 285 286 rcu_read_lock(); 287 get_fs_root_rcu(current->fs, &root); 288 if (unlikely(d_unlinked(path->dentry))) 289 prepend(&b, " (deleted)", 11); 290 else 291 prepend_char(&b, 0); 292 prepend_path(path, &root, &b); 293 rcu_read_unlock(); 294 295 return extract_string(&b); 296 } 297 EXPORT_SYMBOL(d_path); 298 299 /* 300 * Helper function for dentry_operations.d_dname() members 301 */ 302 char *dynamic_dname(struct dentry *dentry, char *buffer, int buflen, 303 const char *fmt, ...) 304 { 305 va_list args; 306 char temp[64]; 307 int sz; 308 309 va_start(args, fmt); 310 sz = vsnprintf(temp, sizeof(temp), fmt, args) + 1; 311 va_end(args); 312 313 if (sz > sizeof(temp) || sz > buflen) 314 return ERR_PTR(-ENAMETOOLONG); 315 316 buffer += buflen - sz; 317 return memcpy(buffer, temp, sz); 318 } 319 320 char *simple_dname(struct dentry *dentry, char *buffer, int buflen) 321 { 322 DECLARE_BUFFER(b, buffer, buflen); 323 /* these dentries are never renamed, so d_lock is not needed */ 324 prepend(&b, " (deleted)", 11); 325 prepend(&b, dentry->d_name.name, dentry->d_name.len); 326 prepend_char(&b, '/'); 327 return extract_string(&b); 328 } 329 330 /* 331 * Write full pathname from the root of the filesystem into the buffer. 332 */ 333 static char *__dentry_path(const struct dentry *d, struct prepend_buffer *p) 334 { 335 const struct dentry *dentry; 336 struct prepend_buffer b; 337 int seq = 0; 338 339 rcu_read_lock(); 340 restart: 341 dentry = d; 342 b = *p; 343 read_seqbegin_or_lock(&rename_lock, &seq); 344 while (!IS_ROOT(dentry)) { 345 const struct dentry *parent = dentry->d_parent; 346 347 prefetch(parent); 348 if (!prepend_name(&b, &dentry->d_name)) 349 break; 350 dentry = parent; 351 } 352 if (!(seq & 1)) 353 rcu_read_unlock(); 354 if (need_seqretry(&rename_lock, seq)) { 355 seq = 1; 356 goto restart; 357 } 358 done_seqretry(&rename_lock, seq); 359 if (b.len == p->len) 360 prepend_char(&b, '/'); 361 return extract_string(&b); 362 } 363 364 char *dentry_path_raw(const struct dentry *dentry, char *buf, int buflen) 365 { 366 DECLARE_BUFFER(b, buf, buflen); 367 368 prepend_char(&b, 0); 369 return __dentry_path(dentry, &b); 370 } 371 EXPORT_SYMBOL(dentry_path_raw); 372 373 char *dentry_path(const struct dentry *dentry, char *buf, int buflen) 374 { 375 DECLARE_BUFFER(b, buf, buflen); 376 377 if (unlikely(d_unlinked(dentry))) 378 prepend(&b, "//deleted", 10); 379 else 380 prepend_char(&b, 0); 381 return __dentry_path(dentry, &b); 382 } 383 384 static void get_fs_root_and_pwd_rcu(struct fs_struct *fs, struct path *root, 385 struct path *pwd) 386 { 387 unsigned seq; 388 389 do { 390 seq = read_seqcount_begin(&fs->seq); 391 *root = fs->root; 392 *pwd = fs->pwd; 393 } while (read_seqcount_retry(&fs->seq, seq)); 394 } 395 396 /* 397 * NOTE! The user-level library version returns a 398 * character pointer. The kernel system call just 399 * returns the length of the buffer filled (which 400 * includes the ending '\0' character), or a negative 401 * error value. So libc would do something like 402 * 403 * char *getcwd(char * buf, size_t size) 404 * { 405 * int retval; 406 * 407 * retval = sys_getcwd(buf, size); 408 * if (retval >= 0) 409 * return buf; 410 * errno = -retval; 411 * return NULL; 412 * } 413 */ 414 SYSCALL_DEFINE2(getcwd, char __user *, buf, unsigned long, size) 415 { 416 int error; 417 struct path pwd, root; 418 char *page = __getname(); 419 420 if (!page) 421 return -ENOMEM; 422 423 rcu_read_lock(); 424 get_fs_root_and_pwd_rcu(current->fs, &root, &pwd); 425 426 if (unlikely(d_unlinked(pwd.dentry))) { 427 rcu_read_unlock(); 428 error = -ENOENT; 429 } else { 430 unsigned len; 431 DECLARE_BUFFER(b, page, PATH_MAX); 432 433 prepend_char(&b, 0); 434 if (unlikely(prepend_path(&pwd, &root, &b) > 0)) 435 prepend(&b, "(unreachable)", 13); 436 rcu_read_unlock(); 437 438 len = PATH_MAX - b.len; 439 if (unlikely(len > PATH_MAX)) 440 error = -ENAMETOOLONG; 441 else if (unlikely(len > size)) 442 error = -ERANGE; 443 else if (copy_to_user(buf, b.buf, len)) 444 error = -EFAULT; 445 else 446 error = len; 447 } 448 __putname(page); 449 return error; 450 } 451